v0.1.4 (#38)

Reviewed-on: wrenn/wrenn#38 Co-authored-by: pptx704 <rafeed@omukk.dev> Co-committed-by: pptx704 <rafeed@omukk.dev>
2026-05-01 09:01:08 +00:00
parent 52ad21c339
commit 4fcc19e91f
23 changed files with 437 additions and 117 deletions
--- a/internal/envdclient/client.go
+++ b/internal/envdclient/client.go
@ -48,6 +48,13 @@ func (c *Client) BaseURL() string {
 	return c.base
 }

+// HTTPClient returns the underlying http.Client used for envd requests.
+// Use this instead of http.DefaultClient when making direct HTTP calls to envd
+// (e.g. file streaming) to avoid sharing the global transport with proxy traffic.
+func (c *Client) HTTPClient() *http.Client {
+	return c.httpClient
+}
+
 // ExecResult holds the output of a command execution.
 type ExecResult struct {
 	Stdout   []byte
@ -142,7 +149,7 @@ func (c *Client) ExecStream(ctx context.Context, cmd string, args ...string) (<-
 		return nil, fmt.Errorf("start process: %w", err)
 	}

-	ch := make(chan ExecStreamEvent, 16)
+	ch := make(chan ExecStreamEvent, 256)
 	go func() {
 		defer close(ch)
 		defer stream.Close()
--- a/internal/envdclient/dialer.go
+++ b/internal/envdclient/dialer.go
@ -2,7 +2,9 @@ package envdclient

 import (
 	"fmt"
+	"net"
 	"net/http"
+	"time"
 )

 // envdPort is the default port envd listens on inside the guest.
@ -13,9 +15,19 @@ func baseURL(hostIP string) string {
 	return fmt.Sprintf("http://%s:%d", hostIP, envdPort)
 }

-// newHTTPClient returns an http.Client suitable for talking to envd.
-// No special transport is needed — envd is reachable via the host IP
-// through the veth/TAP network path.
+// newHTTPClient returns an http.Client with a dedicated transport for talking
+// to envd. The transport is intentionally separate from http.DefaultTransport
+// so that proxy traffic to user services inside the sandbox cannot interfere
+// with envd RPC connections (PTY streams, exec, file ops).
 func newHTTPClient() *http.Client {
-	return &http.Client{}
+	return &http.Client{
+		Transport: &http.Transport{
+			MaxIdleConnsPerHost: 10,
+			IdleConnTimeout:     90 * time.Second,
+			DialContext: (&net.Dialer{
+				Timeout:   10 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+		},
+	}
 }
--- a/internal/envdclient/pty.go
+++ b/internal/envdclient/pty.go
@ -162,7 +162,7 @@ type eventProvider interface {
 // drainPtyStream reads events from either a Start or Connect stream and maps
 // them into PtyEvent values on a channel.
 func drainPtyStream(ctx context.Context, stream eventProvider, expectStart bool) <-chan PtyEvent {
-	ch := make(chan PtyEvent, 16)
+	ch := make(chan PtyEvent, 256)
 	go func() {
 		defer close(ch)
 		defer stream.Close()