Skip to content

feat(sdk): 8 MiB python3 ingest guard + TypeScript SDK skill#116

Merged
Hazzng merged 8 commits into
mainfrom
feature/sdk-cpython-8mb-ingest-guard
Jun 8, 2026
Merged

feat(sdk): 8 MiB python3 ingest guard + TypeScript SDK skill#116
Hazzng merged 8 commits into
mainfrom
feature/sdk-cpython-8mb-ingest-guard

Conversation

@Hazzng

@Hazzng Hazzng commented Jun 7, 2026

Copy link
Copy Markdown
Owner

What

Two related strands, both about making the SQL-FS SDKs safe and well-documented to use:

  1. SDK feature — guard ingestFiles / ingest_files against files larger than 8 MiB that the python3 runtime can't open().
  2. Docs/skills — add a TypeScript SDK operator skill (mirroring py-sdk), bring py-sdk to parity, and fix bugs surfaced while e2e-testing.

1. The 8 MiB ingest guard (Python + TS SDKs)

The python3 runtime (CPython compiled to WASM) reads sandbox files through an 8 MiB SharedArrayBuffer IPC bridge. open() on a larger file fails with an opaque FileNotFoundError / OSError — the file appears to exist (os.listdir works) but can't be read. A 17 MB CSV would ingest fine, then silently fail when a Python script tried to open it.

Both SDKs now reject files > 8 MiB on ingest before anything is sent:

sb.ingest_files({"data.csv": big})                       # raises EFILE_TOO_LARGE_FOR_CPYTHON
sb.ingest_files({"data.csv": big}, allow_oversized=True) # ingests anyway
await sb.ingestFiles({ "data.csv": big });                       // throws
await sb.ingestFiles({ "data.csv": big }, { allowOversized: true }); // ingests
  • ValidationError code EFILE_TOO_LARGE_FOR_CPYTHON, client-side (status undefined, no round-trip).
  • Override with allow_oversized / allowOversized — bytes stay usable from bash (cat/grep/awk) and js-exec; only python3 open() can't read them.
  • Or split into <8 MiB chunks and recombine in-script.

2. New ts-sdk skill + skill fixes

  • New skill plugins/sql-fs/skills/ts-sdk/ — full operator guide for the sql-fs-sdk TypeScript package, mirroring py-sdk file-for-file (SKILL.md, SETUP.md, ref/{client,sandbox,models,errors}.md, 4 runnable examples). Adapted to the TS API (camelCase methods, options objects, async SSE via for await, try/finally + client.close()).
  • py-sdk parity — documented the new guard in SKILL.md / ref/{client,errors,sandbox}.md; added the previously-undocumented retry_on_5xx param; fixed stale plugins/sqlfs/ paths and /sqlfs: namespace.
  • uname bug — e2e testing revealed just-bash has no uname (exit 127); replaced uname -srm with pwd / find … | wc -l in ts-sdk, py-sdk, and the api skill (whose endpoints.md even showed a fabricated "Linux ..." output).
  • api skill — same stale plugins/sqlfs/ / /sqlfs: fix.
  • Plugin version bumped 1.1.01.1.1.

No changeset: the change is confined to the SDK clients and the plugin skills, both versioned independently of the sql-fs-api package the changeset system tracks.

Test plan

  • TS SDK: pnpm typecheck + pnpm test (21 passing, incl. block + override cases)
  • Python SDK: pytest (41 passing, incl. block + override cases), ruff, mypy clean
  • pnpm lint (biome check .) clean across all 237 files
  • check:version consistency check passes
  • E2E against a live local API with the npm i'd sql-fs-sdk package: auth bootstrap → create → ingest (guard blocks >8 MiB, allowOversized bypasses, bash reads 9 MiB but python3 open() fails) → exec / execBatch(readOnly) / execStream → readOnly violation → cleanup. All assertions passed.

🤖 Generated with Claude Code

The python3 runtime (CPython WASM) reads sandbox files through an 8 MiB
IPC bridge, so open() fails on larger files. Both SDKs now reject files
over 8 MiB on ingest_files/ingestFiles with EFILE_TOO_LARGE_FOR_CPYTHON
before sending. Pass allow_oversized/allowOversized to ingest anyway —
the bytes stay usable from bash and js-exec, only python3 open() can't
read them. Split into <8 MiB chunks to read large files from python3.
@coderabbitai

coderabbitai Bot commented Jun 7, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Client-side validation now guards against CPython's 8 MiB file-read limit: Python and TypeScript SDKs raise ValidationError (code EFILE_TOO_LARGE_FOR_CPYTHON) for oversized ingest files unless allow_oversized=True is set. Tests verify both rejection and bypass behavior. Documentation describes the constraint and chunking alternatives.

