Merge branch 'main' into fix/1249-snapshot-name-param

Author: FisherXZ

.changeset/fix-mcp-config-shell-injection.md

@@ -0,0 +1,6 @@
+---
+"e2b": patch
+"@e2b/python-sdk": patch
+---
+
+fix(sdk): prevent shell injection in MCP config by using proper shell escaping (shlex.quote in Python, shellQuote helper in JS/TS)

.changeset/icy-eggs-change.md

@@ -0,0 +1,5 @@
+---
+'@e2b/cli': minor
+---
+
+Handle sandbox not found on cli info

.changeset/sandbox-template-option.md

@@ -0,0 +1,5 @@
+---
+'e2b': patch
+---
+
+allow passing template as an option in Sandbox.create()

CLAUDE.md

@@ -1,5 +1,5 @@
 Use pnpm for node and poetry for python to install and update dependencies.
-Run `pnpm run format`, `pnpm run lint` and `pnpm run typecheck` before commiting changes.
+Run `pnpm run format`, `pnpm run lint` and `pnpm run typecheck` before committing changes.
 To re-generate the API client run `make codegen` in the repository root.
 Run tests on affected codepaths using `pnpm run test`.
 Default credentials are stored in .env.local in the repository root or inside ~/.e2b/config.json.

packages/cli/src/commands/sandbox/info.ts

@@ -1,5 +1,5 @@
 import * as commander from 'commander'
-import { Sandbox } from 'e2b'
+import { NotFoundError, Sandbox } from 'e2b'
 
 import { ensureAPIKey } from 'src/api'
 import { asBold } from 'src/utils/format'
@@ -62,6 +62,11 @@ export const infoCommand = new commander.Command('info')
         process.exit(1)
       }
     } catch (err: any) {
+      if (err instanceof NotFoundError) {
+        console.error(`Sandbox ${asBold(sandboxID)} wasn't found`)
+        process.exit(1)
+        return
+      }
       console.error(err)
       process.exit(1)
     }

packages/cli/src/utils/confirm.ts

@@ -1,10 +1,10 @@
-export async function confirm(text: string, defaultAnwser = false) {
+export async function confirm(text: string, defaultAnswer = false) {
   const inquirer = await import('inquirer')
   const confirmAnswers = await inquirer.default.prompt([
     {
       name: 'confirm',
       type: 'confirm',
-      default: defaultAnwser,
+      default: defaultAnswer,
       message: text,
     },
   ])

packages/cli/src/utils/templatePrompt.ts

@@ -8,7 +8,7 @@ export async function getPromptTemplates(
   text: string
 ) {
   const inquirer = await import('inquirer')
-  const templatesAnwsers = await inquirer.default.prompt([
+  const templatesAnswers = await inquirer.default.prompt([
     {
       name: 'templates',
       message: chalk.default.underline(text),
@@ -21,7 +21,7 @@ export async function getPromptTemplates(
     },
   ])
 
-  return templatesAnwsers[
+  return templatesAnswers[
     'templates'
   ] as e2b.components['schemas']['Template'][]
 }

packages/js-sdk/src/sandbox/git/index.ts

@@ -937,7 +937,7 @@ export class Git {
   /**
    * Execute a raw shell command while applying default git environment variables.
    * 
-   Note: We can liekly just modify runGit later to allow appending commands to the git but for now it's separate.
+   Note: We can likely just modify runGit later to allow appending commands to the git but for now it's separate.
    */
   private async runShell(
     cmd: string,

packages/js-sdk/src/sandbox/index.ts

@@ -29,6 +29,7 @@ import { getSignature } from './signature'
 import { compareVersions } from 'compare-versions'
 import { SandboxError } from '../errors'
 import { ENVD_DEBUG_FALLBACK, ENVD_DEFAULT_USER } from '../envd/versions'
+import { shellQuote } from '../utils'
 
 /**
  * Options for sandbox upload/download URL generation.
@@ -273,9 +274,11 @@ export class Sandbox extends SandboxApi {
             sandboxOpts: opts,
           }
         : {
-            template: templateOrOpts?.mcp
-              ? this.defaultMcpTemplate
-              : this.defaultTemplate,
+            template:
+              templateOrOpts?.template ??
+              (templateOrOpts?.mcp
+                ? this.defaultMcpTemplate
+                : this.defaultTemplate),
             sandboxOpts: templateOrOpts,
           }
 
@@ -299,7 +302,7 @@ export class Sandbox extends SandboxApi {
     if (sandboxOpts?.mcp) {
       sandbox.mcpToken = crypto.randomUUID()
       const res = await sandbox.commands.run(
-        `mcp-gateway --config '${JSON.stringify(sandboxOpts?.mcp)}'`,
+        `mcp-gateway --config ${shellQuote(JSON.stringify(sandboxOpts.mcp))}`,
         {
           user: 'root',
           envs: {
@@ -368,9 +371,11 @@ export class Sandbox extends SandboxApi {
             sandboxOpts: opts,
           }
         : {
-            template: templateOrOpts?.mcp
-              ? this.defaultMcpTemplate
-              : this.defaultTemplate,
+            template:
+              templateOrOpts?.template ??
+              (templateOrOpts?.mcp
+                ? this.defaultMcpTemplate
+                : this.defaultTemplate),
             sandboxOpts: templateOrOpts,
           }
 
@@ -394,7 +399,7 @@ export class Sandbox extends SandboxApi {
     if (sandboxOpts?.mcp) {
       sandbox.mcpToken = crypto.randomUUID()
       const res = await sandbox.commands.run(
-        `mcp-gateway --config '${JSON.stringify(sandboxOpts?.mcp)}'`,
+        `mcp-gateway --config ${shellQuote(JSON.stringify(sandboxOpts.mcp))}`,
         {
           user: 'root',
           envs: {

packages/js-sdk/src/sandbox/sandboxApi.ts

@@ -107,6 +107,13 @@ export interface SandboxApiOpts
  * Options for creating a new Sandbox.
  */
 export interface SandboxOpts extends ConnectionOpts {
+  /**
+   * Sandbox template name or ID.
+   *
+   * @default 'base' (or 'mcp-gateway' when `mcp` option is set)
+   */
+  template?: string
+
   /**
    * Custom metadata for the sandbox.
    *