increased limits, added busybox container to speed up cold starts, removed some useless stuff from readme

Author: HardMax71

README.md

@@ -2,7 +2,6 @@
  <img src="./files_for_readme/logo.png" alt="Integr8sCode Logo" width="200" height="200">
  <h1 align="center"><b>Integr8sCode</b></h1>
 </p>
-
 <p align="center">
   <a href="https://github.com/HardMax71/Integr8sCode/actions/workflows/ruff.yml">
     <img src="https://img.shields.io/github/actions/workflow/status/HardMax71/Integr8sCode/ruff.yml?branch=main&label=ruff&logo=python&logoColor=white" alt="Ruff Status" />
@@ -31,7 +30,6 @@
     <img src="https://sonarcloud.io/api/project_badges/measure?project=HardMax71_Integr8sCode&metric=bugs" alt="Bugs">
   </a>
 </p>
----
 
 Welcome to **Integr8sCode**! This is a platform where you can run Python scripts online with ease. Just paste your
 script, and the platform run it in an isolated environment within its own Kubernetes pod, complete with resource limits

backend/.env

@@ -5,9 +5,9 @@ ACCESS_TOKEN_EXPIRE_MINUTES=30
 MONGODB_URL=mongodb://mongo:27017/integr8scode
 KUBERNETES_CONFIG_PATH=/app/kubeconfig.yaml
 KUBERNETES_CA_CERTIFICATE_PATH=/app/certs/k8s-ca.pem
-K8S_POD_CPU_LIMIT=100m
+K8S_POD_CPU_LIMIT=1000m
 K8S_POD_MEMORY_LIMIT=128Mi
-K8S_POD_CPU_REQUEST=100m
+K8S_POD_CPU_REQUEST=200m
 K8S_POD_MEMORY_REQUEST=128Mi
 K8S_POD_EXECUTION_TIMEOUT=5
 RATE_LIMITS=100/minute

backend/app/scripts/entrypoint.sh

@@ -1,71 +1,76 @@
 #!/bin/sh
+#
+# Strict, portable POSIX-sh entrypoint that runs an arbitrary
+# command, captures its output, exit-code and coarse resource
+# usage, then prints a single-line JSON blob to stdout.
 
-# This script is written in the strictest, most portable POSIX sh.
-# It makes zero assumptions about the shell's features.
-
-# Use a simple, POSIX-compliant method for escaping JSON strings.
+# Very small, POSIX-compliant JSON string escaper
 json_escape() {
-    sed -e ':a;N;$!ba' -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/\n/\\n/g' -e 's/\t/\\t/g' -e 's/\r/\\r/g'
+    sed -e ':a;N;$!ba' \
+        -e 's/\\/\\\\/g'  \
+        -e 's/"/\\"/g'   \
+        -e 's/\n/\\n/g'  \
+        -e 's/\t/\\t/g'  \
+        -e 's/\r/\\r/g'
 }
 
-# Exit immediately if no command is provided.
+# ---------- argument check --------------------------------------------------
+
 if [ "$#" -eq 0 ]; then
-    printf '{"exit_code": 127, "resource_usage": null, "stdout": "", "stderr": "Entrypoint Error: No command provided."}'
+    printf '{"exit_code":127,"resource_usage":null,"stdout":"","stderr":"Entrypoint Error: No command provided."}'
     exit 0
 fi
 
-# Create temporary files for stdout and stderr. Exit if mktemp fails.
+# ---------- temp files & timing --------------------------------------------
+
 set -e
-OUT=$(mktemp)
-ERR=$(mktemp)
+OUT="$(mktemp -t out.XXXXXX)"   || exit 1
+ERR="$(mktemp -t err.XXXXXX)"   || exit 1
 trap 'rm -f "$OUT" "$ERR"' EXIT
 set +e
 
-# Record start time using nanosecond precision (%s for seconds, %N for nanoseconds).
-START_TIME=$(date +%s.%N)
+START_TIME="$(date +%s.%N)"
+
+# ---------- run user command in the background -----------------------------
 
-# This subshell construct is the key. It isolates the user command.
-# A failure inside this subshell will not crash our main script.
 ( "$@" >"$OUT" 2>"$ERR" ) &
 PID=$!
 