Changes

CPython 8 MiB File-Size Guard for Ingest

Layer / File(s) Summary
Python SDK validation implementation
clients/python/src/sqlfs/sandbox.py
Introduces CPYTHON_READ_LIMIT (8 MiB) and _enforce_cpython_read_limit() helper that scans ingest files and raises ValidationError with code EFILE_TOO_LARGE_FOR_CPYTHON and per-file details unless allow_oversized=True. Extends Sandbox.ingest_files() signature with allow_oversized parameter (default False) and calls the validation helper after existing max-file-size checks.
Python SDK validation tests
clients/python/tests/test_client.py
Verifies that oversized files (just over 8 MiB) are rejected with correct error code and details string when using default settings, and that allow_oversized=True bypasses the guard and sends the request.
TypeScript SDK validation implementation
clients/typescript/src/sandbox.ts
Exports cpythonReadLimit constant (8 MiB) and adds enforceCpythonReadLimit() helper that throws ValidationError with code EFILE_TOO_LARGE_FOR_CPYTHON including formatted per-file details when any file exceeds the limit and allowOversized is not set. Extends Sandbox.ingestFiles() options to include allowOversized?: boolean and applies the check before encoding/ingesting.
TypeScript SDK validation tests
clients/typescript/tests/files.test.ts
Verifies that oversized files (>8 MiB Uint8Array) are rejected with correct error code and details, with no network request sent. Also verifies that { allowOversized: true } accepts the file, triggers a fetch call, and includes the oversized entry in the payload.
Python SDK documentation
plugins/sql-fs/skills/py-sdk/ref/sandbox.md
Updates sb.ingest_files signature to include allow_oversized=False parameter. Documents the client-side 8 MiB python3 read limit, the ValidationError behavior, how allow_oversized=True bypasses the check, and provides a code example showing chunk-splitting as an alternative for large files.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 A guard built tall, eight megs in all,
Keeps Python safe from oversized call.
With tests that pass and docs so clear,
No more limits need you fear!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 45.45% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding an 8 MiB CPython ingest guard across Python and TypeScript SDKs. It is specific, concise, and clearly identifies the primary feature.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/sdk-cpython-8mb-ingest-guard

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Hazzng

Hazzng commented Jun 7, 2026

Copy link
Copy Markdown
Owner Author

@codex review

check:version requires the top CHANGELOG heading to match package.json
(0.3.0); the changeset file is the canonical record of unreleased
changes, so version-locked dated sections are the repo convention.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 22c9abc0e6

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .changeset/sdk-cpython-8mb-ingest-guard.md Outdated
Hazzng added 6 commits June 8, 2026 11:40
The 8MB ingest guard lives entirely in clients/{python,typescript},
which are versioned independently of the sql-fs-api package the
changeset system tracks. A sql-fs-api bump would be inaccurate.
New skill plugins/sql-fs/skills/ts-sdk/ documents the TypeScript SDK
(sql-fs-sdk) with the same structure as py-sdk: SKILL.md, SETUP.md,
ref/{client,sandbox,models,errors}.md, and four runnable examples.
Adapted to the TS API surface — camelCase methods, options objects,
async SSE via for-await, try/finally + client.close() (no context
manager) — and documents the new ingestFiles allowOversized / 8 MiB
EFILE_TOO_LARGE_FOR_CPYTHON guard. Bumps the plugin to 1.1.1.
Root `biome check .` lints the plugin example .ts files; biome wraps
the long collect() signature onto multiple lines.
E2E-testing the ts-sdk skill against a live local API surfaced that
just-bash has no `uname` command (exit 127, command not found). The
smoke-test / batch-probe examples used `uname -srm`, which would fail.
Replaced with `pwd` (builtin) and `find ... | wc -l` across ts-sdk,
py-sdk, and the api skill (whose endpoints.md also showed a fabricated
"Linux ..." output).
Audited the py-sdk skill against clients/python/src/sqlfs/ and the new
ts-sdk skill. Fixed:
- 8 MiB python3 ingest guard (allow_oversized / EFILE_TOO_LARGE_FOR_CPYTHON)
  was only in ref/sandbox.md; now also in SKILL.md, ref/errors.md, ref/client.md
- retry_on_5xx (a real exec/exec_batch param) was undocumented; added to
  ref/sandbox.md signatures + ref/client.md retry policy
- stale plugins/sqlfs/ paths and /sqlfs: invocations corrected to the real
  plugins/sql-fs/ dir and /sql-fs: namespace
Mirror the py-sdk fix: the api SKILL.md referenced the non-existent
plugins/sqlfs/ dir and /sqlfs: invocation. Corrected to plugins/sql-fs/
and /sql-fs:. The whole plugin is now free of stale path/namespace refs.
@Hazzng Hazzng changed the title feat(sdk): guard ingest against >8MB files python3 can't open() feat(sdk): 8 MiB python3 ingest guard + TypeScript SDK skill Jun 8, 2026
@Hazzng Hazzng merged commit 691a5d4 into main Jun 8, 2026
15 checks passed
@Hazzng Hazzng deleted the feature/sdk-cpython-8mb-ingest-guard branch June 8, 2026 02:49
@Hazzng Hazzng mentioned this pull request Jun 8, 2026
Hazzng added a commit that referenced this pull request Jun 8, 2026
Bumps both SDK clients to 0.3.1 and adds CHANGELOG entries for the
ingestFiles/ingest_files 8 MiB python3 guard (allowOversized /
EFILE_TOO_LARGE_FOR_CPYTHON), whose code landed on main via #116.

- TS: package.json + src/version.ts + CHANGELOG.md (check:version consistent)
- Python: pyproject.toml + src/sqlfs/_version.py + CHANGELOG.md

Merging this to main fires the SDK release workflows, publishing 0.3.1
to npm + PyPI with the guard code already present.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant