feat(fs-http): timeout option with 30000ms default (Doctrine #8 library-author extension)#60
Merged
jasperboerhof merged 5 commits intomainfrom May 1, 2026
Merged
Conversation
…ibrary-author extension) Closes 3-spy convergent finding 2026-04-30 on fs-http timeout surface absence. Default 30000ms applies when unset; override via options.timeout or per-call AxiosRequestConfig. Pass timeout: 0 to disable (consumer accepts Doctrine #8). Bumps fs-http to 0.2.0 (minor — observable behavior change on previously-unset timeouts). Refs: campaigns/fs-packages/2026-04-30-multi-spy-refresh-wave.md
Completes the fs-http 0.1.3 → 0.2.0 bump from 8f764bd. Both consumer packages declared `"@script-development/fs-http": "^0.1.0"` in dev + peer deps; pre-1.0 caret only matches same-minor, so 0.2.0 fell outside the workspace constraint and npm pulled published 0.1.3 into nested node_modules. Result: `npm ci` could pass while adapter-store and loading were silently testing against the old fs-http. Widens both ranges to `^0.1.0 || ^0.2.0` (peer-range widening is monotonically backward-compatible). Bumps adapter-store 0.1.4 → 0.1.5 and loading 0.1.0 → 0.1.1 for observable metadata change. Lock now resolves all three fs-http references to the workspace copy at 0.2.0; nested registry copies removed. Verified locally: build / typecheck / format / lint / lint:pkg / coverage (430/430) all green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Deploying fs-packages with
|
| Latest commit: |
e7bf591
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://2aecf2ce.fs-packages.pages.dev |
| Branch Preview URL: | https://armorer-fs-http-timeout-surf.fs-packages.pages.dev |
This was referenced Apr 30, 2026
jasperboerhof
previously approved these changes
Apr 30, 2026
Contributor
jasperboerhof
left a comment
jasperboerhof
left a comment
There was a problem hiding this comment.
@Goosterhof nog ff merge conflicts oplossen :)
jasperboerhof
approved these changes
May 1, 2026
Goosterhof
added a commit
that referenced
this pull request
May 4, 2026
Closes #59. fs-http should be HTTP transport, not browser download UX. The previous downloadRequest/previewRequest methods constructed Blobs, created `<a>` elements, dispatched clicks, and managed object URL lifecycles — coupling that bled into every consumer's tests as fragile global stubs (vi.stubGlobal of `Blob`/`document`/`window.URL`), exposed to vitest 4's class-mock requirement and oxfmt's arrow-function collapse. Three territories independently rediscovered the mitigation. Reshape both methods to pure transport: `(endpoint, options?) → Promise<AxiosResponse<Blob>>`. The DOM-side download dance moves to `@script-development/fs-helpers` ≥ 0.1.2 as `triggerDownload(blob, filename)`. Object-URL lifecycle for previews is now the consumer's concern (one `URL.createObjectURL` line, plus revocation on cleanup). BREAKING CHANGES (fs-http 0.2.0 → 0.3.0): - downloadRequest(endpoint, documentName, type?) → AxiosResponse becomes downloadRequest(endpoint, options?) → AxiosResponse<Blob>. - previewRequest(endpoint) → string (object URL) becomes previewRequest(endpoint, options?) → AxiosResponse<Blob>. - Removed HEADERS_TO_TYPE map (one-entry OOXML lookup, did not earn its place in transport-layer code; consumers can supply their own if needed). Cascade workspace bumps to keep the lock coherent: - fs-helpers 0.1.1 → 0.1.2 (additive: triggerDownload export + happy-dom devDep). - fs-adapter-store 0.1.5 → 0.1.6 (peer range widened to include ^0.3.0 — not a behavior change; doesn't depend on download/preview). - fs-loading 0.1.1 → 0.1.2 (same widening; same rationale). Out of scope (separate dispositions): - streamRequest's `document.cookie` XSRF read remains. It's the only remaining DOM touch in fs-http; cleanup would require either a required `xsrfHeader` option or a cookie-reader middleware shipped alongside, both bigger migrations than #59 covers. - Consumer territory upgrades. Land this PR after #60, then run a post-publish migration campaign across kendo, ublgenie, emmie, entreezuil, and BIO (5 download/preview call sites in production code; ~50 in test mocks). Verified locally: - 19 test files / 430 tests pass (was 18/430; +2 fs-helpers, -2 net fs-http after dropping obsolete DOM-orchestration tests). - 100% coverage maintained on fs-http and fs-helpers. - mutation: fs-http 97.30% (up from 95.74%; less surface to mutate), fs-helpers 100% (including the new dom-download.ts). - All 8 CI gates locally green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Goosterhof
added a commit
that referenced
this pull request
May 4, 2026
