Context
Split from #1366 (item 2). The shutdown delay (item 1) was fixed in #1371, but the healthcheck startup tuning is still open.
During docker compose up --wait, Compose polls each service's healthcheck before proceeding. The squid and api-proxy services currently use conservative intervals, adding unnecessary wait time to every sandbox invocation.
Current State
| Service |
interval |
start_period |
timeout |
retries |
| Squid |
5s |
10s |
3s |
5 |
| API Proxy |
5s |
5s |
3s |
5 |
| Agent |
1s ✅ |
1s ✅ |
1s |
3 |
Both squid and api-proxy typically become healthy in 1-2s, so the long start_period and interval just add idle wait time.
Proposed Fix
In src/docker-manager.ts, tune the healthcheck for both services:
Squid (~line 404-410):
interval: '1s',
start_period: '2s',
timeout: '1s',
retries: 5,
API Proxy (~line 1388-1394):
interval: '1s',
start_period: '2s',
timeout: '1s',
retries: 5,
Keep retries: 5 for robustness — the savings come from polling every 1s instead of 5s and not waiting 5-10s before the first check.
Expected Impact
~6-8s saved per sandbox invocation (two services × ~3-4s each), applied to both the main agent run and any subsequent runs (e.g., threat detection).
Verification
npm test — unit tests for docker-manager healthcheck confignpm run test:integration — full integration tests- Manual:
time sudo awf --build-local --allow-domains example.com 'curl https://example.com' before/after
Context
Split from #1366 (item 2). The shutdown delay (item 1) was fixed in #1371, but the healthcheck startup tuning is still open.
During
docker compose up --wait, Compose polls each service's healthcheck before proceeding. The squid and api-proxy services currently use conservative intervals, adding unnecessary wait time to every sandbox invocation.Current State
Both squid and api-proxy typically become healthy in 1-2s, so the long
start_periodandintervaljust add idle wait time.Proposed Fix
In
src/docker-manager.ts, tune the healthcheck for both services:Squid (~line 404-410):
API Proxy (~line 1388-1394):
Keep
retries: 5for robustness — the savings come from polling every 1s instead of 5s and not waiting 5-10s before the first check.Expected Impact
~6-8s saved per sandbox invocation (two services × ~3-4s each), applied to both the main agent run and any subsequent runs (e.g., threat detection).
Verification
npm test— unit tests for docker-manager healthcheck confignpm run test:integration— full integration teststime sudo awf --build-local --allow-domains example.com 'curl https://example.com'before/after