aibot777/unlimitedcoding
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
31f9c3e1a8eb8e6607201afd94d9058b0d1a2b87
unlimitedcoding/codex/codex_config.json
delta-cloud-208e 8924b75e91 SECURITY: redact api_key from public repo (Variant B) 
CRITICAL: api_key 'ClauderAPI2' was committed to PUBLIC unlimitedcoding
repo (private:False on gitea) in 4 *_config.json + 8 ps1 scripts. Anyone
on the internet could read it via curl with no auth (HTTP 200 raw access).

This commit:
1. Sanitizes 4 *_config.json: api_key → "YOUR_API_KEY" + _note pointing
   users to private config repo for production credentials.
2. Removes 'ClauderAPI2' literal from 8 ps1 installer/updater scripts
   (claude/codex/gemini/qwen × install/update). Each script now has a
   sanitized block at top that fetches api_key from private
   unlimitedcoding-config repo at runtime via Authorization token.
3. Switches 6 sh installer scripts from public REPO_RAW to PRIVATE
   unlimitedcoding-config base URL for *_config.json downloads.
4. Removes stale .patcher.config.cache.json (will regen on next install).

Production configs MOVED to private repo (separate commit e839102 on
unlimitedcoding-config/main).

KNOWN UNCHANGED:
- releases/v2.1.119/sea/cli-wrapper.cjs still has api_key (part of npm
  package distribution; clients need it locally; sensey serves same).
- Read-only gitea token (cadffcb0...) remains in installers — needed
  for token-auth fetch from private repo. Scoped read-only.

RECOMMEND: api_key rotation in proxy auth list because ClauderAPI2 was
publicly exposed for an unknown period. Existing client installs would
need re-install or env override.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-25 16:43:08 +00:00

25 lines
634 B
JSON
Executable File
Raw Blame History

{
"base_url": "https://ai.37-187-136-86.sslip.io",
"api_key": "YOUR_API_KEY",
"model": "gpt-5.5",
"models": [
"gpt-5.5",
"gpt-5.4",
"gpt-5.3-codex-spark",
"gpt-5.3-codex",
"gpt-5.2-codex"
],
"model_reasoning_effort": "xhigh",
"approval_policy": "never",
"sandbox_mode": "danger-full-access",
"wire_api": "responses",
"telemetry_enabled": false,
"check_for_update": false,
"trust_paths": [
"/home",
"/root",
"/tmp"
],
"target_version": "0.125.0",
"_note": "Production config (with real api_key) lives in PRIVATE unlimitedcoding-config repo. This file is a template only."
}
Reference in New Issue View Git Blame Copy Permalink