feat(cli): accept E2B_API_KEY in template list & create#1361
feat(cli): accept E2B_API_KEY in template list & create#1361mishushakov wants to merge 9 commits into
Conversation
The GET /templates endpoint supports both AccessTokenAuth and ApiKeyAuth, so the CLI no longer forces an access token when only an API key is available. Adds ensureAccessTokenOrAPIKey() helper and updates the auth error box to mention both credentials when either is acceptable. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
🦋 Changeset detectedLatest commit: ab24582 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
PR SummaryLow Risk Overview Shared Reviewed by Cursor Bugbot for commit ab24582. Bugbot is set up for automated code reviews on this repo. Configure here. |
Package ArtifactsBuilt from efb2f73. Download artifacts from this workflow run. JS SDK ( npm install ./e2b-2.27.2-mishushakov-cli-access-token-methods.0.tgzCLI ( npm install ./e2b-cli-2.10.3-mishushakov-cli-access-token-methods.0.tgzPython SDK ( pip install ./e2b-2.25.1+mishushakov.cli.access.token.methods-py3-none-any.whl |
template create only calls API-key-authenticated endpoints (POST
/v3/templates and POST /v2/templates/{id}/builds/{bid} via the SDK
Template.build), so requiring E2B_ACCESS_TOKEN locked out API-key-only
environments for no reason.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
mishushakov
changed the title
e2b template listAdds four tests that lock in the API-key-only auth behavior: - template create succeeds past credential checks with only E2B_API_KEY - without any credentials, the error advertises E2B_API_KEY (not E2B_ACCESS_TOKEN), since the underlying endpoints are API-key only - invalid template names fail before any credential check - odd memory values are rejected Tests run the CLI subprocess with an isolated HOME so the user's ~/.e2b/config.json cannot leak credentials in. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Drop the no-credentials, invalid-name, and odd-memory tests — those cover pre-existing CLI behavior unrelated to this PR. Keep only the positive scenario: with E2B_API_KEY set and no E2B_ACCESS_TOKEN, the command reaches "Building sandbox template..." without printing the access-token auth-error box. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Mirror the backend_integration.test.ts pattern: skip when no API key is available, use the real E2B_DOMAIN, and assert a real end-to-end template create succeeds with only E2B_API_KEY set (no E2B_ACCESS_TOKEN). Uses a unique template name per run and cleans up the created template in afterAll. Base image is ubuntu:latest since alpine is not a supported E2B base. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Drop the UserConfigWithDomain fallback chain, safeGetUserConfig, parseEnvInt, and bufferToText helpers. CI sets E2B_API_KEY and E2B_DOMAIN directly, so the user-config fallback and configurable timeout aren't needed. Inline String() coercion replaces bufferToText. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Skipping silently when E2B_API_KEY is missing meant CI runs with broken credential setup would pass green. Now beforeAll throws a clear message so missing creds surface as a real failure. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
E2B_ACCESS_TOKEN is deprecated, so commands whose endpoints accept either credential now authenticate with E2B_API_KEY instead of introducing an accept-either path. Drops the ensureAccessTokenOrAPIKey helper and the 'BOTH' auth-error-box variant. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit ab24582. Configure here.
1 participant
Summary
E2B_ACCESS_TOKENis deprecated, so CLI commands whose endpoints accept either credential now authenticate withE2B_API_KEYinstead of requiring an access token.e2b template listnow usesensureAPIKey(). The underlyingGET /templatesendpoint accepts bothApiKeyAuthandAccessTokenAuth, and since the access token is deprecated we standardize on the API key.e2b template createno longer callsensureAccessToken(). Its only API calls —POST /v3/templatesandPOST /v2/templates/{id}/builds/{bid}(via the SDK'sTemplate.build) — accept onlyApiKeyAuth, so requiring an access token locked out API-key-only environments for no reason.e2b template buildis intentionally left as-is: its v1 endpoints and docker-registry login are access-token-only at the API level.ensureAccessTokenOrAPIKey()helper and the'BOTH'variant of the auth-error box that an earlier iteration of this PR introduced.tests/commands/template/create.test.tsthat mirrors the existingbackend_integration.test.tspattern: use the realE2B_DOMAINand assert end-to-end thattemplate createsucceeds with onlyE2B_API_KEYset (noE2B_ACCESS_TOKEN). Uses a unique template name per run and cleans up the created template inafterAll.Test plan
pnpm --filter @e2b/cli run typecheckpnpm --filter @e2b/cli run lintpnpm --filter @e2b/cli run formatpnpm --filter @e2b/cli run test(local, with realE2B_API_KEY— new test passes; create succeeds withoutE2B_ACCESS_TOKEN)🤖 Generated with Claude Code