Skip to content

Instantly share code, notes, and snippets.

View romanlv's full-sized avatar

Roman romanlv

15 followers · 6 following
View GitHub Profile
@romanlv
romanlv / Dockerfile.sandbox
Created April 8, 2026 04:08
Example openclaw.json showing sandbox defaults, per-agent overrides, and channel bindings. Companion to blog post.
FROM debian:bookworm-slim
# Install essential tools
RUN apt-get update && apt-get install -y \
# Basics
curl \
unzip \
ca-certificates \
git \
# JSON/text processing
@romanlv
romanlv / backdoor-explanation.md
Created March 22, 2026 15:34
Backdoor found in FinTrust AI codebase — how it works

Backdoor Found in FinTrust AI Codebase

Summary

A hidden backdoor was found in the server code that:

  1. Steals all server secrets (API keys, database credentials, JWT secrets) and sends them to an external server
  2. Downloads and runs arbitrary code from that external server on your machine
  3. Runs automatically every time the server starts — no user action needed

How it works

@romanlv
romanlv / config.ts
Created March 22, 2026 03:08
Leap0 code-interpreter API test — endpoints return 404 with system/code-interpreter:v0.1.0 template
export const API_URL = "https://api.leap0.dev";
export const SANDBOX_DOMAIN = "sandbox.leap0.dev";
export const API_KEY = Bun.env.LEAP0_API_KEY ?? "";
if (!API_KEY) {
console.error("LEAP0_API_KEY not set");
process.exit(1);
}
export const headers = {
@romanlv
romanlv / aws_session.mjs
Created March 24, 2023 16:22
Renew AWS session key and update .env file
#!/usr/bin/env zx
const MFA_ARN = "...MFA_ARN..."
const baseFolder = "/Users/roman/dev/xyz"
const code = await question('What is MFA code? ')
// if using Yubikey
// const codeRes = await $`ykman oath accounts code ${MFA_ARN}`
// const code = codeRes.stdout.split(/\s+/)[1]
@romanlv
romanlv / og.ts
Created December 19, 2022 17:08
OG Image Generation without next.js and edge runtime
import satori from "satori";
import type { SatoriOptions } from "satori";
import { Resvg } from "@resvg/resvg-js";
import fs from "fs";
import { join } from "path";
import { ReactElement } from "react";
const fallbackFont = fs.readFileSync(
join(
// fileURLToPath(import.meta.url),
@romanlv
romanlv / api.nextjs.test.ts
Last active May 9, 2020 16:06
Async support wrapper for node-mocks-http, allows to write unit tests for next.js api pages
import { createMocksAsync } from '../../../utils/node-mocks-http';
// nextjs handler
import logout from '../../../pages/api/auth/logout';
describe('logout api', () => {
it('should clear cookies and redirect to home', async () => {
const refreshToken = 'refresh_token_1';
const { req, res, result } = createMocksAsync({
method: 'GET',
@romanlv
romanlv / .bash_aliases
Created November 15, 2019 20:16
bash settings
alias aliases='vi ~/.bash_aliases'
alias lsa='ls -a'
alias master='git checkout master; git pull origin master'
alias profile='vi ~/.bash_profile'
alias pubkey="more ~/.ssh/id_rsa.pub | pbcopy | echo '=> Public key copied to pasteboard.'"
alias reload='source ~/.bash_profile'
alias up='cd ..'
alias jira='https://jira.walmart.com/secure/RapidBoard.jspa?rapidView=9759&projectKey=CAPIP'
alias wiki='open https://confluence.my-company.com/display/PROJECT'
@romanlv
romanlv / redux.code-snippets
Last active October 4, 2019 04:09
react/redux snippets
{
// Place your credit-card-app workspace snippets here. Each snippet is defined under a snippet name and has a scope, prefix, body and
// description. Add comma separated ids of the languages where the snippet is applicable in the scope field. If scope
// is left empty or omitted, the snippet gets applied to all languages. The prefix is what is
// used to trigger the snippet and the body will be expanded and inserted. Possible variables are:
// $1, $2 for tab stops, $0 for the final cursor position, and ${1:label}, ${2:another} for placeholders.
// Placeholders with the same ids are connected.
// Example:
// "Print to console": {
// "scope": "javascript,typescript",
@romanlv
romanlv / icons.js
Created August 30, 2019 15:13
script to generate TTF icon font from SVGs for `react-native-vector-icons`
import { createIconSet } from "react-native-vector-icons";
import glyphMap from "../../../assets/fonts/wmicons-map.json";
const Icon = createIconSet(glyphMap, "wmicons");
const SIZE = 20
export const CartIcon = (props = {}) => (
<Icon name="cart" size={SIZE} {...props} />
);
@romanlv
romanlv / enable_recording.sh
Last active September 3, 2019 17:04
Enable recording feature on OnePlus 6
adb -d shell settings put global op_voice_recording_supported_by_mcc 1