Skip to content

[AAASM-4122] 🔒 (install): Replace claimable .io install host with canonical agent-assembly.com#212

Merged
Chisanan232 merged 1 commit into
masterfrom
v0.0.1/AAASM-4122/install_hint_canonical_host
Jul 5, 2026
Merged

[AAASM-4122] 🔒 (install): Replace claimable .io install host with canonical agent-assembly.com#212
Chisanan232 merged 1 commit into
masterfrom
v0.0.1/AAASM-4122/install_hint_canonical_host

Conversation

@Chisanan232

Copy link
Copy Markdown
Contributor

Description

The Python SDK's runtime install hint fetched a shell script from get.agent-assembly.io and piped it straight into a shell. Both get.agent-assembly.io and the apex agent-assembly.io resolve to NXDOMAIN — the .io domain is unregistered and claimable. Any third party could register agent-assembly.io, host a malicious script at get., and gain arbitrary code execution on every user/CI that follows the hint (classic claimable-domain supply-chain footgun; no checksum or signature gate).

This PR repoints the hint at the canonical https://agent-assembly.com/install.sh, which is registered (Cloudflare) and whose installer SHA256-verifies release tarballs against SHA256SUMS. The brew-tap and pip install channels already listed in the hint (fixed under AAASM-4072) are unchanged and remain the preferred first options.

Two shipped modules emit this hint:

  • agent_assembly/runtime.py (INSTALL_HINT)
  • agent_assembly/_install.py (INSTALL_HINT)

Recommendation for the org: defensively register agent-assembly.io (and get.agent-assembly.io) to close the claimable-domain window permanently.

The examples repo carries the same stale hint and is fixed in a separate PR under this ticket (ai-agent-assembly/agent-assembly-examples).

Type of Change

  • 🔧 Bug fix

Breaking Changes

  • No

Related Issues

  • Related JIRA ticket: AAASM-4122

Testing

  • Manual testing performed
  • No tests required (explain why)

String-literal-only change to the printed install hint. Existing tests assert on the INSTALL_HINT symbol (not the literal URL) and continue to pass: pytest test/ -k "install or runtime" → 74 passed, 10 skipped. ruff check on the touched files is clean; ruff format --check reports already-formatted; pre-commit (ruff/black/isort/mypy) passed on the touched files. (Repo-wide ruff/mypy baseline noise from generated *_pb2.pyi stubs and the optional-unbuilt agent_assembly._core native module is pre-existing and unrelated.)

Checklist

  • Code follows project style guidelines
  • Self-review completed
  • Comments added for complex logic
  • Documentation updated if needed
  • All tests passing

…ll.sh

Same claimable-.io-host fix as runtime.py, for the _install.py fast-fail hint.

Refs AAASM-4122

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz
@codecov

codecov Bot commented Jul 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@sonarqubecloud

sonarqubecloud Bot commented Jul 4, 2026

Copy link
Copy Markdown

@Chisanan232

Copy link
Copy Markdown
Contributor Author

Senior review — APPROVE-READY (comment only, not an approval)

Verdict: LGTM. Clean, correctly-scoped fix for the HIGH claimable-domain RCE (AAASM-4122).

1. CI: Green — 19/19 checks pass. No failures to triage.

2. Scope vs ticket: Full coverage of the shipped-SDK portion of AAASM-4122. Both offending sites replaced:

  • agent_assembly/_install.py:35 and agent_assembly/runtime.py:42 now emit https://agent-assembly.com/install.sh | sh.
  • git grep confirms zero residual agent-assembly.io / get.agent-assembly anywhere in the repo.
  • The replacement points at the ticket's designated canonical host: agent-assembly.com/install.sh (Cloudflare-served, installer-drift-gated, SHA256SUMS-verified). Matches the ticket's prescribed fix.
  • The examples-repo edit (run-with-aasm.sh, README) is correctly tracked as its own separate PR per the ticket — out of scope here.

3. Side effects: None. Install-hint string constants only — no code path, control flow, or public API changed. _install.py (used for the not-installed error hint) and runtime.py both changed in lockstep, so the messaging stays consistent.

4. FE: N/A.

Local validation (worktree @ 4b19067): pre-commit gate green — isort / autoflake / black / mypy all Passed; ruff check on both changed files All checks passed.

Independence: touches only _install.py + runtime.py — disjoint from #213 (assembly.py / runtime_interceptor.py) and #214 (transport_security.py / release-python.yml). Independently mergeable.

Note the ticket's standing recommendation to defensively register agent-assembly.io at the org level — orthogonal to this code fix.

— Claude Code

@Chisanan232 Chisanan232 merged commit 83c52d0 into master Jul 5, 2026
26 checks passed
@Chisanan232 Chisanan232 deleted the v0.0.1/AAASM-4122/install_hint_canonical_host branch July 5, 2026 00:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant