fix(python-sdk): URL-encode namespaced template IDs and aliases#1520
fix(python-sdk): URL-encode namespaced template IDs and aliases#1520mishushakov wants to merge 2 commits into
Conversation
Namespaced template IDs and aliases contain a slash, which the generated
API client passed through as a path separator instead of encoding it, so
e.g. Template.exists("namespace/name") hit /templates/aliases/namespace/name
instead of /templates/aliases/namespace%2Fname. Percent-encode the template_id
and alias path params in both the sync and async template build APIs, matching
the JS SDK's encodeURIComponent behavior.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
🦋 Changeset detectedLatest commit: b303291 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
PR SummaryLow Risk Overview Adds Includes unit tests for the helper and a patch changeset for Reviewed by Cursor Bugbot for commit b303291. Bugbot is set up for automated code reviews on this repo. Configure here. |
Package ArtifactsBuilt from 6f8ed0f. Download artifacts from this workflow run. JS SDK ( npm install ./e2b-2.31.1-fix-template-alias-encoding-in-the-python-sdk-en-1379.0.tgzCLI ( npm install ./e2b-cli-2.13.1-fix-template-alias-encoding-in-the-python-sdk-en-1379.0.tgzPython SDK ( pip install ./e2b-2.30.0+fix.template.alias.encoding.in.the.python.sdk.en.1379-py3-none-any.whl |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit f334321. Configure here.
There was a problem hiding this comment.
LGTM — straightforward URL-encoding fix for Python-side path params, mirrors JS behavior and comes with unit tests.
Extended reasoning...
Overview
This PR adds a small encode_path_param helper (urllib.parse.quote(value, safe="")) and applies it to five call sites in the Python SDK's template build API (sync + async): get_file_upload_link, trigger_build, get_build_status, check_alias_exists, and get_template_tags. The helper mirrors JS's encodeURIComponent so namespaced template IDs/aliases (namespace/name) survive path interpolation as a single segment. Ships with a focused unit test file covering the helper.
Security risks
None material. Percent-encoding path segments is the standard defense against path traversal via user-controlled values, and this change moves the code toward that safer behavior. No auth, crypto, or permission logic is touched.
Level of scrutiny
Low. The change is mechanical, symmetric across sync/async, matches an already-proven pattern in the sibling JS SDK, and is covered by unit tests. The blast radius is confined to how a handful of authenticated API calls format their URLs.
Other factors
The only finding is a nit inline comment about the changeset erroneously listing "e2b": patch" alongside "@e2b/python-sdk": patch`, which would trigger a spurious empty JS SDK release. It is trivial to fix (one-line deletion) but does not block approval — it's release metadata, not runtime behavior. The core fix itself is correct and complete.
This is a Python-only change, so the changeset should not bump the `e2b` (JS SDK) package — it would cut an empty JS SDK release. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Summary
Namespaced template IDs and aliases contain a slash, but the Python SDK interpolated them into the request path unencoded, so
Template.exists("namespace/name")hit/templates/aliases/namespace/nameinstead of/templates/aliases/namespace%2Fname(EN-1379). This change percent-encodes thetemplate_idandaliaspath params across all template build-API methods (sync + async) via a newencode_path_paramhelper, matching the JS SDK'sencodeURIComponentbehavior — the JS SDK already encodes path params correctly (verified), so no JS change was needed. Includes unit tests for the helper and a changeset.Usage
🤖 Generated with Claude Code