fix(sdk): buffer template upload to set Content-Length, add regression tests

[mishushakov]

Summary

Consolidates the fix and tests from #1285 and #1293 into a single PR.

• js-sdk: uploadFile used to pass a Node Readable directly to fetch, causing undici to fall back to Transfer-Encoding: chunked. S3 presigned PUT URLs reject chunked with 501 NotImplemented. Fix buffers the archive first so Content-Length is set. Includes:
  • Regression test that spins up a local HTTP server and asserts Content-Length is set and matches the body, and Transfer-Encoding is not chunked.
  • Type-fix for the CLI's typecheck (cast Pack → AsyncIterable<Buffer>).
  • Dynamic import of node:stream/consumers so the browser bundle doesn't pull it in.
• python-sdk: Adds sync + async regression tests for upload_file that guard against the same class of bug (someone swapping tar_buffer.getvalue() for a stream/generator). No Python code change — the current implementation already passes bytes to httpx.put(..., content=...).

Authorship of the original JS fix commit preserved (truffle-dev).

Closes #1243.

Test plan

• pnpm run test tests/template/uploadFile.test.ts — passes
• pnpm run typecheck / lint clean across js-sdk and cli
• poetry run pytest tests/sync/template_sync/test_upload_file.py tests/async/template_async/test_upload_file.py -v — both pass
• poetry run make format / make lint / make typecheck clean

🤖 Generated with Claude Code

[cursor]

PR Summary

Medium Risk
Changes template upload behavior in the JS SDK from streaming to fully-buffered PUT requests, which can affect memory usage and performance for large templates and could surface new upload-size edge cases.

Overview
Fixes JS SDK template uploads to S3-compatible presigned PUT URLs by buffering the generated tar archive before calling fetch, ensuring a Content-Length header is sent and avoiding Transfer-Encoding: chunked (which S3 rejects with 501 NotImplemented). The implementation uses a dynamic import of node:stream/consumers and a cast to treat the tar stream as an async iterable so the browser bundle doesn’t pull in Node stream modules.

Adds regression tests: a new JS test that spins up a local HTTP server to assert Content-Length matches the received body and chunked encoding isn’t used, plus equivalent sync/async Python tests to guard against future regressions. Includes a changeset bump for e2b (patch).

^{Reviewed by Cursor Bugbot for commit 1323a27. Bugbot is set up for automated code reviews on this repo. Configure here.}

[changeset-bot]

🦋 Changeset detected

Latest commit: 1323a27

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
e2b	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

Package Artifacts

Built from 0b91e8f. Download artifacts from this workflow run.

JS SDK (e2b@2.19.1-mishushakov-s3-upload-fix.0):

npm install ./e2b-2.19.1-mishushakov-s3-upload-fix.0.tgz

CLI (@e2b/cli@2.9.1-mishushakov-s3-upload-fix.0):

npm install ./e2b-cli-2.9.1-mishushakov-s3-upload-fix.0.tgz

Python SDK (e2b==2.20.0+mishushakov-s3-upload-fix):

pip install ./e2b-2.20.0+mishushakov.s3.upload.fix-py3-none-any.whl

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1323a2767a

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[claude]

LGTM — small, well-scoped fix with solid regression coverage.

Extended reasoning...

Overview

The PR changes uploadFile in packages/js-sdk/src/template/buildApi.ts to buffer the tar archive via node:stream/consumers.buffer before calling fetch, so undici sets Content-Length instead of falling back to Transfer-Encoding: chunked (which S3 presigned PUT URLs reject with 501). It adds a JS regression test that spins up a local HTTP server and asserts the headers, plus sync+async Python regression tests guarding the existing Python behavior (no Python code change).

Security risks

None identified. This is a client-side HTTP behavior fix — no auth/crypto/permission surface touched. The dynamic import of node:stream/consumers is a hardcoded module string, not user-controlled.

Level of scrutiny

Low-to-medium. The change is ~10 lines of production code in a single SDK function with a clearly stated motivation (GitHub issue #1243) and an obvious matching fix pattern already used by the Python SDK. The tradeoff flagged by cursor[bot] — buffering large templates in memory — is real but already the status quo on the Python side, so this PR simply aligns the two SDKs rather than introducing a novel design decision.

Other factors

The cast uploadStream as unknown as AsyncIterable<Buffer> is explained in-code with a clear justification tied to preserveSymlinks in the CLI's tsconfig; tar's Pack is indeed async-iterable at runtime via Minipass. The dynamic import keeps the browser bundle clean. No outstanding human review comments, and the bug-hunting system found no issues.