Skip to content

fix: standardize dax benchmark resources to 8 vCPU / 16 GiB#196

Open
HeyGarrison wants to merge 10 commits into
masterfrom
fix/dax-standardize-resources
Open

fix: standardize dax benchmark resources to 8 vCPU / 16 GiB#196
HeyGarrison wants to merge 10 commits into
masterfrom
fix/dax-standardize-resources

Conversation

@HeyGarrison

Copy link
Copy Markdown
Collaborator

Standardizes sandbox sizing across providers for fair comparison. Previously Modal was bursting to 17 vCPUs while Tensorlake had 1 vCPU, making results incomparable.

Sized providers (8 vCPU / 16 GiB)

Provider CPU param Memory param
E2B cpuCount=8 memoryMB=16384
Modal cpu=4 (4 physical = 8 vCPUs) memoryMiB=16384
Tensorlake cpus=8 memoryMb=16384
isorun vcpus=8 memMiB=16384
runloop customCpuCores=8 customMemoryGb=16
daytona resources.cpu=8 resources.memory=16 (GiB)
upstash size=large (8 cores, 16 GB preset) -
vercel resources.vcpus=8 no memory control
blaxel memory=16384 (CPU derived: 16384/2048=8) -

Providers without CPU/memory control (use defaults)

archil, cloudflare, northflank, beam, declaw, hopx, codesandbox

Each provider gets 8 vCPUs and 16 GiB RAM for fair comparison:
- E2B: cpuCount=8, memoryMB=16384
- Modal: cpu=4 (4 physical = 8 vCPUs), memoryMiB=16384
- Tensorlake: cpus=8, memoryMb=16384
- isorun: vcpus=8, memMiB=16384
- runloop: customCpuCores=8, customMemoryGb=16
- daytona: resources.cpu=8, resources.memory=16 (GiB)
- upstash: size=large (8 cores, 16 GB)
- vercel: resources.vcpus=8 (no memory control)
- blaxel: memory=16384 (CPU derived: 16384/2048=8 cores)

Providers without CPU/memory control (archil, cloudflare, northflank,
beam, declaw, hopx, codesandbox) use their defaults.
@open-cla

open-cla Bot commented Jul 17, 2026

Copy link
Copy Markdown

Contributor License Agreement

All contributors are covered by a CLA.

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Sandbox Benchmark Results

Sequential

# Provider Score Median TTI P95 P99 Status
1 isorun 99.7 0.02s 0.05s 0.05s 10/10
2 declaw 99.3 0.05s 0.09s 0.09s 10/10
3 archil 98.4 0.14s 0.19s 0.19s 10/10
4 northflank 98.3 0.08s 0.29s 0.29s 10/10
5 blaxel 97.7 0.20s 0.27s 0.27s 10/10
6 lightning 97.7 0.21s 0.27s 0.27s 10/10
7 upstash 97.0 0.27s 0.36s 0.36s 10/10
8 createos 96.2 0.28s 0.53s 0.53s 10/10
9 vercel 95.6 0.34s 0.59s 0.59s 10/10
10 superserve 94.9 0.40s 0.68s 0.68s 10/10
11 modal 94.3 0.47s 0.72s 0.72s 10/10
12 runloop 94.0 0.50s 0.75s 0.75s 10/10
13 cloud-run 93.2 0.49s 0.95s 0.95s 10/10
14 tensorlake 92.4 0.66s 0.91s 0.91s 10/10
15 e2b 90.1 0.91s 1.12s 1.12s 10/10
16 beam 87.6 0.39s 2.50s 2.50s 10/10
17 cloudflare 76.0 1.98s 3.02s 3.02s 10/10
18 codesandbox 74.7 2.44s 2.66s 2.66s 10/10
19 daytona 54.0 1.00s 41.77s 41.77s 10/10
20 hopx 35.4 5.87s 7.34s 7.34s 10/10

