@marcusrbrown/infra 0.5.0 → 0.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@marcusrbrown/infra",
-  "version": "0.5.0",
+  "version": "0.7.0",
   "description": "Infrastructure management CLI — deploy automation, health checks, and MCP bridge",
   "keywords": [
     "infra",
@@ -36,7 +36,7 @@
     "zod": "^4.3.6"
   },
   "devDependencies": {
-    "@modelcontextprotocol/sdk": "^1.29.0",
+    "@modelcontextprotocol/sdk": "1.29.0",
     "yaml": "2.9.0"
   },
   "engines": {

package/src/__snapshots__/cli.test.ts.snap

@@ -71,7 +71,7 @@ Commands:
     --key [key]                        Management API key. Falls back to CLIPROXY_MANAGEMENT_KEY when omitted.
 
 
-  cliproxy login <provider>            Run provider login on the remote CLIProxyAPI host and print OAuth URL output.
+  cliproxy login <provider>            Run provider login on the remote CLIProxyAPI host. Supported providers: claude, codex.
 
     --host [host]                      CLIProxyAPI droplet host for SSH execution. Falls back to CLIPROXY_DOMAIN or cliproxy.fro.bot.
 
@@ -86,6 +86,11 @@ Commands:
     --key [key]                        Existing CLIProxyAPI API key value. When provided, setup skips key creation and reuses this key for GitHub secrets.
     --repo [repo]                      Target GitHub repository in owner/repo format. Skips the repository prompt when provided.
     --harness [harness]                Harness template to configure. Choose opencode, claude-code, or generic. Generic remains interactive-only.
+    --providers [providers]            Comma-separated list of providers to enable. Supported values: anthropic, openai. Example: --providers anthropic,openai
+    --model [model]                    Override the default model. Must be provider-prefixed and lowercase. Examples: anthropic/claude-sonnet-4-6, openai/gpt-4o
+    --force                            Overwrite existing GitHub secrets and variables without prompting.
+    --dry-run                          Print the plan without applying any changes.
+    --verify-smoke                     Run a smoke test against the proxy after setup completes.
 
 
   gateway status                       Show operational health of the gateway deployment via docker compose ps.

package/src/commands/cliproxy/host.test.ts

@@ -0,0 +1,73 @@
+import {describe, expect, it} from 'bun:test'
+
+import {validateCliproxyHost} from './host'
+
+// ─── validateCliproxyHost ─────────────────────────────────────────────────────
+
+describe('validateCliproxyHost', () => {
+  // ── Valid inputs ────────────────────────────────────────────────────────────
+
+  it('accepts a standard FQDN', () => {
+    expect(() => validateCliproxyHost('cliproxy.fro.bot')).not.toThrow()
+    expect(validateCliproxyHost('cliproxy.fro.bot')).toBe('cliproxy.fro.bot')
+  })
+
+  it('accepts localhost', () => {
+    expect(() => validateCliproxyHost('localhost')).not.toThrow()
+  })
+
+  it('accepts an IPv4 address', () => {
+    expect(() => validateCliproxyHost('147.182.133.210')).not.toThrow()
+  })
+
+  it('accepts a single-character hostname', () => {
+    expect(() => validateCliproxyHost('a')).not.toThrow()
+  })
+
+  it('accepts a hostname with hyphens', () => {
+    expect(() => validateCliproxyHost('my-cliproxy.prod.example.com')).not.toThrow()
+  })
+
+  // ── Injection attacks ───────────────────────────────────────────────────────
+
+  it('rejects a leading-hyphen value (ProxyCommand injection vector)', () => {
+    expect(() => validateCliproxyHost('-oProxyCommand=evil')).toThrow('Invalid CLIPROXY_DOMAIN')
+  })
+
+  it('rejects a value with shell metacharacters (semicolon)', () => {
+    expect(() => validateCliproxyHost('cliproxy.fro.bot;rm -rf')).toThrow('Invalid CLIPROXY_DOMAIN')
+  })
+
+  it('rejects a value with shell metacharacters (backtick)', () => {
+    expect(() => validateCliproxyHost('cliproxy.fro.bot`id`')).toThrow('Invalid CLIPROXY_DOMAIN')
+  })
+
+  it('rejects a value with spaces', () => {
+    expect(() => validateCliproxyHost('cliproxy fro.bot')).toThrow('Invalid CLIPROXY_DOMAIN')
+  })
+
+  it('rejects a value with an at-sign', () => {
+    expect(() => validateCliproxyHost('user@cliproxy.fro.bot')).toThrow('Invalid CLIPROXY_DOMAIN')
+  })
+
+  // ── Empty / blank ───────────────────────────────────────────────────────────
+
+  it('rejects an empty string', () => {
+    expect(() => validateCliproxyHost('')).toThrow('Invalid CLIPROXY_DOMAIN')
+  })
+
+  // ── Error message sanitization ──────────────────────────────────────────────
+
+  it('truncates the invalid value in the error message to ~30 chars', () => {
+    const longMalicious = `-oProxyCommand=${'A'.repeat(100)}`
+    let message = ''
+    try {
+      validateCliproxyHost(longMalicious)
+    } catch (error) {
+      message = error instanceof Error ? error.message : String(error)
+    }
+    // The excerpt in the message should not exceed 30 chars of the original value
+    expect(message).toContain('Invalid CLIPROXY_DOMAIN')
+    expect(message.length).toBeLessThan(longMalicious.length + 50)
+  })
+})

package/src/commands/cliproxy/host.ts

@@ -0,0 +1,31 @@
+// ─── Cliproxy host validation ─────────────────────────────────────────────────
+//
+// Validates CLIPROXY_DOMAIN values before they are passed as ssh argv arguments.
+// A value starting with `-` would be interpreted by ssh as an option flag,
+// enabling ProxyCommand injection and local code execution.
+
+const VALID_HOST_RE = /^[a-z\d][a-z\d.\-]*$/i
+
+/**
+ * Validates a candidate CLIPROXY_DOMAIN value against a strict hostname allowlist.
+ *
+ * Accepts: hostnames, FQDNs, IPv4 addresses, `localhost`.
+ * Rejects: empty strings, values starting with `-`, and anything containing
+ * characters outside `[A-Za-z0-9.-]`.
+ *
+ * @throws {Error} with a sanitized excerpt of the invalid value.
+ * @returns The validated host string (unchanged).
+ */
+export function validateCliproxyHost(host: string): string {
+  if (!host) {
+    throw new Error('Invalid CLIPROXY_DOMAIN: value is empty')
+  }
+
+  if (!VALID_HOST_RE.test(host)) {
+    // Truncate to 30 chars and strip non-printable bytes before echoing back
+    const excerpt = host.slice(0, 30).replaceAll(/[^\u0020-\u007E]/g, '?')
+    throw new Error(`Invalid CLIPROXY_DOMAIN: "${excerpt}" — must match ${String.raw`[A-Za-z0-9][A-Za-z0-9.\-]*`}`)
+  }
+
+  return host
+}

package/src/commands/cliproxy/login.test.ts

@@ -1,13 +1,13 @@
-import {resolve} from 'node:path'
-import {afterEach, beforeEach, describe, expect, it} from 'bun:test'
+import type {SpawnFn} from './login'
 
-const cliDir = resolve(import.meta.dir, '../../..')
+import {afterEach, beforeEach, describe, expect, it} from 'bun:test'
 
 const envKeys = ['CLIPROXY_DOMAIN', 'HOME', 'PATH', 'SSH_AUTH_SOCK'] as const
 
 type ManagedEnvKey = (typeof envKeys)[number]
 
 let originalEnv: Partial<Record<ManagedEnvKey, string | undefined>>
+let originalIsTTY: boolean | undefined
 
 function restoreManagedEnv(): void {
   for (const key of envKeys) {
@@ -22,80 +22,84 @@ function restoreManagedEnv(): void {
   }
 }
 
-async function runLoginCommand(
-  args: string[],
-  envOverrides: Partial<Record<ManagedEnvKey, string | undefined>> = {},
-): Promise<{stdout: string; stderr: string; exitCode: number}> {
-  const env = {...process.env}
-
-  for (const [key, value] of Object.entries(envOverrides)) {
-    if (value === undefined) {
-      delete env[key]
-      continue
-    }
-
-    env[key] = value
+/** Minimal SpawnFn mock for inherit-stdio calls — records invocations and resolves with exitCode. */
+function makeSpawnOk(exitCode = 0): {spawnFn: SpawnFn; calls: {cmd: string[]; opts: unknown}[]} {
+  const calls: {cmd: string[]; opts: unknown}[] = []
+  const spawnFn: SpawnFn = (cmd, opts) => {
+    calls.push({cmd, opts})
+    return {exited: Promise.resolve(exitCode)}
   }
 
-  const proc = Bun.spawn(['bun', 'src/cli.ts', 'cliproxy', 'login', ...args], {
-    cwd: cliDir,
-    env: {
-      ...env,
-      HOME: env.HOME ?? '/tmp/test-home',
-      NO_COLOR: '1',
-      PATH: env.PATH ?? '/usr/bin:/bin',
-      SSH_AUTH_SOCK: env.SSH_AUTH_SOCK ?? '/tmp/test-sock',
-    },
-    stdout: 'pipe',
-    stderr: 'pipe',
-  })
+  return {spawnFn, calls}
+}
 
-  const [stdout, stderr, exitCode] = await Promise.all([
-    new Response(proc.stdout).text(),
-    new Response(proc.stderr).text(),
-    proc.exited,
-  ])
+// Helper: a SpawnFn that must never be called (proves provider check fires before spawn)
+const neverSpawn: SpawnFn = () => {
+  throw new Error('spawn must not be called for invalid provider')
+}
 
-  return {stdout, stderr, exitCode}
+// Helper: set up a valid TTY + env so spawn-path tests can reach the spawn call
+function setValidEnv(): void {
+  Object.defineProperty(process.stdin, 'isTTY', {value: true, configurable: true})
+  process.env.SSH_AUTH_SOCK = '/tmp/test-agent.sock'
+  process.env.PATH = process.env.PATH ?? '/usr/bin'
+  process.env.HOME = process.env.HOME ?? '/root'
 }
 
 describe('cliproxy login', () => {
   beforeEach(() => {
     originalEnv = Object.fromEntries(envKeys.map(key => [key, process.env[key]]))
+    originalIsTTY = process.stdin.isTTY
   })
 
   afterEach(() => {
     restoreManagedEnv()
+    Object.defineProperty(process.stdin, 'isTTY', {value: originalIsTTY, configurable: true})
   })
 
   describe('validation', () => {
     it('rejects unsupported providers', async () => {
-      const {stderr, exitCode} = await runLoginCommand(['openai'])
-      expect(exitCode).not.toBe(0)
-      expect(stderr).toContain('Unsupported provider')
-      expect(stderr).toContain('only "claude" is supported')
+      const {cliproxyLoginAction} = await import('./login')
+      const {spawnFn} = makeSpawnOk()
+
+      // Provider check happens before TTY check — no need to set isTTY
+      await expect(cliproxyLoginAction('openai', {}, spawnFn)).rejects.toThrow('Unsupported provider')
+      await expect(cliproxyLoginAction('openai', {}, spawnFn)).rejects.toThrow('Supported: claude, codex.')
     })
 
     it('requires interactive terminal (checked before SSH_AUTH_SOCK)', async () => {
-      const {stderr, exitCode} = await runLoginCommand(['claude'], {SSH_AUTH_SOCK: undefined})
-      expect(exitCode).not.toBe(0)
-      expect(stderr).toContain('interactive terminal')
+      const {cliproxyLoginAction} = await import('./login')
+      const {spawnFn} = makeSpawnOk()
+
+      // Simulate non-TTY environment (as subprocess tests did)
+      Object.defineProperty(process.stdin, 'isTTY', {value: false, configurable: true})
+
+      await expect(cliproxyLoginAction('claude', {}, spawnFn)).rejects.toThrow('interactive terminal')
     })
   })
 
