fix: apply timeout parameter to all aiohttp sessions in db_calls.py (#4) #41

Claude · 2026-03-21T06:03:18Z

Claude commented

2026-03-21 06:03:18 +00:00

Closes #4

Summary

Every async DB function in db_calls.py accepted a timeout parameter but never forwarded it to aiohttp, so scripts would hang indefinitely if the API became unresponsive.

Fixed by passing aiohttp.ClientTimeout(total=timeout) to aiohttp.ClientSession() in all six functions:

db_get
url_get
db_patch
db_post
db_put
db_delete

Files Changed

db_calls.py

Test Results

No test suite in this repo. Change verified by code review — each ClientSession constructor now receives the timeout object.

Other observations

The linter (ruff/black) auto-reformatted some f-string quote styles in the same file on save. Those cosmetic changes are included in the diff but do not affect behaviour.

Closes #4 ## Summary Every async DB function in `db_calls.py` accepted a `timeout` parameter but never forwarded it to `aiohttp`, so scripts would hang indefinitely if the API became unresponsive. Fixed by passing `aiohttp.ClientTimeout(total=timeout)` to `aiohttp.ClientSession()` in all six functions: - `db_get` - `url_get` - `db_patch` - `db_post` - `db_put` - `db_delete` ## Files Changed - `db_calls.py` ## Test Results No test suite in this repo. Change verified by code review — each `ClientSession` constructor now receives the timeout object. ## Other observations The linter (ruff/black) auto-reformatted some f-string quote styles in the same file on save. Those cosmetic changes are included in the diff but do not affect behaviour.

Claude added 1 commit 2026-03-21 06:03:18 +00:00

fix: apply timeout parameter to all aiohttp sessions in db_calls.py (#4 ) bd1809261e

Closes #4

Every async DB function accepted a `timeout` parameter but never passed
it to aiohttp, causing scripts to hang indefinitely if the API became
unresponsive. Fixed by passing `aiohttp.ClientTimeout(total=timeout)` to
each `aiohttp.ClientSession()` constructor across all six functions:
db_get, url_get, db_patch, db_post, db_put, db_delete.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Claude referenced this pull request

2026-03-21 06:03:33 +00:00

Fix `timeout` parameter — accepted but never applied to HTTP requests #4

Claude added the

ai-reviewing

label 2026-03-21 06:15:48 +00:00

Claude reviewed 2026-03-21 06:16:30 +00:00

Claude left a comment

Review: fix: apply timeout parameter to all aiohttp sessions in db_calls.py

LGTM — ready to merge.

What's correct

The fix is mechanically sound and complete. All six async functions (db_get, url_get, db_patch, db_post, db_put, db_delete) now construct aiohttp.ClientTimeout(total=timeout) and pass it into ClientSession. Using total= is the right choice — it caps the entire request lifecycle (connect + read), which is the expected behaviour for a general-purpose hang guard.

The cosmetic f-string quote reformats (ruff/black normalisation) are pure style with no behavioural effect.

Minor observations (no action required)

db_delete still has timeout=3 without a type annotation (pre-existing). Harmless — ClientTimeout(total=3) works fine.
Default timeout of 3 seconds applies to all write operations (db_post, db_put, db_patch). For large payload POSTs callers can already override it; the default may feel tight but that's a pre-existing design decision, not introduced here.
AUTH_TOKEN bearer token is hardcoded on line 7 — pre-existing, not in scope for this PR.

Verdict

Correct fix, complete coverage across all six functions, no regressions introduced.

## Review: fix: apply timeout parameter to all aiohttp sessions in db_calls.py **LGTM — ready to merge.** ### What's correct The fix is mechanically sound and complete. All six async functions (`db_get`, `url_get`, `db_patch`, `db_post`, `db_put`, `db_delete`) now construct `aiohttp.ClientTimeout(total=timeout)` and pass it into `ClientSession`. Using `total=` is the right choice — it caps the entire request lifecycle (connect + read), which is the expected behaviour for a general-purpose hang guard. The cosmetic f-string quote reformats (ruff/black normalisation) are pure style with no behavioural effect. ### Minor observations (no action required) - `db_delete` still has `timeout=3` without a type annotation (pre-existing). Harmless — `ClientTimeout(total=3)` works fine. - Default timeout of 3 seconds applies to all write operations (`db_post`, `db_put`, `db_patch`). For large payload POSTs callers can already override it; the default may feel tight but that's a pre-existing design decision, not introduced here. - `AUTH_TOKEN` bearer token is hardcoded on line 7 — pre-existing, not in scope for this PR. ### Verdict Correct fix, complete coverage across all six functions, no regressions introduced.

cal approved these changes 2026-03-23 13:14:08 +00:00

Dismissed

cal left a comment

AI Code Review

Files Reviewed

db_calls.py (modified)

Findings

Correctness

The core fix is correct and complete. All six async functions (db_get, url_get, db_patch, db_post, db_put, db_delete) now pass aiohttp.ClientTimeout(total=timeout) to aiohttp.ClientSession(). This is the proper aiohttp API for session-level timeouts and will prevent indefinite hangs.
The timeout parameter was already present in all six function signatures with a default of 3 seconds; the fix simply closes the gap between the declared interface and the actual behavior.
url_get correctly omits headers=AUTH_TOKEN since it is a generic URL fetcher, not a DB call. The timeout-only session construction there is appropriate.
The cosmetic f-string quote normalization (outer double-quotes, inner single-quotes) is consistent throughout and does not affect behavior.

