Skip to content

[codex] Configure server timeouts#223

Open
pq198363-ops wants to merge 1 commit into
Agentpay-Org:mainfrom
pq198363-ops:bounty-95-server-timeouts
Open

[codex] Configure server timeouts#223
pq198363-ops wants to merge 1 commit into
Agentpay-Org:mainfrom
pq198363-ops:bounty-95-server-timeouts

Conversation

@pq198363-ops

Copy link
Copy Markdown

Closes #95

Summary

  • Configure HTTP request, headers, keep-alive, and inactive socket timeouts on the Node server.
  • Add positive-integer environment overrides with safe fallback defaults.
  • Document timeout controls and the header/keep-alive invariant.

Threat model

Slow or incomplete clients should not be able to hold request or socket resources indefinitely. Invalid, zero, negative, or decimal environment overrides fall back to safe defaults rather than disabling protection.

RED/GREEN evidence

  • RED: npm run build failed before implementation because configureServerTimeouts and DEFAULT_SERVER_TIMEOUTS were missing exports.
  • GREEN: focused timeout tests pass after implementation.

Verification

  • npm run build passed.
  • $env:NODE_ENV='test'; node --test dist/server-timeouts.test.js passed 4 tests.
  • npx prettier --check README.md src/index.ts src/server-timeouts.test.ts passed.
  • npm run lint passed.
  • Cleaned dist/, rebuilt with npm run build, then $env:NODE_ENV='test'; node --test dist/*.test.js dist/**/*.test.js passed 93 tests across 11 suites.
  • git diff --cached --check passed before commit.

Note: npm test uses POSIX-style NODE_ENV=test, so on Windows PowerShell I used the equivalent $env:NODE_ENV='test'; node --test ... commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add HTTP server timeouts to defend against slow-loris and hung connections

1 participant