6900b1df52
* Done. All three git commands now have security protections: **Changes made to `crates/remote/src/github_app/service.rs`:** 1. **Clone** (line 284): Added `-c core.hooksPath=/dev/null`, `-c core.autocrlf=false`, `-c core.symlinks=false` flags plus environment variables 2. **Fetch** (line 318): Added `-c core.hooksPath=/dev/null` flag plus environment variables 3. **Checkout** (line 349): Added `-c core.hooksPath=/dev/null` flag plus environment variables **Security protections now in place:** - `core.hooksPath=/dev/null` - Disables all git hooks - `core.symlinks=false` - Prevents symlink attacks (on clone) - `core.autocrlf=false` - Prevents line ending manipulation (on clone) - `GIT_CONFIG_GLOBAL=/dev/null` - Ignores global git config - `GIT_CONFIG_SYSTEM=/dev/null` - Ignores system git config - `GIT_TERMINAL_PROMPT=0` - Prevents credential prompts The repository cloning is now safe for untrusted repositories. * Cleanup script changes for task attempt 8324c5ea-8505-49a7-a9f3-dfeb2d83cf54
Remote service
The remote crate contains the implementation of the Vibe Kanban hosted API.
Prerequisites
Create a .env.remote file in the repository root:
VIBEKANBAN_REMOTE_JWT_SECRET=your_base64_encoded_secret
SERVER_PUBLIC_BASE_URL=http://localhost:3000
GITHUB_OAUTH_CLIENT_ID=your_github_web_app_client_id
GITHUB_OAUTH_CLIENT_SECRET=your_github_web_app_client_secret
GOOGLE_OAUTH_CLIENT_ID=your_google_web_app_client_id
GOOGLE_OAUTH_CLIENT_SECRET=your_google_web_app_client_secret
Generate VIBEKANBAN_REMOTE_JWT_SECRET once using openssl rand -base64 48 and copy the value into .env.remote.
At least one OAuth provider (GitHub or Google) must be configured.
Run the stack locally
docker compose --env-file .env.remote -f docker-compose.yml up --build
Exposes the API on http://localhost:8081. The Postgres service is available at postgres://remote:remote@localhost:5432/remote.
Run Vibe Kanban
export VK_SHARED_API_BASE=http://localhost:8081
pnpm run dev