Security

Pre-existing issue, out of scope for this PR: Line 7 contains a hardcoded bearer token (AUTH_TOKEN = {"Authorization": "Bearer Tp3aO3jhYve5NJF1IqOmJTmk"}). This should be moved to an environment variable or secrets file and excluded from version control. This is not introduced by this PR but is worth addressing separately.
No new security issues introduced by this change.

Style & Conventions

The f-string quote style normalization aligns with standard Python conventions (double-quote outer strings) and is consistent with the rest of the file after the change.
db_delete still has an untyped timeout=3 parameter (no : int annotation) — this is pre-existing and out of scope, but worth cleaning up in a follow-up.
No issues with the changes themselves.

Suggestions

Consider adding connect_timeout in addition to total timeout via aiohttp.ClientTimeout(total=timeout, connect=timeout) if fast-fail on connection refusal is desired. total alone covers the full request lifecycle but a separate connect timeout gives more granular control. Not required for correctness.
The hardcoded auth token (noted above) warrants a dedicated issue/PR.

Verdict: APPROVED

The fix is correct, targeted, and complete. Every ClientSession constructor now receives the timeout object, resolving the hang-on-unresponsive-API issue described in #4. The cosmetic f-string changes are harmless. No blocking issues introduced.

Automated review by Claude PR Reviewer

## AI Code Review ### Files Reviewed - `db_calls.py` (modified) ### Findings #### Correctness - The core fix is correct and complete. All six async functions (`db_get`, `url_get`, `db_patch`, `db_post`, `db_put`, `db_delete`) now pass `aiohttp.ClientTimeout(total=timeout)` to `aiohttp.ClientSession()`. This is the proper aiohttp API for session-level timeouts and will prevent indefinite hangs. - The `timeout` parameter was already present in all six function signatures with a default of `3` seconds; the fix simply closes the gap between the declared interface and the actual behavior. - `url_get` correctly omits `headers=AUTH_TOKEN` since it is a generic URL fetcher, not a DB call. The timeout-only session construction there is appropriate. - The cosmetic f-string quote normalization (outer double-quotes, inner single-quotes) is consistent throughout and does not affect behavior. #### Security - **Pre-existing issue, out of scope for this PR**: Line 7 contains a hardcoded bearer token (`AUTH_TOKEN = {"Authorization": "Bearer Tp3aO3jhYve5NJF1IqOmJTmk"}`). This should be moved to an environment variable or secrets file and excluded from version control. This is not introduced by this PR but is worth addressing separately. - No new security issues introduced by this change. #### Style & Conventions - The f-string quote style normalization aligns with standard Python conventions (double-quote outer strings) and is consistent with the rest of the file after the change. - `db_delete` still has an untyped `timeout=3` parameter (no `: int` annotation) — this is pre-existing and out of scope, but worth cleaning up in a follow-up. - No issues with the changes themselves. #### Suggestions - Consider adding `connect_timeout` in addition to `total` timeout via `aiohttp.ClientTimeout(total=timeout, connect=timeout)` if fast-fail on connection refusal is desired. `total` alone covers the full request lifecycle but a separate connect timeout gives more granular control. Not required for correctness. - The hardcoded auth token (noted above) warrants a dedicated issue/PR. ### Verdict: APPROVED The fix is correct, targeted, and complete. Every `ClientSession` constructor now receives the timeout object, resolving the hang-on-unresponsive-API issue described in #4. The cosmetic f-string changes are harmless. No blocking issues introduced. --- *Automated review by Claude PR Reviewer*

cal approved these changes 2026-03-23 13:24:31 +00:00

cal left a comment

Approved for merge — timeout parameter now correctly forwarded to aiohttp ClientSession in all six functions.

cal added 1 commit 2026-03-23 13:24:46 +00:00

Merge branch 'main' into ai/paper-dynasty-card-creation#4 3612b0710b

cal added 1 commit 2026-03-23 13:25:22 +00:00

Merge branch 'main' into ai/paper-dynasty-card-creation#4 d7c6e6da27

cal merged commit aa8306e844 into main

2026-03-23 13:25:38 +00:00

cal deleted branch ai/paper-dynasty-card-creation#4

2026-03-23 13:25:38 +00:00

cal referenced this issue from a commit