Pulse/cmd/pulse-sensor-proxy
rcourtman 3c707a7368 Fix HTTP mode reliability: add context timeouts to SSH collection
Critical fix for intermittent HTTP endpoint hangs identified by Codex analysis.

## Root Cause
SSH collection via getTemperatureViaSSH() had no timeout, causing HTTP
handlers to block indefinitely when sensors command hung. This held node-level
mutexes and rate limit slots, creating cascading failures where subsequent
requests queued indefinitely.

## Solution
- Thread request context through to SSH execution
- Add exec.CommandContext with 15s timeout (vs 30s HTTP client timeout)
- Create execCommandWithLimitsContext() to wrap SSH commands
- Ensures handlers always release locks and respond within deadline

## Impact
- HTTP temps endpoint now responds in ~70ms consistently
- Temperature data successfully collected and displayed in Pulse
- Eliminates 'context deadline exceeded' errors
- Prevents node gate deadlocks from slow/stuck SSH sessions

Related to Codex session 019a7e99-00fc-7903-afa3-01100baf47c6
2025-11-13 19:09:50 +00:00
..
audit.go Add HTTP mode to pulse-sensor-proxy for multi-instance temperature monitoring 2025-11-13 16:13:53 +00:00
audit_test.go Make pulse-sensor-proxy resilient to read-only filesystems 2025-11-06 00:18:51 +00:00
auth.go feat(security): Implement range-based rate limiting 2025-11-07 17:08:45 +00:00
auth_test.go feat(security): Implement GID authorization enforcement 2025-11-07 17:09:16 +00:00
capabilities.go feat(security): Add capability-based authorization 2025-11-07 17:09:32 +00:00
cleanup.go feat: add comprehensive node cleanup system 2025-10-17 18:53:45 +00:00
config.example.yaml feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00
config.go Add HTTP mode to pulse-sensor-proxy for multi-instance temperature monitoring 2025-11-13 16:13:53 +00:00
http_server.go Fix HTTP mode reliability: add context timeouts to SSH collection 2025-11-13 19:09:50 +00:00
main.go Fix HTTP mode reliability: add context timeouts to SSH collection 2025-11-13 19:09:50 +00:00
main_test.go feat(security): Add capability-based authorization 2025-11-07 17:09:32 +00:00
metrics.go feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00
ssh.go Fix HTTP mode reliability: add context timeouts to SSH collection 2025-11-13 19:09:50 +00:00
ssh_test.go Add critical safety guards to temperature proxy installation 2025-11-13 10:26:46 +00:00
throttle.go Increase rate limiting for startup bursts 2025-11-13 15:42:26 +00:00
throttle_test.go feat(security): Implement range-based rate limiting 2025-11-07 17:08:45 +00:00
validation.go Fix security regression: use localhost-only fallback instead of permissive mode 2025-11-13 14:15:51 +00:00
validation_fuzz_test.go security: complete Phase 1 sensor proxy hardening 2025-10-20 15:13:37 +00:00
validation_test.go Improve sensor proxy cluster validation (Related to #703) 2025-11-12 19:17:45 +00:00