+CLK_TCK="$(getconf CLK_TCK 2>/dev/null || printf '100')"
 PEAK_KB=0
 JIFS=0
 
-# Loop while the process directory exists. This is the most reliable check.
-while [ -d "/proc/$PID" ]; do
-    # Silence all errors from grep/cat to prevent log contamination from race conditions.
+# ---------- lightweight sampling loop --------------------------------------
+
+# `kill -0` succeeds while the process is alive but does not send a signal.
+while kill -0 "$PID" 2>/dev/null; do
+    # peak-RSS (VmHWM)
     CUR_KB=$(grep VmHWM "/proc/$PID/status" 2>/dev/null | awk '{print $2}')
     if [ -n "$CUR_KB" ] && [ "$CUR_KB" -gt "$PEAK_KB" ]; then
         PEAK_KB=$CUR_KB
     fi
 
-    # Use awk for arithmetic; it handles empty/malformed input without crashing the shell.
-    CPU_JIFFIES=$(awk '{print $14 + $15}' "/proc/$PID/stat" 2>/dev/null)
+    # user + sys CPU time (jiffies)
+    CPU_JIFFIES=$(awk '{print $14+$15}' "/proc/$PID/stat" 2>/dev/null)
     if [ -n "$CPU_JIFFIES" ]; then
         JIFS=$CPU_JIFFIES
     fi
-    sleep 0.05
+
+    # 5 ms sampling interval
+    sleep 0.005
 done
 
-# This will now work correctly because the parent script is not PID 1.
+# ---------- reap child & compute metrics -----------------------------------
+
 wait "$PID"
 EXIT_CODE=$?
 
-END_TIME=$(date +%s.%N)
-# Calculate elapsed time using floating-point math via awk, formatted to 6 decimal places.
-# The result is stored in ELAPSED_S, which the original JSON block uses.
-ELAPSED_S=$(printf '%s\n' "$END_TIME $START_TIME" | awk '{printf "%.6f", $1 - $2}')
+END_TIME="$(date +%s.%N)"
+ELAPSED_S=$(printf '%s\n' "$END_TIME $START_TIME" | awk '{printf "%.6f",$1-$2}')
 
-# Defensively get clock ticks per second.
-CLK_TCK=$(getconf CLK_TCK 2>/dev/null || printf "100")
+# ---------- emit single-line JSON ------------------------------------------
 
-OUT_JSON=$(cat "$OUT" | json_escape)
-ERR_JSON=$(cat "$ERR" | json_escape)
-
-# Use the most robust printf format possible, passing all variables as arguments.
-# The final output has NO trailing newline. This is critical.
-json=$(cat <<EOF
+printf '%s' "$(cat <<EOF
 {
   "exit_code": ${EXIT_CODE:-1},
   "resource_usage": {
@@ -78,7 +83,4 @@ json=$(cat <<EOF
   "stderr": "$(cat "$ERR" | json_escape)"
 }
 EOF
-)
-
-# final output – no trailing newline!
-printf '%s' "$json"
+)"

backend/app/services/execution_service.py

@@ -53,13 +53,50 @@ async def get_k8s_resource_limits(self) -> Dict[str, Any]:
             "supported_runtimes": self.settings.SUPPORTED_RUNTIMES,
         }
 
-    async def _start_k8s_execution(
+    async def _mark_running_when_scheduled(
             self,
-            execution_id_str: str,
-            script: str,
-            lang: str,
-            lang_version: str
+            pod_name: str,
+            execution_id: str,
+    ) -> None:
+        """
+        Poll the K8s API until the Pod is actually Running, then mark the DB
+        row as RUNNING.  Stops polling after ~3 s to avoid useless work.
+        """
+        try:
+            for _ in range(30):  # 30 × 0.1 s ≈ 3 s
+                pod = await asyncio.to_thread(
+                    self.k8s_service.v1.read_namespaced_pod,
+                    name=pod_name,
+                    namespace=self.k8s_service.NAMESPACE,
+                )
+                if pod.status.phase == "Running":
+                    await self.execution_repo.update_execution(
+                        execution_id,
+                        ExecutionUpdate(status=ExecutionStatus.RUNNING)
+                        .model_dump(exclude_unset=True),
+                    )
+                    return
+                await asyncio.sleep(0.1)
+        except Exception as exc:
+            logger.warning(
+                f"Background poller for {execution_id} stopped "
+                f"before RUNNING phase: {exc}"
+            )
+
+    async def _start_k8s_execution(
+        self,
+        execution_id_str: str,
+        script: str,
+        lang: str,
+        lang_version: str,
     ) -> None:
+        """
+        1. Ask KubernetesService to create the Pod.
+        2. Fire-and-forget a poller that sets status=RUNNING exactly when
+           the Pod becomes Running (not sooner).
+        """
+        pod_name = f"execution-{execution_id_str}"
+
         try:
             runtime_cfg = RUNTIME_REGISTRY[lang][lang_version]
             await self.k8s_service.create_execution_pod(
@@ -69,18 +106,24 @@ async def _start_k8s_execution(
                 config_map_data={runtime_cfg.file_name: script},
             )
 