   describe('host resolution', () => {
     it('uses CLIPROXY_DOMAIN env var', async () => {
-      const {stderr, exitCode} = await runLoginCommand(['claude'], {
-        CLIPROXY_DOMAIN: 'custom.host.example',
-      })
-      expect(exitCode).not.toBe(0)
-      expect(stderr).toContain('interactive terminal')
+      const {cliproxyLoginAction} = await import('./login')
+      const {spawnFn} = makeSpawnOk()
+
+      Object.defineProperty(process.stdin, 'isTTY', {value: false, configurable: true})
+      process.env.CLIPROXY_DOMAIN = 'custom.host.example'
+
+      // TTY check fires before host resolution — error is about TTY
+      await expect(cliproxyLoginAction('claude', {}, spawnFn)).rejects.toThrow('interactive terminal')
     })
 
     it('uses --host flag', async () => {
-      const {stderr, exitCode} = await runLoginCommand(['claude', '--host', 'custom.host.example'])
-      expect(exitCode).not.toBe(0)
-      expect(stderr).toContain('interactive terminal')
+      const {cliproxyLoginAction} = await import('./login')
+      const {spawnFn} = makeSpawnOk()
+
+      Object.defineProperty(process.stdin, 'isTTY', {value: false, configurable: true})
+
+      // TTY check fires before host resolution — error is about TTY
+      await expect(cliproxyLoginAction('claude', {host: 'custom.host.example'}, spawnFn)).rejects.toThrow(
+        'interactive terminal',
+      )
     })
   })
 
