@prodcycle/prodcycle 0.6.4 → 0.6.5

package/dist/api-client.js

@@ -47,10 +47,25 @@ const MAX_RETRY_AFTER_SECONDS = envInt('PC_MAX_RETRY_AFTER_SECONDS', 300);
 /**
  * Per-request fetch timeout. Without this a stalled connection would tie
  * up the CLI indefinitely, bypassing both the retry cap and the async-poll
- * deadline. Default is 2 minutes — long enough for the largest non-async
- * sync `/validate` call, short enough that a hung TCP socket gets aborted.
+ * deadline.
+ *
+ * Default is 5 minutes — chosen so the chunked-session `/chunks` upload
+ * path has enough headroom under server-side load. The bottleneck on
+ * busy servers is the per-chunk transaction (policy eval + per-finding
+ * unique-index check on `(scan_id, fingerprint)`), which can take tens
+ * of seconds on big chunks. Sync `/validate` scans normally finish in
+ * seconds, so a longer default doesn't hurt them — it only matters
+ * when a single request stalls. CI runs that want tighter feedback can
+ * shrink via `PC_REQUEST_TIMEOUT_MS`.
+ *
+ * Pre-fix this was 120 s and a megarepo chunked scan (infisical-
+ * infisical, ~11.5 k files, 2026-05-13 GA-validation sweep) burned
+ * through the full retry budget (4 × 120 s per stuck chunk) before
+ * giving up with `Failed to connect to ProdCycle API: The operation
+ * was aborted due to timeout`. The body-read retry path from #30 was
+ * firing correctly — it just wasn't enough budget.
  */
-const REQUEST_TIMEOUT_MS = envInt('PC_REQUEST_TIMEOUT_MS', 120_000);
+const REQUEST_TIMEOUT_MS = envInt('PC_REQUEST_TIMEOUT_MS', 300_000);
 /**
  * Conservative client-side chunk sizing for the chunked-session flow. The
  * /chunks endpoint accepts up to 50 MB / 2000 files per request, but most

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prodcycle/prodcycle",
-  "version": "0.6.4",
+  "version": "0.6.5",
   "description": "Multi-framework policy-as-code compliance scanner for infrastructure and application code.",
   "homepage": "https://docs.prodcycle.com",
   "repository": {