-            await self.execution_repo.update_execution(
-                execution_id_str,
-                ExecutionUpdate(status=ExecutionStatus.RUNNING).model_dump(exclude_unset=True)
+            # Start background poller ⤵ — we do **not** await it here
+            asyncio.create_task(
+                self._mark_running_when_scheduled(pod_name, execution_id_str)
             )
-            logger.info(f"K8s pod creation requested for execution {execution_id_str}, status set to RUNNING.")
+
+            logger.info(
+                "K8s pod creation requested; waiting for Running phase",
+                extra={"execution_id": execution_id_str},
+            )
+
         except Exception as e:
             error_message = f"Failed to request K8s pod creation: {str(e)}"
             logger.error(error_message, exc_info=True)
             await self.execution_repo.update_execution(
                 execution_id_str,
                 ExecutionUpdate(
-                    status=ExecutionStatus.ERROR, errors=error_message
+                    status=ExecutionStatus.ERROR,
+                    errors=error_message,
                 ).model_dump(exclude_unset=True),
             )
             raise IntegrationException(status_code=500, detail=error_message) from e

backend/app/services/kubernetes_service.py

@@ -186,7 +186,7 @@ async def create_execution_pod(
             )
             await self._create_config_map(config_map_body)
 
-            final_pod_command = ["/bin/sh", "/scripts/entrypoint.sh", *command]
+            final_pod_command = ["/bin/sh", "/entry/entrypoint.sh", *command]
 
             builder = PodManifestBuilder(
                 execution_id=execution_id,

backend/app/services/pod_manifest_builder.py

@@ -30,50 +30,59 @@ def __init__(
 
     def build(self) -> Dict[str, Any]:
         spec: Dict[str, Any] = {
+            "initContainers": [
+                {
+                    "name": "copy-script",
+                    "image": "busybox:1.36",          # tiny & always available
+                    "command": ["/bin/sh", "-c",
+                                "cp /cfg/* /scripts/ && chmod 555 /scripts/*"],
+                    "volumeMounts": [
+                        {"name": "script-config", "mountPath": "/cfg", "readOnly": True},
+                        {"name": "script-volume",  "mountPath": "/scripts"}
+                    ]
+                }
+            ],
             "containers": [
                 {
                     "name": "script-runner",
                     "image": self.image,
                     "imagePullPolicy": "IfNotPresent",
                     "command": self.command,
-                    "args": [],
                     "resources": {
-                        "limits": {"cpu": self.pod_cpu_limit, "memory": self.pod_memory_limit},
-                        "requests": {"cpu": self.pod_cpu_request, "memory": self.pod_memory_request},
+                        "limits":   {"cpu": self.pod_cpu_limit,
+                                     "memory": self.pod_memory_limit},
+                        "requests": {"cpu": self.pod_cpu_request,
+                                     "memory": self.pod_memory_request},
                     },
                     "volumeMounts": [
-                        {"name": "script-volume", "mountPath": "/scripts"},
+                        {"name": "script-volume",   "mountPath": "/scripts", "readOnly": True},
+                        {"name": "entrypoint-vol",  "mountPath": "/entry",   "readOnly": True},
                     ],
+                    "terminationMessagePolicy": "FallbackToLogsOnError",
                 }
             ],
             "volumes": [
-                {
-                    "name": "script-volume",
-                    "configMap": {
-                        "name": self.config_map_name,
-                        "defaultMode": 0o755
-                    }
-                },
+                {"name": "script-volume",   "emptyDir": {}},
+                {"name": "script-config",   "configMap": {"name": self.config_map_name}},
+                {"name": "entrypoint-vol",  "configMap": {"name": self.config_map_name}},
             ],
             "restartPolicy": "Never",
-            "activeDeadlineSeconds": self.pod_execution_timeout + 5,
+            "activeDeadlineSeconds": self.pod_execution_timeout + 1,
         }
 
         if self.priority_class_name:
             spec["priorityClassName"] = self.priority_class_name
 
-        pod_manifest: Dict[str, Any] = {
+        return {
             "apiVersion": "v1",
             "kind": "Pod",
             "metadata": {
                 "name": f"execution-{self.execution_id}",
                 "namespace": self.namespace,
-                "labels": {
-                    "app": "script-execution",
-                    "execution-id": self.execution_id,
-                },
+                "labels": {"app": "script-execution",
+                           "execution-id": self.execution_id},
             },
             "spec": spec,
         }
 
-        return pod_manifest
+