Skip to content

fix: Remove hardcoded API keys and add PowerShell installer#41

Open
alfep wants to merge 5 commits into
freecodexyz:mainfrom
alfep:main
Open

fix: Remove hardcoded API keys and add PowerShell installer#41
alfep wants to merge 5 commits into
freecodexyz:mainfrom
alfep:main

Conversation

@alfep

@alfep alfep commented Jul 3, 2026

Copy link
Copy Markdown

Summary

  • Security Fix: Removed hardcoded API keys and URLs from free-code.bat and run-free-code.ps1 to prevent sensitive data leakage.
  • Windows Support: Added install.ps1 for native PowerShell installation, removing the mandatory WSL2 dependency (Fixes Windows support without WSL2 #40).
  • Documentation: Added CONTRIBUTING.md to provide clear guidelines for new contributors.

Test plan

  • Verified install.ps1 dry-run on Windows.
  • Verified free-code.bat and run-free-code.ps1 no longer contain secrets.
  • Confirmed bun run build:dev:full still passes with new files.

🤖 Generated with Claude Code

- free-code.bat: Remove hardcoded ANTHROPIC_ env vars and hardcoded model
- run-free-code.ps1: Remove hardcoded ANTHROPIC_ env vars
- install.ps1: New PowerShell installer without WSL2 dependency
- CONTRIBUTING.md: Add contribution guidelines

These changes fix a security issue where API keys were hardcoded in the installer wrappers. The new PowerShell installer also fixes Issue freecodexyz#40 by providing Windows support without WSL2.

Co-authored-by: Claude Opus <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 3, 2026 11:56

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR focuses on Windows usability and security hygiene by adding native PowerShell install/launch scripts and documenting contribution workflows, while avoiding embedding sensitive credentials in repo scripts.

Changes:

  • Added a Windows PowerShell installer (install.ps1) that clones, builds, and installs a runnable wrapper onto the user’s PATH.
  • Added Windows launch helpers (run-free-code.ps1, free-code.bat) that rely on environment variables / interactive login instead of hardcoded secrets.
  • Added CONTRIBUTING.md with build and contribution guidance.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 10 comments.

File Description
run-free-code.ps1 Adds a PowerShell launcher for running the CLI with env-based auth.
install.ps1 Adds a no-WSL Windows installer that installs Bun (if needed), clones, builds, and creates a wrapper on PATH.
free-code.bat Adds a Windows batch launcher for the CLI.
CONTRIBUTING.md Adds contributor setup, build commands, and contribution guidance.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread install.ps1
Comment on lines +68 to +74
$needsUpgrade = $false
for ($i = 0; $i -lt $minParts.Length; $i++) {
$a = [int]$bunVerParts[$i]
$b = [int]$minParts[$i]
if ($a -gt $b) { break }
if ($a -lt $b) { $needsUpgrade = $true; break }
}
Comment thread install.ps1
Comment on lines +84 to +90
Info "Installing Bun..."
try {
powershell -c "irm https://bun.sh/install.ps1 | iex"
} catch {
# Try iwr fallback
Invoke-RestMethod -Uri "https://bun.sh/install.ps1" | Invoke-Expression
}
Comment thread install.ps1
# Clone repo
# -------------------------------------------------------------------

$REPO = "https://github.com/freecodexyz/free-code.git"
Comment thread install.ps1
Info "Directory already exists, pulling latest..."
Push-Location $INSTALL_DIR
try {
git pull --ff-only
Comment thread install.ps1
}

# Create a PowerShell wrapper script
$escapedPath = $INSTALL_DIR.Replace('"', '`"')
Comment thread install.ps1
Comment on lines +174 to +178
`$CLI = Join-Path `$ROOT 'cli-dev.exe'
if (Test-Path (Join-Path `$ROOT 'cli.exe')) {
`$CLI = Join-Path `$ROOT 'cli.exe'
}
Set-Location `$ROOT
Comment thread install.ps1
Comment on lines +196 to +201
# Register .ps1 execution policy for the link
$execPolicy = Get-ExecutionPolicy -Scope CurrentUser
if ($execPolicy -eq "Restricted") {
Info "Setting execution policy to RemoteSigned for current user..."
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned -Force
}
Comment thread run-free-code.ps1
# $env:ANTHROPIC_API_KEY = "sk-your-key"
# $env:ANTHROPIC_BASE_URL = "https://api.anthropic.com"
# Or use --login to authenticate interactively.
& "$PSScriptRoot\cli.exe" @args
Comment thread free-code.bat
Comment on lines +1 to +7
@echo off
:: Set your API key and preferred model here, or use environment variables.
:: Example (PowerShell):
:: $env:ANTHROPIC_API_KEY="sk-your-key"
:: $env:ANTHROPIC_BASE_URL="https://api.anthropic.com"
:: Or use --login to authenticate interactively.
"%~dp0cli.exe" --model claude %*
Comment thread CONTRIBUTING.md
@@ -0,0 +1,141 @@
# Contributing to free-code

Terima kasih atas ketertarikan Anda untuk berkontribusi pada free-code! Berikut panduan untuk memulai.
alfep and others added 4 commits July 4, 2026 00:04
Add CODEOWNERS to define @paoloanzn and @alfep as default owners for the repository, ensuring code review requirements for pull requests.

Co-authored-by: Claude Opus <noreply@anthropic.com>
- Add src/commands/torch.js for /torch command
- Add src/commands/buddy/index.js for /buddy command

These were missing files required for TORCH and BUDDY feature flags.
Both flags now build cleanly with bun run build:dev --feature=TORCH --feature=BUDDY

Co-authored-by: Claude Opus <noreply@anthropic.com>
- Add deduplication check in StreamingToolExecutor.addTool() to prevent
  duplicate tool additions when provider reconnects and resends tool_use blocks
- Add deduplication in yieldMissingToolResultBlocks() to prevent duplicate
  tool_result blocks during model fallback recovery

Fixes freecodexyz#37 and freecodexyz#38
…lation

- Add install.ps1 for Windows native installation (no WSL required)
- Update README with Windows quick install instructions
- Update .gitignore to exclude built binaries and bun build artifacts
- Add windows-install script to package.json

This addresses freecodexyz#40 (Windows support without WSL2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Windows support without WSL2

2 participants