CM-64735 - Reduce ai-guardrails scan latency#472
Merged
Conversation
omerr-cycode
approved these changes
Jun 8, 2026
Cluster of CLI changes that take a 0-detection ai-guardrails scan from
~5.5s to ~1.55s measured via the packaged onedir with warm tokens:
- Reuse a process-wide requests.Session so TCP+TLS handshakes amortize
across the multiple API calls per scan (was one-shot per request on
macOS/Linux, paying ~300-450ms of handshake on each call).
- Argv-peek lazy subapp registration: import only the invoked subapp
at startup instead of the full set, skipping ~300ms of unrelated
imports on hot paths.
- Skip get_detection_rules when the scan returned zero detections (the
common case for ai-guardrails hooks).
- Skip POST /cli-scan/{id}/status on sync flows where the /sync response
already returned the full result inline.
- Share access tokens across CycodeClientBase instances by re-reading
the on-disk cache before doing the HTTP refresh, so the ai-security
client doesn't duplicate work the scan client just did.
- Skip version-checker on the ai-guardrails scan hot path (it emits
JSON to stdout — an upgrade notice would corrupt the response, plus
the PyPI round-trip is a ~500ms cache-miss cost).
- Send cli_start_time in /sync so the server can compute honest
end-to-end execution_time independent of CLI-side wall clock.
- Add coverage for the argv-peek invariant: root options that take a
value must be registered so argv-peek skips past their values.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Ilanlido
force-pushed
the
CM-64735-ai-guardrails-scan-perf
branch
from
162847e to
c2c0811
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cluster of CLI changes that take a 0-detection ai-guardrails scan from ~5.5s to ~1.55s measured via the packaged onedir with warm tokens: