Severity
LOW
Description
The subprocess timeout in `claude_code_provider.py` is passed directly from config with no upper bound. A misconfigured or corrupted `config.yaml` could set an arbitrarily large timeout, causing the pipeline to hang indefinitely with no recovery.
Affected file
`providers/llm/claude_code_provider.py:69`
```python
result = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout)
```
Fix
```python
MAX_TIMEOUT = 300 # 5 minutes hard cap
result = subprocess.run(cmd, capture_output=True, text=True, timeout=min(timeout, MAX_TIMEOUT))
```
Files to change
- `providers/llm/claude_code_provider.py`
Severity
LOW
Description
The subprocess timeout in `claude_code_provider.py` is passed directly from config with no upper bound. A misconfigured or corrupted `config.yaml` could set an arbitrarily large timeout, causing the pipeline to hang indefinitely with no recovery.
Affected file
`providers/llm/claude_code_provider.py:69`
```python
result = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout)
```
Fix
```python
MAX_TIMEOUT = 300 # 5 minutes hard cap
result = subprocess.run(cmd, capture_output=True, text=True, timeout=min(timeout, MAX_TIMEOUT))
```
Files to change