Staggered

# Provider Score Median TTI P95 P99 Status
1 isorun 99.8 0.01s 0.03s 0.03s 10/10
2 northflank 99.2 0.07s 0.09s 0.09s 10/10
3 declaw 99.2 0.06s 0.13s 0.13s 10/10
4 archil 98.5 0.12s 0.18s 0.18s 10/10
5 blaxel 97.7 0.21s 0.27s 0.27s 10/10
6 createos 97.5 0.24s 0.26s 0.26s 10/10
7 lightning 97.3 0.19s 0.37s 0.37s 10/10
8 beam 96.1 0.39s 0.40s 0.40s 10/10
9 upstash 95.8 0.28s 0.62s 0.62s 10/10
10 vercel 95.8 0.34s 0.54s 0.54s 10/10
11 superserve 95.2 0.43s 0.55s 0.55s 10/10
12 runloop 94.6 0.47s 0.63s 0.63s 10/10
13 modal 94.4 0.48s 0.67s 0.67s 10/10
14 tensorlake 93.7 0.58s 0.71s 0.71s 10/10
15 cloud-run 93.3 0.51s 0.92s 0.92s 10/10
16 e2b 90.6 0.85s 1.07s 1.07s 10/10
17 cloudflare 76.8 1.58s 3.44s 3.44s 10/10
18 codesandbox 71.8 2.53s 3.25s 3.25s 10/10
19 daytona 55.0 0.83s 41.57s 41.57s 10/10
20 hopx 1.7 9.71s 11.39s 11.39s 10/10

Burst

# Provider Score Median TTI P95 P99 Status
1 isorun 99.8 0.02s 0.02s 0.02s 10/10
2 northflank 98.9 0.10s 0.12s 0.12s 10/10
3 declaw 98.4 0.12s 0.21s 0.21s 10/10
4 archil 98.4 0.14s 0.20s 0.20s 10/10
5 lightning 97.8 0.20s 0.26s 0.26s 10/10
6 blaxel 97.6 0.22s 0.27s 0.27s 10/10
7 createos 97.1 0.29s 0.31s 0.31s 10/10
8 beam 96.6 0.34s 0.35s 0.35s 10/10
9 vercel 96.1 0.36s 0.45s 0.45s 10/10
10 superserve 95.4 0.42s 0.52s 0.52s 10/10
11 cloud-run 94.7 0.50s 0.58s 0.58s 10/10
12 modal 94.5 0.53s 0.58s 0.58s 10/10
13 runloop 94.4 0.53s 0.60s 0.60s 10/10
14 tensorlake 93.4 0.64s 0.69s 0.69s 10/10
15 e2b 90.4 0.87s 1.10s 1.10s 10/10
16 upstash 86.4 0.34s 0.48s 0.48s 9/10
17 codesandbox 66.3 3.05s 3.84s 3.84s 10/10
18 daytona 55.0 0.83s 41.62s 41.62s 10/10
19 cloudflare 52.8 3.40s 6.68s 6.68s 10/10
20 hopx 0.0 10.06s 10.54s 10.54s 10/10

View full run · SVGs available as build artifacts

@github-actions

github-actions Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Sandbox Dax Benchmark Results

Provider Phases Total Prepare Clone Install Typecheck Status
archil -- 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
beam 7/7 264.43s 22.94s 2.09s 10.03s 13.92s 1/1 OK
blaxel 0/7 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
cloud-run 0/7 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
cloudflare 0/7 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
codesandbox 0/7 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
createos 0/7 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
daytona -- 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
declaw -- 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
e2b 7/7 81.90s 14.03s 3.30s 17.06s 39.11s 1/1 OK
hopx -- 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
isorun -- 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
lightning -- 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
modal 7/7 105.52s 7.08s 2.58s 20.82s 67.59s 1/1 OK
namespace 7/7 29.36s 3.21s 1.27s 7.16s 13.99s 1/1 OK
northflank -- 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
runloop 7/7 84.83s 23.14s 2.73s 18.76s 35.27s 1/1 OK
superserve -- 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK
tensorlake 7/7 86.37s 15.00s 1.93s 19.33s 44.22s 1/1 OK
upstash 6/7 284.07s 6.44s 1.85s 19.03s 246.51s 0/1 OK
vercel 0/7 0.00s 0.00s 0.00s 0.00s 0.00s 0/1 OK

View full run

… time

E2B's Sandbox.create() accepts SandboxOpts which does not include
cpuCount/memoryMB. Those are template build options only.
@shivam-declaw

Copy link
Copy Markdown

For declaw, the cpu, memory and disk are property of the template, you can create a custom template with the required size or we can have a node-large template with above spec

HeyGarrison and others added 5 commits July 18, 2026 01:56
- Fix runloop: nest resource params in launch_parameters with snake_case
- Add beam: cpu=8, memory=16384 MiB
- Add codesandbox: vmTier=VMTier.Small (8 CPU / 16 GiB)
- Add northflank: deploymentPlan resolved via API at runtime
- Add E2B template build prereq (base-8cpu-16gb with 8 vCPU / 16 GiB)
- Add Northflank plan discovery prereq script
- Add scripts/provider-benchmark.sh: vendored from upstream with dnf
  support (RHEL/Fedora) alongside apt-get (Debian/Ubuntu) and aarch64
  architecture detection for Node.js and Bun downloads
- Update dax.ts to load script from local filesystem instead of curl,
  eliminating curl dependency for providers that don't ship it
Adds declaw to DAX_RESOURCE_OPTIONS so it targets the same 8 vCPU / 16 GiB profile as the other providers in the map. The node-large template provisions 8 vCPU / 16 GiB RAM with an 8 GiB disk overlay.

Co-authored-by: shivam-declaw <272314190+shivam-declaw@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Comment thread scripts/find-northflank-plan.ts
Comment thread scripts/find-northflank-plan.ts
@superagent-security superagent-security Bot added the pr:flagged PR flagged for review by security analysis. label Jul 18, 2026
…ce node image

- Fix BUN_INTERNAL_PATH: remove .zip extension from zip-internal path
  (was bun-linux-x64-baseline.zip/bun, should be bun-linux-x64-baseline/bun)
- Northflank: robust API response parsing, graceful fallback to nf-compute-50,
  sanitize plan ID before writing to GITHUB_ENV
- Daytona: remove from DAX_RESOURCE_OPTIONS (resources not supported with
  snapshot-based sandbox creation)
- Namespace: add sandboxOptions image node:22 (dax benchmark requires node)
@superagent-security superagent-security Bot removed the pr:flagged PR flagged for review by security analysis. label Jul 18, 2026
- Northflank: pick smallest suitable plan instead of closest to reduce
  chance of exceeding project resource allowance
- E2B: workaround for 60s command timeout by setting
  defaultProcessConnectionTimeout=0 via getInstance() while waiting
  for upstream wrapper fix to forward timeoutMs
Add image: 'node:22' to daytona sandboxOptions to switch from
snapshot-based to image-based creation, which allows specifying
resources. Re-add daytona to DAX_RESOURCE_OPTIONS with 8 vCPU / 16 GiB.

@superagent-security superagent-security Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Superagent found 1 security concern(s).

Comment thread scripts/dax-benchmark.sh
if [[ "$(node --version 2>/dev/null || true)" != "v${NODE_VERSION}" ]]; then
local archive="node-v${NODE_VERSION}-${NODE_ARCH}.tar.xz"
local prefix="/opt/node-v${NODE_VERSION}-${NODE_ARCH}"
curl -fsSL "https://nodejs.org/download/release/v${NODE_VERSION}/${archive}" -o "/tmp/${archive}"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Benchmark script downloads and executes binaries without checksum verification

Downloads Node.js and Bun archives without verifying checksums or signatures before execution.

Verify SHA256 checksums of downloaded archives against official manifests before extraction.

AI prompt
Check if this security scanner issue is valid. If so, understand the root cause and fix it. If appropriate, update or add tests. Keep the change focused and preserve intended behavior.

<file name="scripts/dax-benchmark.sh">
<violation number="1" location="scripts/dax-benchmark.sh:133">
<priority>P2</priority>
<title>Benchmark script downloads and executes binaries without checksum verification</title>
<evidence>The script uses curl to download Node.js and Bun release archives and then directly extracts and executes them without verifying SHA256 checksums, signatures, or release manifests.</evidence>
<recommendation>Add checksum verification for downloaded Node.js and Bun archives before extraction. For Node.js, verify against the official SHASUMS256.txt file; for Bun, use the published checksum files or hardcode known-good checksums for each supported version.</recommendation>
</violation>
</file>

@superagent-security superagent-security Bot added the pr:flagged PR flagged for review by security analysis. label Jul 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pr:flagged PR flagged for review by security analysis.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants