Skip to content

fix(python-sdk): URL-encode namespaced template IDs and aliases#1520

Open
mishushakov wants to merge 2 commits into
mainfrom
fix-template-alias-encoding-in-the-python-sdk-en-1379
Open

fix(python-sdk): URL-encode namespaced template IDs and aliases#1520
mishushakov wants to merge 2 commits into
mainfrom
fix-template-alias-encoding-in-the-python-sdk-en-1379

Conversation

@mishushakov

Copy link
Copy Markdown
Member

Summary

Namespaced template IDs and aliases contain a slash, but the Python SDK interpolated them into the request path unencoded, so Template.exists("namespace/name") hit /templates/aliases/namespace/name instead of /templates/aliases/namespace%2Fname (EN-1379). This change percent-encodes the template_id and alias path params across all template build-API methods (sync + async) via a new encode_path_param helper, matching the JS SDK's encodeURIComponent behavior — the JS SDK already encodes path params correctly (verified), so no JS change was needed. Includes unit tests for the helper and a changeset.

Usage

from e2b import Template

# Namespaced templates now resolve to /templates/aliases/my-team%2Fmy-template
Template.exists("my-team/my-template")
Template.get_tags("my-team/my-template")

🤖 Generated with Claude Code

Namespaced template IDs and aliases contain a slash, which the generated
API client passed through as a path separator instead of encoding it, so
e.g. Template.exists("namespace/name") hit /templates/aliases/namespace/name
instead of /templates/aliases/namespace%2Fname. Percent-encode the template_id
and alias path params in both the sync and async template build APIs, matching
the JS SDK's encodeURIComponent behavior.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@linear-code

linear-code Bot commented Jul 1, 2026

Copy link
Copy Markdown

EN-1379

@cla-bot cla-bot Bot added the cla-signed label Jul 1, 2026
@changeset-bot

changeset-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: b303291

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@e2b/python-sdk Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@cursor

cursor Bot commented Jul 1, 2026

Copy link
Copy Markdown

PR Summary

Low Risk
Narrow client-side URL construction fix with unit tests; behavior for non-namespaced IDs is unchanged, and encoding aligns with the existing JS SDK.

Overview
Fixes broken API routing for namespaced template IDs and aliases (namespace/name) in the Python SDK by percent-encoding values before they are inserted into URL paths.

Adds encode_path_param (urllib.parse.quote with no safe chars) and applies it everywhere template_id or alias is passed as a path segment in the sync and async template build APIs—alias existence checks, tag listing, file upload links, build trigger, and build status polling. Simple names stay unchanged; slashes and other reserved characters encode like the JS SDK’s encodeURIComponent.

Includes unit tests for the helper and a patch changeset for @e2b/python-sdk.

Reviewed by Cursor Bugbot for commit b303291. Bugbot is set up for automated code reviews on this repo. Configure here.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Package Artifacts

Built from 6f8ed0f. Download artifacts from this workflow run.

JS SDK (e2b@2.31.1-fix-template-alias-encoding-in-the-python-sdk-en-1379.0):

npm install ./e2b-2.31.1-fix-template-alias-encoding-in-the-python-sdk-en-1379.0.tgz

CLI (@e2b/cli@2.13.1-fix-template-alias-encoding-in-the-python-sdk-en-1379.0):

npm install ./e2b-cli-2.13.1-fix-template-alias-encoding-in-the-python-sdk-en-1379.0.tgz

Python SDK (e2b==2.30.0+fix-template-alias-encoding-in-the-python-sdk-en-1379):

pip install ./e2b-2.30.0+fix.template.alias.encoding.in.the.python.sdk.en.1379-py3-none-any.whl

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit f334321. Configure here.

Comment thread packages/python-sdk/e2b/template/utils.py

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — straightforward URL-encoding fix for Python-side path params, mirrors JS behavior and comes with unit tests.

Extended reasoning...

Overview

This PR adds a small encode_path_param helper (urllib.parse.quote(value, safe="")) and applies it to five call sites in the Python SDK's template build API (sync + async): get_file_upload_link, trigger_build, get_build_status, check_alias_exists, and get_template_tags. The helper mirrors JS's encodeURIComponent so namespaced template IDs/aliases (namespace/name) survive path interpolation as a single segment. Ships with a focused unit test file covering the helper.

Security risks

None material. Percent-encoding path segments is the standard defense against path traversal via user-controlled values, and this change moves the code toward that safer behavior. No auth, crypto, or permission logic is touched.

Level of scrutiny

Low. The change is mechanical, symmetric across sync/async, matches an already-proven pattern in the sibling JS SDK, and is covered by unit tests. The blast radius is confined to how a handful of authenticated API calls format their URLs.

Other factors

The only finding is a nit inline comment about the changeset erroneously listing "e2b": patch" alongside "@e2b/python-sdk": patch`, which would trigger a spurious empty JS SDK release. It is trivial to fix (one-line deletion) but does not block approval — it's release metadata, not runtime behavior. The core fix itself is correct and complete.

Comment thread .changeset/python-template-alias-encoding.md
This is a Python-only change, so the changeset should not bump the `e2b`
(JS SDK) package — it would cut an empty JS SDK release.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant