AI Agent Skill HUB

check-timeout-strategy

Audits timeout configuration across HTTP clients, database connections, queue consumers, cache operations, and external service calls. Detects missing or misconfigured timeouts.

59 stars
bydykyi-roman
View on GitHubInstallation ↓

Best use case

check-timeout-strategy is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Audits timeout configuration across HTTP clients, database connections, queue consumers, cache operations, and external service calls. Detects missing or misconfigured timeouts.

Teams using check-timeout-strategy should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/check-timeout-strategy/SKILL.md --create-dirs "https://raw.githubusercontent.com/dykyi-roman/awesome-claude-code/main/skills/check-timeout-strategy/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/check-timeout-strategy/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How check-timeout-strategy Compares

Feature / Agentcheck-timeout-strategyStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Audits timeout configuration across HTTP clients, database connections, queue consumers, cache operations, and external service calls. Detects missing or misconfigured timeouts.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Timeout Strategy Audit

Analyze PHP code for missing or misconfigured timeout strategies across all I/O boundaries.

## Detection Patterns

### 1. HTTP Client Without Timeout

```php
// CRITICAL: No timeout configured
$client = new GuzzleHttp\Client();
$response = $client->get('https://api.external.com/data');

// CRITICAL: Infinite timeout
$client = new GuzzleHttp\Client(['timeout' => 0]);

// CORRECT: Explicit timeouts
$client = new GuzzleHttp\Client([
    'connect_timeout' => 5,
    'timeout' => 30,
    'read_timeout' => 10,
]);
```

### 2. Database Connection Without Timeout

```php
// CRITICAL: No connection timeout
$pdo = new PDO($dsn, $user, $password);

// CRITICAL: No query timeout
$stmt = $pdo->prepare('SELECT * FROM large_table WHERE complex_condition');
$stmt->execute();

// CORRECT: With timeouts
$pdo = new PDO($dsn, $user, $password, [
    PDO::ATTR_TIMEOUT => 5,
    PDO::MYSQL_ATTR_READ_TIMEOUT => 30,
]);

// Doctrine: query timeout
$connection->executeStatement('SET SESSION wait_timeout = 30');
```

### 3. Queue Consumer Without Timeout

```php
// CRITICAL: Blocking forever
$message = $queue->consume(); // No timeout — blocks indefinitely

// CRITICAL: No processing timeout
while ($message = $queue->get()) {
    $this->handler->handle($message); // Could run forever
}

// CORRECT: With timeouts
$message = $queue->consume(timeout: 30);

// Processing timeout
$signal = pcntl_alarm(60); // 60-second processing limit
$this->handler->handle($message);
pcntl_alarm(0); // Cancel alarm
```

### 4. Cache Operations Without Timeout

```php
// CRITICAL: Redis without timeout
$redis = new Redis();
$redis->connect('redis-host', 6379); // No timeout

// CRITICAL: Blocking wait
$value = $redis->blPop('queue', 0); // Block forever

// CORRECT: With timeouts
$redis->connect('redis-host', 6379, 2.5); // 2.5s connect timeout
$redis->setOption(Redis::OPT_READ_TIMEOUT, 5);
$value = $redis->blPop('queue', 30); // 30s max block
```

### 5. External API Without Timeout

```php
// CRITICAL: file_get_contents without timeout
$data = file_get_contents('https://api.example.com/data');

// CRITICAL: curl without CURLOPT_TIMEOUT
$ch = curl_init('https://api.example.com/data');
curl_exec($ch);

// CORRECT: With stream context timeout
$context = stream_context_create([
    'http' => ['timeout' => 10],
]);
$data = file_get_contents('https://api.example.com/data', false, $context);

// CORRECT: curl with timeout
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
```

### 6. Lock/Mutex Without Timeout

```php
// CRITICAL: Lock without timeout — potential deadlock
$lock->acquire(); // Blocks forever if not released

// CORRECT: With timeout
if (!$lock->acquire(timeout: 10)) {
    throw new LockTimeoutException('Failed to acquire lock within 10 seconds');
}
```

## Grep Patterns

```bash
# HTTP clients without timeout
Grep: "new.*Client\(\)|new.*GuzzleHttp|new.*HttpClient" --glob "**/*.php"
Grep: "connect_timeout|timeout.*=>" --glob "**/Infrastructure/**/*.php"

# Database connections
Grep: "new PDO\(|DriverManager::getConnection" --glob "**/*.php"
Grep: "ATTR_TIMEOUT|wait_timeout|read_timeout" --glob "**/*.php"

# Queue consumers
Grep: "->consume\(|->get\(|->receive\(" --glob "**/Consumer/**/*.php"
Grep: "pcntl_alarm|set_time_limit" --glob "**/*.php"

# Cache/Redis
Grep: "->connect\(|Redis\(\)|Memcached\(\)" --glob "**/*.php"
Grep: "OPT_READ_TIMEOUT|blPop|brPop" --glob "**/*.php"

# file_get_contents / curl
Grep: "file_get_contents\(.*http|curl_init" --glob "**/*.php"
Grep: "CURLOPT_TIMEOUT|CURLOPT_CONNECTTIMEOUT" --glob "**/*.php"

# Lock acquisition
Grep: "->acquire\(|->lock\(|flock\(" --glob "**/*.php"
```

## Severity Classification

| Pattern | Severity |
|---------|----------|
| HTTP client without timeout | 🔴 Critical |
| Database without connection timeout | 🔴 Critical |
| Queue consumer blocking forever | 🔴 Critical |
| Lock without timeout (deadlock risk) | 🔴 Critical |
| Cache without read timeout | 🟠 Major |
| Missing processing timeout | 🟠 Major |
| file_get_contents without timeout | 🟡 Minor |

## Timeout Strategy Matrix

| Resource | Connect Timeout | Read Timeout | Processing Timeout |
|----------|----------------|--------------|-------------------|
| HTTP API | 5s | 30s | 60s |
| Database | 5s | 30s | N/A |
| Redis Cache | 2s | 5s | N/A |
| Message Queue | 5s | 30s | 120s |
| File Lock | N/A | N/A | 10s |
| DNS Resolution | 5s | N/A | N/A |

## Output Format

```markdown
### Timeout Strategy: [Description]

**Severity:** 🔴/🟠/🟡
**Location:** `file.php:line`
**Resource Type:** HTTP/Database/Queue/Cache/Lock

**Issue:**
[Description of missing or misconfigured timeout]

**Risk:**
- Thread/process starvation
- Connection pool exhaustion
- Cascading failures to dependent services

**Code:**
```php
// Missing timeout
```

**Fix:**
```php
// With proper timeout configuration
```
```

Related Skills

create-timeout

59
from dykyi-roman/awesome-claude-code

Generates Timeout pattern components for PHP 8.4. Creates execution time limit infrastructure with configurable timeouts, fallback support, stream timeouts, and unit tests.

create-strategy

59
from dykyi-roman/awesome-claude-code

Generates Strategy pattern for PHP 8.4. Creates interchangeable algorithm families with context class, strategy interface, and concrete implementations. Includes unit tests.

create-health-check

59
from dykyi-roman/awesome-claude-code

Generates Health Check pattern for PHP 8.4. Creates application-level health endpoints with component checkers (Database, Redis, RabbitMQ), status aggregation, and RFC-compliant JSON response. Includes unit tests.

create-docker-healthcheck

59
from dykyi-roman/awesome-claude-code

Generates Docker health check scripts for PHP services. Creates PHP-FPM, Nginx, and custom endpoint health checks.

create-deploy-strategy

59
from dykyi-roman/awesome-claude-code

Generates deployment strategy configurations. Creates blue-green, canary, rolling deployment configs for GitHub Actions and GitLab CI with health checks and rollback procedures.

check-xxe

59
from dykyi-roman/awesome-claude-code

Analyzes PHP code for XML External Entity vulnerabilities. Detects unsafe XML parsers, missing entity protection, LIBXML flags issues, XSLT attacks.

check-version-consistency

59
from dykyi-roman/awesome-claude-code

Audits version consistency across project files. Checks composer.json, README, CHANGELOG, docs, and configuration files for version number synchronization.

check-type-juggling

59
from dykyi-roman/awesome-claude-code

Detects PHP type juggling vulnerabilities. Identifies loose comparison with user input, in_array without strict mode, switch statement type coercion, and hash comparison bypasses.

check-test-quality

59
from dykyi-roman/awesome-claude-code

Analyzes PHP test code quality. Checks test structure, assertion quality, test isolation, naming conventions, AAA pattern adherence.

check-ssrf

59
from dykyi-roman/awesome-claude-code

Analyzes PHP code for SSRF vulnerabilities. Detects unvalidated URLs, internal network access, DNS rebinding, cloud metadata access, URL parsing bypass attempts.

check-sql-injection

59
from dykyi-roman/awesome-claude-code

Analyzes PHP code for SQL injection vulnerabilities. Detects query concatenation, ORM misuse, raw queries, dynamic identifiers, prepared statement bypasses.

check-serialization

59
from dykyi-roman/awesome-claude-code

Analyzes PHP code for serialization overhead. Detects inefficient JSON encoding, large object hydration, missing JsonSerializable, circular reference issues.