fix: Remove hardcoded API keys and add PowerShell installer#41
Open
alfep wants to merge 5 commits into
Open
Conversation
- free-code.bat: Remove hardcoded ANTHROPIC_ env vars and hardcoded model - run-free-code.ps1: Remove hardcoded ANTHROPIC_ env vars - install.ps1: New PowerShell installer without WSL2 dependency - CONTRIBUTING.md: Add contribution guidelines These changes fix a security issue where API keys were hardcoded in the installer wrappers. The new PowerShell installer also fixes Issue freecodexyz#40 by providing Windows support without WSL2. Co-authored-by: Claude Opus <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR focuses on Windows usability and security hygiene by adding native PowerShell install/launch scripts and documenting contribution workflows, while avoiding embedding sensitive credentials in repo scripts.
Changes:
- Added a Windows PowerShell installer (
install.ps1) that clones, builds, and installs a runnable wrapper onto the user’s PATH. - Added Windows launch helpers (
run-free-code.ps1,free-code.bat) that rely on environment variables / interactive login instead of hardcoded secrets. - Added
CONTRIBUTING.mdwith build and contribution guidance.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 10 comments.
| File | Description |
|---|---|
| run-free-code.ps1 | Adds a PowerShell launcher for running the CLI with env-based auth. |
| install.ps1 | Adds a no-WSL Windows installer that installs Bun (if needed), clones, builds, and creates a wrapper on PATH. |
| free-code.bat | Adds a Windows batch launcher for the CLI. |
| CONTRIBUTING.md | Adds contributor setup, build commands, and contribution guidance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+68
to
+74
| $needsUpgrade = $false | ||
| for ($i = 0; $i -lt $minParts.Length; $i++) { | ||
| $a = [int]$bunVerParts[$i] | ||
| $b = [int]$minParts[$i] | ||
| if ($a -gt $b) { break } | ||
| if ($a -lt $b) { $needsUpgrade = $true; break } | ||
| } |
Comment on lines
+84
to
+90
| Info "Installing Bun..." | ||
| try { | ||
| powershell -c "irm https://bun.sh/install.ps1 | iex" | ||
| } catch { | ||
| # Try iwr fallback | ||
| Invoke-RestMethod -Uri "https://bun.sh/install.ps1" | Invoke-Expression | ||
| } |
| # Clone repo | ||
| # ------------------------------------------------------------------- | ||
|
|
||
| $REPO = "https://github.com/freecodexyz/free-code.git" |
| Info "Directory already exists, pulling latest..." | ||
| Push-Location $INSTALL_DIR | ||
| try { | ||
| git pull --ff-only |
| } | ||
|
|
||
| # Create a PowerShell wrapper script | ||
| $escapedPath = $INSTALL_DIR.Replace('"', '`"') |
Comment on lines
+174
to
+178
| `$CLI = Join-Path `$ROOT 'cli-dev.exe' | ||
| if (Test-Path (Join-Path `$ROOT 'cli.exe')) { | ||
| `$CLI = Join-Path `$ROOT 'cli.exe' | ||
| } | ||
| Set-Location `$ROOT |
Comment on lines
+196
to
+201
| # Register .ps1 execution policy for the link | ||
| $execPolicy = Get-ExecutionPolicy -Scope CurrentUser | ||
| if ($execPolicy -eq "Restricted") { | ||
| Info "Setting execution policy to RemoteSigned for current user..." | ||
| Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned -Force | ||
| } |
| # $env:ANTHROPIC_API_KEY = "sk-your-key" | ||
| # $env:ANTHROPIC_BASE_URL = "https://api.anthropic.com" | ||
| # Or use --login to authenticate interactively. | ||
| & "$PSScriptRoot\cli.exe" @args |
Comment on lines
+1
to
+7
| @echo off | ||
| :: Set your API key and preferred model here, or use environment variables. | ||
| :: Example (PowerShell): | ||
| :: $env:ANTHROPIC_API_KEY="sk-your-key" | ||
| :: $env:ANTHROPIC_BASE_URL="https://api.anthropic.com" | ||
| :: Or use --login to authenticate interactively. | ||
| "%~dp0cli.exe" --model claude %* |
| @@ -0,0 +1,141 @@ | |||
| # Contributing to free-code | |||
|
|
|||
| Terima kasih atas ketertarikan Anda untuk berkontribusi pada free-code! Berikut panduan untuk memulai. | |||
Add CODEOWNERS to define @paoloanzn and @alfep as default owners for the repository, ensuring code review requirements for pull requests. Co-authored-by: Claude Opus <noreply@anthropic.com>
- Add src/commands/torch.js for /torch command - Add src/commands/buddy/index.js for /buddy command These were missing files required for TORCH and BUDDY feature flags. Both flags now build cleanly with bun run build:dev --feature=TORCH --feature=BUDDY Co-authored-by: Claude Opus <noreply@anthropic.com>
- Add deduplication check in StreamingToolExecutor.addTool() to prevent duplicate tool additions when provider reconnects and resends tool_use blocks - Add deduplication in yieldMissingToolResultBlocks() to prevent duplicate tool_result blocks during model fallback recovery Fixes freecodexyz#37 and freecodexyz#38
…lation - Add install.ps1 for Windows native installation (no WSL required) - Update README with Windows quick install instructions - Update .gitignore to exclude built binaries and bun build artifacts - Add windows-install script to package.json This addresses freecodexyz#40 (Windows support without WSL2)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
free-code.batandrun-free-code.ps1to prevent sensitive data leakage.install.ps1for native PowerShell installation, removing the mandatory WSL2 dependency (Fixes Windows support without WSL2 #40).CONTRIBUTING.mdto provide clear guidelines for new contributors.Test plan
install.ps1dry-run on Windows.free-code.batandrun-free-code.ps1no longer contain secrets.bun run build:dev:fullstill passes with new files.🤖 Generated with Claude Code