@@ -131,4 +135,154 @@ describe('cliproxy login', () => {
       expect(() => requireSshAuthSock()).toThrow('SSH_AUTH_SOCK is required')
     })
   })
+
+  describe('provider flags', () => {
+    it('happy path — codex: spawn args contain --codex-device-login and --no-browser', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+      const {spawnFn, calls} = makeSpawnOk(0)
+      setValidEnv()
+
+      await cliproxyLoginAction('codex', {}, spawnFn)
+
+      const cmd = calls[0]!.cmd
+      expect(cmd.join(' ')).toContain('--codex-device-login')
+      expect(cmd.join(' ')).toContain('--no-browser')
+      expect(cmd.join(' ')).not.toContain('--codex-login ')
+    })
+
+    it('happy path — claude regression: spawn args contain --claude-login and --no-browser', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+      const {spawnFn, calls} = makeSpawnOk(0)
+      setValidEnv()
+
+      await cliproxyLoginAction('claude', {}, spawnFn)
+
+      const cmd = calls[0]!.cmd
+      expect(cmd.join(' ')).toContain('--claude-login')
+      expect(cmd.join(' ')).toContain('--no-browser')
+    })
+
+    it('error path — unknown provider "chatgpt": rejects with correct message, no spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+
+      await expect(cliproxyLoginAction('chatgpt', {}, neverSpawn)).rejects.toThrow(
+        'Unsupported provider "chatgpt". Supported: claude, codex.',
+      )
+    })
+
+    it('error path — empty provider: rejects with correct message, no spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+
+      await expect(cliproxyLoginAction('', {}, neverSpawn)).rejects.toThrow(
+        'Unsupported provider "". Supported: claude, codex.',
+      )
+    })
+
+    it('error path — malformed provider path traversal: rejects with correct message, no spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+
+      await expect(cliproxyLoginAction('../../../etc/passwd', {}, neverSpawn)).rejects.toThrow(
+        'Unsupported provider "../../../etc/passwd". Supported: claude, codex.',
+      )
+    })
+
+    it('error path — prototype-chain bypass "__proto__": rejects with correct message, no spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+
+      await expect(cliproxyLoginAction('__proto__', {}, neverSpawn)).rejects.toThrow(
+        'Unsupported provider "__proto__". Supported: claude, codex.',
+      )
+    })
+
+    it('error path — prototype-chain bypass "constructor": rejects with correct message, no spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+
+      await expect(cliproxyLoginAction('constructor', {}, neverSpawn)).rejects.toThrow(
+        'Unsupported provider "constructor". Supported: claude, codex.',
+      )
+    })
+
+    it('error path — prototype-chain bypass "hasOwnProperty": rejects with correct message, no spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+
+      await expect(cliproxyLoginAction('hasOwnProperty', {}, neverSpawn)).rejects.toThrow(
+        'Unsupported provider "hasOwnProperty". Supported: claude, codex.',
+      )
+    })
+  })
+
+  describe('host validation', () => {
+    it('rejects --host with a leading dash (ProxyCommand injection vector), no spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+      setValidEnv()
+
+      await expect(cliproxyLoginAction('codex', {host: '-oProxyCommand=evil'}, neverSpawn)).rejects.toThrow(
+        'Invalid CLIPROXY_DOMAIN',
+      )
+    })
+
+    it('rejects CLIPROXY_DOMAIN env with a leading dash, no spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+      setValidEnv()
+      process.env.CLIPROXY_DOMAIN = '-oProxyCommand=evil'
+
+      await expect(cliproxyLoginAction('codex', {}, neverSpawn)).rejects.toThrow('Invalid CLIPROXY_DOMAIN')
+    })
+
+    it('rejects --host with shell metacharacters (semicolon), no spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+      setValidEnv()
+
+      await expect(cliproxyLoginAction('codex', {host: 'gateway.example.com;rm -rf'}, neverSpawn)).rejects.toThrow(
+        'Invalid CLIPROXY_DOMAIN',
+      )
+    })
+  })
+
+  describe('anti-phishing notice', () => {
+    let logLines: string[]
+    let originalLog: typeof console.log
+
+    beforeEach(() => {
+      logLines = []
+      originalLog = console.log
+      console.log = (...args: unknown[]) => {
+        logLines.push(args.map(String).join(' '))
+      }
+    })
+
+    afterEach(() => {
+      console.log = originalLog
+    })
+
+    it('codex: anti-phishing notice appears before spawn', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+      const linesBeforeSpawn: string[] = []
+      let spawnCalled = false
+
+      const trackingSpawn: SpawnFn = (_cmd, _opts) => {
+        linesBeforeSpawn.push(...logLines)
+        spawnCalled = true
+        return {exited: Promise.resolve(0)}
+      }
+
+      setValidEnv()
+      await cliproxyLoginAction('codex', {}, trackingSpawn)
+
+      expect(spawnCalled).toBe(true)
+      const allOutput = linesBeforeSpawn.join('\n')
+      expect(allOutput).toMatch(/openai\.com/i)
+    })
+
+    it('claude: anti-phishing notice does NOT appear', async () => {
+      const {cliproxyLoginAction} = await import('./login')
+      const {spawnFn} = makeSpawnOk(0)
+      setValidEnv()
+
+      await cliproxyLoginAction('claude', {}, spawnFn)
+
+      const allOutput = logLines.join('\n')
+      expect(allOutput).not.toMatch(/openai\.com/)
+    })
+  })
 })

package/src/commands/cliproxy/login.ts

@@ -2,9 +2,27 @@ import type {goke} from 'goke'
 
 import {z} from 'zod'
 
+import {validateCliproxyHost} from './host'
+
 const DEFAULT_HOST = 'cliproxy.fro.bot'
 const DEFAULT_REMOTE_USER = 'root'
 
+const PROVIDER_FLAGS = {
+  claude: '--claude-login',
+  codex: '--codex-device-login',
+} as const satisfies Record<string, string>
+
+const SUPPORTED_PROVIDERS_DISPLAY = Object.keys(PROVIDER_FLAGS).join(', ')
+
+export type SpawnFn = (
+  cmd: string[],
+  opts: {env: Record<string, string>; stdin: 'inherit'; stdout: 'inherit'; stderr: 'inherit'},
+) => {exited: Promise<number>}
+
+export interface LoginOptions {
+  host?: string
+}
+
 export function resolveHost(input?: string): string {
   const host = input ?? process.env.CLIPROXY_DOMAIN ?? DEFAULT_HOST
 
@@ -24,11 +42,72 @@ export function requireSshAuthSock(): string {
   return sshAuthSock
 }
 
+export async function cliproxyLoginAction(
+  provider: string,
+  options: LoginOptions,
+  spawnFn: SpawnFn = Bun.spawn,
+): Promise<void> {
+  if (!Object.prototype.hasOwnProperty.call(PROVIDER_FLAGS, provider)) {
+    throw new Error(`Unsupported provider "${provider}". Supported: ${SUPPORTED_PROVIDERS_DISPLAY}.`)
+  }
+  const providerFlag = PROVIDER_FLAGS[provider as keyof typeof PROVIDER_FLAGS]
+
+  if (!process.stdin.isTTY) {
+    throw new Error('cliproxy login requires an interactive terminal. Run from a shell with TTY attached.')
+  }
+
+  const host = validateCliproxyHost(resolveHost(options.host))
+  const sshAuthSock = requireSshAuthSock()
+  const path = process.env.PATH
+  const home = process.env.HOME
+
+  if (!path) {
+    throw new Error('PATH is required to invoke ssh')
+  }
+
+  if (!home) {
+    throw new Error('HOME is required to invoke ssh')
+  }
+
+  if (provider === 'codex') {
+    console.log()
+    console.log('  Verify the URL')
+    console.log('  ─────────────')
+    console.log("  Codex login uses OpenAI's device-code flow. The droplet will print a code")
+    console.log('  and a URL. Before entering the code, verify the URL points to openai.com —')
+    console.log('  only complete the flow on the official OpenAI domain.')
+    console.log()
+  }
+
+  const remoteCommand = `cd /opt/cliproxy && docker compose exec cli-proxy-api /CLIProxyAPI/CLIProxyAPI --no-browser ${providerFlag}`
+
+  const child = spawnFn(
+    ['ssh', '-tt', '-o', 'BatchMode=yes', '-o', 'ConnectTimeout=10', `${DEFAULT_REMOTE_USER}@${host}`, remoteCommand],
+    {
+      env: {
+        PATH: path,
+        HOME: home,
+        SSH_AUTH_SOCK: sshAuthSock,
+      },
+      stdin: 'inherit',
+      stdout: 'inherit',
+      stderr: 'inherit',
+    },
+  )
+
+  const exitCode = await child.exited
+  if (exitCode !== 0) {
+    throw new Error(`Remote login command failed with exit code ${exitCode}`)
+  }
+
+  console.log('If an OAuth URL was printed above, open it in your browser to complete login.')
+}
+
 export function registerCliproxyLogin(cli: ReturnType<typeof goke>): void {
   cli
     .command(
       'cliproxy login <provider>',
-      'Run provider login on the remote CLIProxyAPI host and print OAuth URL output.',
+      `Run provider login on the remote CLIProxyAPI host. Supported providers: ${SUPPORTED_PROVIDERS_DISPLAY}.`,
     )
     .option(
       '--host [host]',
@@ -38,59 +117,7 @@ export function registerCliproxyLogin(cli: ReturnType<typeof goke>): void {
     )
     .example('# Start Claude login flow on remote CLIProxyAPI instance')
     .example('infra cliproxy login claude')
-    .action(async (provider, options) => {
-      if (provider !== 'claude') {
-        throw new Error(`Unsupported provider "${provider}". Currently only "claude" is supported.`)
-      }
-
-      if (!process.stdin.isTTY) {
-        throw new Error('cliproxy login requires an interactive terminal. Run from a shell with TTY attached.')
-      }
-
-      const host = resolveHost(options.host)
-      const sshAuthSock = requireSshAuthSock()
-      const path = process.env.PATH
-      const home = process.env.HOME
-
-      if (!path) {
-        throw new Error('PATH is required to invoke ssh')
-      }
-
-      if (!home) {
-        throw new Error('HOME is required to invoke ssh')
-      }
-
-      const remoteCommand =
-        'cd /opt/cliproxy && docker compose exec cli-proxy-api /CLIProxyAPI/CLIProxyAPI --no-browser --claude-login'
-
-      const child = Bun.spawn(
-        [
-          'ssh',
-          '-tt',
-          '-o',
-          'BatchMode=yes',
-          '-o',
-          'ConnectTimeout=10',
-          `${DEFAULT_REMOTE_USER}@${host}`,
-          remoteCommand,
-        ],
-        {
-          env: {
-            PATH: path,
-            HOME: home,
-            SSH_AUTH_SOCK: sshAuthSock,
-          },
-          stdin: 'inherit',
-          stdout: 'inherit',
-          stderr: 'inherit',
-        },
-      )
-
-      const exitCode = await child.exited
-      if (exitCode !== 0) {
-        throw new Error(`Remote login command failed with exit code ${exitCode}`)
-      }
-
-      console.log('If an OAuth URL was printed above, open it in your browser to complete login.')
-    })
+    .example('# Start ChatGPT Pro login flow via device-code')
+    .example('infra cliproxy login codex')
+    .action((provider, options) => cliproxyLoginAction(provider, options))
 }

package/src/commands/cliproxy/open.test.ts

@@ -91,6 +91,26 @@ describe('cliproxy open', () => {
     })
   })
 
+  describe('host validation', () => {
+    it('rejects CLIPROXY_DOMAIN env with a leading dash (ProxyCommand injection vector)', async () => {
+      const {stderr, exitCode} = await runOpenCommand([], {CLIPROXY_DOMAIN: '-oProxyCommand=evil'})
+      expect(exitCode).not.toBe(0)
+      expect(stderr).toContain('Invalid CLIPROXY_DOMAIN')
+    })
+
+    it('rejects CLIPROXY_DOMAIN env with shell metacharacters (semicolon)', async () => {
+      const {stderr, exitCode} = await runOpenCommand([], {CLIPROXY_DOMAIN: 'gateway.example.com;rm -rf'})
+      expect(exitCode).not.toBe(0)
+      expect(stderr).toContain('Invalid CLIPROXY_DOMAIN')
+    })
+
+    it('rejects CLIPROXY_DOMAIN env with an at-sign', async () => {
+      const {stderr, exitCode} = await runOpenCommand([], {CLIPROXY_DOMAIN: 'user@cliproxy.fro.bot'})
+      expect(exitCode).not.toBe(0)
+      expect(stderr).toContain('Invalid CLIPROXY_DOMAIN')
+    })
+  })
+
   describe('unit: resolveHost', () => {
     it('returns input when provided', async () => {
       const {resolveHost} = await import('./open')

package/src/commands/cliproxy/open.ts

@@ -2,6 +2,8 @@ import type {goke} from 'goke'
 
 import {z} from 'zod'
 
+import {validateCliproxyHost} from './host'
+
 const DEFAULT_HOST = 'cliproxy.fro.bot'
 const DEFAULT_REMOTE_USER = 'root'
 
@@ -27,11 +29,12 @@ export function registerCliproxyOpen(cli: ReturnType<typeof goke>): void {
     .example('# Open on a custom host')
     .example('infra cliproxy open --host custom.example.com')
     .action(async options => {
+      const host = validateCliproxyHost(resolveHost(options.host))
+
       if (!process.stdin.isTTY) {
         throw new Error('cliproxy open requires an interactive terminal. Run from a shell with TTY attached.')
       }
 
-      const host = resolveHost(options.host)
       const path = process.env.PATH
       const home = process.env.HOME