17 lines
1.1 KiB
Markdown
17 lines
1.1 KiB
Markdown
# 007 Startup Sandbox Reconciliation
|
|
|
|
Context
|
|
- Active sandboxes outlive the process because Docker keeps containers running across master-service restarts.
|
|
- The in-memory session repository is rebuilt on each start and otherwise loses running sandbox state.
|
|
|
|
Decision
|
|
- Reconcile sandbox state during app startup before the cleanup loop starts serving requests.
|
|
- Read running Docker containers through sandbox labels `session_id`, `chat_id`, and `expires_at`.
|
|
- Rebuild the in-memory registry from the reconciled sessions and prefer the newest session per `chat_id`.
|
|
- Let the normal cleanup flow handle reconciled sessions that are already expired.
|
|
- Do not stop healthy sandbox containers during service shutdown; shutdown only stops background control-plane work and closes local resources.
|
|
|
|
Consequences
|
|
- A restarted master-service reuses existing sandboxes instead of starting duplicates for the same chat.
|
|
- Startup now depends on Docker state access and should fail fast if runtime state cannot be listed.
|
|
- The reconciliation rule stays local to outer layers and does not leak Docker into usecases.
|