Closes #59. fs-http should be HTTP transport, not browser download UX. The previous downloadRequest/previewRequest methods constructed Blobs, created `<a>` elements, dispatched clicks, and managed object URL lifecycles — coupling that bled into every consumer's tests as fragile global stubs (vi.stubGlobal of `Blob`/`document`/`window.URL`), exposed to vitest 4's class-mock requirement and oxfmt's arrow-function collapse. Three territories independently rediscovered the mitigation. Reshape both methods to pure transport: `(endpoint, options?) → Promise<AxiosResponse<Blob>>`. The DOM-side download dance moves to `@script-development/fs-helpers` ≥ 0.1.2 as `triggerDownload(blob, filename)`. Object-URL lifecycle for previews is now the consumer's concern (one `URL.createObjectURL` line, plus revocation on cleanup). BREAKING CHANGES (fs-http 0.2.0 → 0.3.0): - downloadRequest(endpoint, documentName, type?) → AxiosResponse becomes downloadRequest(endpoint, options?) → AxiosResponse<Blob>. - previewRequest(endpoint) → string (object URL) becomes previewRequest(endpoint, options?) → AxiosResponse<Blob>. - Removed HEADERS_TO_TYPE map (one-entry OOXML lookup, did not earn its place in transport-layer code; consumers can supply their own if needed). Cascade workspace bumps to keep the lock coherent: - fs-helpers 0.1.1 → 0.1.2 (additive: triggerDownload export + happy-dom devDep). - fs-adapter-store 0.1.5 → 0.1.6 (peer range widened to include ^0.3.0 — not a behavior change; doesn't depend on download/preview). - fs-loading 0.1.1 → 0.1.2 (same widening; same rationale). Out of scope (separate dispositions): - streamRequest's `document.cookie` XSRF read remains. It's the only remaining DOM touch in fs-http; cleanup would require either a required `xsrfHeader` option or a cookie-reader middleware shipped alongside, both bigger migrations than #59 covers. - Consumer territory upgrades. Land this PR after #60, then run a post-publish migration campaign across kendo, ublgenie, emmie, entreezuil, and BIO (5 download/preview call sites in production code; ~50 in test mocks). Verified locally: - 19 test files / 430 tests pass (was 18/430; +2 fs-helpers, -2 net fs-http after dropping obsolete DOM-orchestration tests). - 100% coverage maintained on fs-http and fs-helpers. - mutation: fs-http 97.30% (up from 95.74%; less surface to mutate), fs-helpers 100% (including the new dom-download.ts). - All 8 CI gates locally green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Equips
@script-development/fs-httpwith a compliant timeout surface per the war-room Doctrine #8 library-author extension (CLAUDE.md, 2026-04-22). Closes the 3-spy convergent finding 2026-04-30 (Quartermaster M3 F-1 / Sapper M2 M3 / Liaison M2) that fs-http exposes no timeout option, allowing axios's no-timeout default to silently propagate to all 5 consumer territories (0 of 26 import sites configureAxiosRequestConfig.timeout).timeout?: numbertoHttpServiceOptions. Default 30000ms (30s) applies when unset.createHttpService(url, {timeout: 5_000}). Per-call override remains via existingAxiosRequestConfig.timeoutparameter on each method.timeout: 0to disable (consumer explicitly accepts Doctrine feat: add @script-development/fs-adapter-store package #8 responsibility, e.g. AI streaming endpoints with their own timeout discipline).DEFAULT_TIMEOUT_MSconstant from the package barrel for consumer reference.Consumer-package coordination (2026-04-30)
The 0.1.3 → 0.2.0 bump crosses the pre-1.0 minor boundary. Two intra-workspace consumers had
"@script-development/fs-http": "^0.1.0"declared in dev + peer deps, which doesn't satisfy 0.2.0:packages/adapter-store/package.json— bumped 0.1.4 → 0.1.5, peer range widened to^0.1.0 || ^0.2.0.packages/loading/package.json— bumped 0.1.0 → 0.1.1, peer range widened to^0.1.0 || ^0.2.0.Without this widening,
npm ciwould still pass but the workspace would be silently incoherent: npm would pull publishedfs-http@0.1.3into nestednode_modules/for adapter-store and loading, so those packages would test/build against the old fs-http while the workspacefs-httpwas at 0.2.0. The widening keeps all three fs-http references resolving to the workspace copy.Doctrine reference
CLAUDE.md, Architectural Principle #8 (library-author extension, 2026-04-22):
Commander disposition (2026-04-30): default with options-param override — lowest-friction option that brings 5 consumer territories into doctrine compliance immediately.
Mutation discipline
The
??→||operator-swap mutation onoptions?.timeout ?? DEFAULT_TIMEOUT_MSis killed by the explicittimeout: 0test (a0left of??is honored, but a0left of||would coerce back to the default). fs-http mutation score after change: 95.74% (90 killed, 4 pre-existing survivors unrelated to timeout).CI gates
All 8 gates green locally:
Out of scope
AxiosRequestConfig.timeoutalready works through existing method signatures.Test plan
defaults.timeout === 30000{timeout: 5_000}→defaults.timeout === 5000{timeout: 0}→defaults.timeout === 0(no coercion to default — kills??→||mutation)Refs
campaigns/fs-packages/2026-04-30-multi-spy-refresh-wave.mdreports/fs-packages/field/2026-04-30-{quartermaster-m3,sapper-m2,liaison-m2}-staleness-refresh.mdorders/fs-packages/fs-http-timeout-surface-armorer-deployment.mdArchitectural Principlesfeat: add @script-development/fs-adapter-store package #8 (library-author extension, 2026-04-22)