You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Automatically retry requests on transient failures across the JS and Python SDKs. Retries connection errors and 429/502/503/504 responses using exponential backoff with jitter, and honor a server-provided Retry-After header so rate limiting (e.g. listing sandboxes) is handled transparently.
Retries are idempotency-aware: idempotent methods retry on any transient failure, while non-idempotent ones (e.g. Sandbox.create) only retry on "rejected" failures where the server provably did not process the request (throttling, connection-refused, DNS), avoiding duplicate side effects.
Configure via the new retries option or E2B_MAX_RETRIES env var (default 3, set 0 to disable). The Python envd RPC retry now also uses backoff between attempts.
Medium Risk
Cross-cutting change to all API/envd/volume request paths; incorrect retry classification on non-idempotent calls could duplicate side effects, though the PR explicitly limits those to “rejected” failures only.
Overview
Both JS and Python SDKs now automatically retry control-plane, volume, and sandbox (envd) HTTP traffic on transient failures—connection errors and 429 / 408 / 502 / 503 / 504 (not 500)—using exponential backoff with jitter and honoring Retry-After.
Retries are idempotency-aware: safe methods retry on any transient failure; non-idempotent calls (e.g. Sandbox.create, envd POST RPCs) only retry when the failure is provably unprocessed (“rejected”, e.g. throttling, refused connection, DNS). Ambiguous mid-flight failures are not replayed for those calls. Large or streaming bodies are sent once without retry (JS buffers up to 1 MiB for replay).
Configuration is unified via a new retries option and E2B_MAX_RETRIES (default 3, 0 disables). Python httpx transports and envd Connect unary RPCs use the shared policy; envd RPC backoff is added. wait() in JS respects AbortSignal during backoff.
Reviewed by Cursor Bugbot for commit 9bb851f. Bugbot is set up for automated code reviews on this repo. Configure here.
Automatically retry requests on transient failures across the JS and
Python SDKs. Retries connection errors and 429/502/503/504 responses
using exponential backoff with jitter, and honor a server-provided
Retry-After header so rate limiting (e.g. listing sandboxes) is handled
transparently.
Retries are idempotency-aware: idempotent methods retry on any transient
failure, while non-idempotent ones (e.g. Sandbox.create) only retry on
"rejected" failures where the server provably did not process the request
(throttling, connection-refused, DNS), avoiding duplicate side effects.
Configure via the new `retries` option or E2B_MAX_RETRIES env var
(default 3, set 0 to disable). The Python envd RPC retry now also uses
backoff between attempts.
- Treat 503 as ambiguous (not rejected) so non-idempotent POSTs are not
replayed when the server may have processed the request (JS + Python)
- Correct misleading retry docs that referenced an idempotency-key
mechanism that is not implemented
- Plumb config.retries through the Python envd Connect RPC client instead
of a hardcoded count of 3
- Pass retries=config.retries to the Python envd HTTP transport and include
it in the transport cache key
- Fix a deadlock in the JS retry body buffering: cancelling one branch of a
teed request body (request.clone()) never resolves while the other branch
is unread, hanging any >1MiB non-stream upload (volume PUT, filesystem
POST). Send the pristine original once instead of cancelling.
- Collapse the duplicated response/error retry guards into a single
shouldRetry predicate (JS) / _should_retry (Python) so the POST safety rule
has one source of truth.
- Export and lock the classification tables with tests and cross-SDK sync
notes to catch JS<->Python drift.
- Add edge tests: large non-replayable body sent once, abort-race.
…lay streamed DELETE
- Bound the whole retried operation by the request's timeout (a monotonic
deadline + per-attempt clamp), instead of letting each attempt use the full
timeout so N retries could run ~N*timeout. Mirrors the JS single-signal bound.
- _is_replayable now requires buffered content for all methods; a DELETE or
OPTIONS carrying a one-shot streaming body is no longer treated as replayable.
- Add sync+async tests for both.
The reason will be displayed to describe this comment to others. Learn more.
Stale comment
Security review (run 2/2) complete on head f96449a49b11d4cf933a95bae4fba43bc18205b1.
No new security vulnerabilities were identified in the current diff.
I specifically re-checked the retry safety surface (replayability checks and timeout/deadline bounding in Python, and abort-aware backoff behavior in JS) and did not find a remaining security regression to report.
Match the JS SDK, which retries envd RPC through withRetry. Python unary RPC
now retries on rejected failures — HTTP 429 (honoring Retry-After) and
connection errors (ConnectError/ConnectTimeout) — in addition to the existing
RemoteProtocolError handling. Ambiguous statuses (502/503/504) are not retried
since RPC is a non-idempotent POST. Streaming RPC is left unwrapped, matching
the JS isStreamLike pass-through.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
jakubno
force-pushed
the
feat/retry-transient-errors
branch
from
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
Automatically retry requests on transient failures across the JS and Python SDKs. Retries connection errors and 429/502/503/504 responses using exponential backoff with jitter, and honor a server-provided Retry-After header so rate limiting (e.g. listing sandboxes) is handled transparently.
Retries are idempotency-aware: idempotent methods retry on any transient failure, while non-idempotent ones (e.g. Sandbox.create) only retry on "rejected" failures where the server provably did not process the request (throttling, connection-refused, DNS), avoiding duplicate side effects.
Configure via the new
retriesoption or E2B_MAX_RETRIES env var (default 3, set 0 to disable). The Python envd RPC retry now also uses backoff between attempts.