🤖 Add timeout requirement to SSHRuntime.execSSHCommand()

- Add timeoutMs parameter to execSSHCommand() to prevent network hangs
- Implement timeout with clearTimeout cleanup on success/error
- Update resolvePath() to use 5 second timeout (should be near-instant)
- Add class-level comment documenting timeout requirement for all SSH operations
- Timeouts should be either set literally or forwarded from upstream

This prevents indefinite hangs on network issues, dropped connections, or
unresponsive SSH servers.

Generated with `cmux`

Author: ammar-agent

src/runtime/SSHRuntime.ts

@@ -53,6 +53,10 @@ export interface SSHRuntimeConfig {
  * - Supports SSH config aliases, ProxyJump, ControlMaster, etc.
  * - No password prompts (assumes key-based auth or ssh-agent)
  * - Atomic file writes via temp + rename
+ *
+ * IMPORTANT: All SSH operations MUST include a timeout to prevent hangs from network issues.
+ * Timeouts should be either set literally for internal operations or forwarded from upstream
+ * for user-initiated operations.
  */
 export class SSHRuntime implements Runtime {
   private readonly config: SSHRuntimeConfig;
@@ -322,21 +326,34 @@ export class SSHRuntime implements Runtime {
     // Uses bash to expand ~ and readlink -m to normalize without checking existence
     // readlink -m canonicalizes the path (handles .., ., //) without requiring it to exist
     const command = `bash -c 'readlink -m ${shescape.quote(filePath)}'`;
-    return this.execSSHCommand(command);
+    // Use 5 second timeout for path resolution (should be near-instant)
+    return this.execSSHCommand(command, 5000);
   }
 
   /**
    * Execute a simple SSH command and return stdout
+   * @param command - The command to execute on the remote host
+   * @param timeoutMs - Timeout in milliseconds (required to prevent network hangs)
    * @private
    */
-  private async execSSHCommand(command: string): Promise<string> {
+  private async execSSHCommand(command: string, timeoutMs: number): Promise<string> {
     const sshArgs = this.buildSSHArgs();
     sshArgs.push(this.config.host, command);
 
     return new Promise((resolve, reject) => {
       const proc = spawn("ssh", sshArgs);
       let stdout = "";
       let stderr = "";
+      let timedOut = false;
+
+      // Set timeout to prevent hanging on network issues
+      const timer = setTimeout(() => {
+        timedOut = true;
+        proc.kill();
+        reject(
+          new RuntimeErrorClass(`SSH command timed out after ${timeoutMs}ms: ${command}`, "network")
+        );
+      }, timeoutMs);
 
       proc.stdout?.on("data", (data: Buffer) => {
         stdout += data.toString();
@@ -347,6 +364,9 @@ export class SSHRuntime implements Runtime {
       });
 
       proc.on("close", (code) => {
+        clearTimeout(timer);
+        if (timedOut) return; // Already rejected
+
         if (code !== 0) {
           reject(new RuntimeErrorClass(`SSH command failed: ${stderr.trim()}`, "network"));
           return;
@@ -357,6 +377,9 @@ export class SSHRuntime implements Runtime {
       });
 
       proc.on("error", (err) => {
+        clearTimeout(timer);
+        if (timedOut) return; // Already rejected
+
         reject(
           new RuntimeErrorClass(
             `Cannot execute SSH command: ${getErrorMessage(err)}`,