Commits on Feb 17, 2026

1. fix: use shallow clone to prevent reward hacking via git history

   Use --depth 1 when cloning repositories to prevent agents from accessing
   git history and exploiting it to retrieve original function implementations
   that were stripped out.
   
   This addresses a reward hacking vulnerability where agents can use
   git log/diff/show commands to find and copy original implementations
   instead of writing them from scratch.
   
   For Commit0Spec, also fetch the specific env_setup_commit with --depth 1
   before resetting to it, since shallow clone only gets the default branch tip.
   
   Co-authored-by: openhands <openhands@all-hands.dev>

   

   Configuration menu

   Browse the repository at this point in the history