fix(e2e): increase provision timeout for junie on hetzner (#2683)

* fix(e2e): increase provision timeout for junie on hetzner junie's install takes >720s on Hetzner, exceeding the default PROVISION_TIMEOUT and causing 100% E2E failure for hetzner-junie. Add a per-agent provision timeout mechanism in common.sh via get_provision_timeout(). This checks (in order): 1. PROVISION_TIMEOUT_<agent> env var override 2. Built-in per-agent default (_PROVISION_TIMEOUT_junie=1200) 3. Global PROVISION_TIMEOUT (720s) provision.sh now calls get_provision_timeout() to resolve the effective timeout per agent instead of using the flat global. Fixes #2680 Agent: code-health Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(security): whitelist-sanitize agent name before eval in get_provision_timeout tr '-' '_' only replaced hyphens, allowing metacharacters like $, backticks, and ; to pass through into eval, enabling shell injection via a crafted agent name. Replace with sed whitelist [A-Za-z0-9_] to strip all unsafe chars. Agent: team-lead Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-28 03:49:31 +00:00 · 2026-03-16 00:54:03 -07:00 · 2026-03-16 00:54:03 -07:00 · 8fe6450485
commit 8fe6450485
parent ab51b09a03
2 changed files with 47 additions and 3 deletions
--- a/sh/e2e/lib/common.sh
+++ b/sh/e2e/lib/common.sh
@ -129,6 +129,46 @@ cloud_install_wait() {
  fi
 }

+# ---------------------------------------------------------------------------
+# Per-agent provision timeout overrides
+#
+# Some agents (e.g. junie) have heavier installs that exceed the default
+# PROVISION_TIMEOUT on slower clouds. This map lets us set per-agent defaults
+# without raising the global timeout for all agents.
+#
+# Override precedence:
+#   1. PROVISION_TIMEOUT_<agent> env var (explicit override)
+#   2. Built-in per-agent default (below)
+#   3. Global PROVISION_TIMEOUT
+# ---------------------------------------------------------------------------
+_PROVISION_TIMEOUT_junie=1200
+
+get_provision_timeout() {
+  local agent="$1"
+  # Sanitize agent name: whitelist [A-Za-z0-9_] only, replacing all else with _
+  # This prevents shell metacharacter injection before eval on lines below
+  local safe_agent
+  safe_agent=$(printf '%s' "${agent}" | sed 's/[^A-Za-z0-9_]/_/g')
+
+  # Check for env var override: PROVISION_TIMEOUT_<agent>
+  local env_var="PROVISION_TIMEOUT_${safe_agent}"
+  eval "local env_val=\${${env_var}:-}"
+  if [ -n "${env_val}" ]; then
+    case "${env_val}" in ''|*[!0-9]*) ;; *) printf '%s' "${env_val}"; return ;; esac
+  fi
+
+  # Check for built-in per-agent default
+  local builtin_var="_PROVISION_TIMEOUT_${safe_agent}"
+  eval "local builtin_val=\${${builtin_var}:-}"
+  if [ -n "${builtin_val}" ]; then
+    printf '%s' "${builtin_val}"
+    return
+  fi
+
+  # Fall back to global
+  printf '%s' "${PROVISION_TIMEOUT}"
+}
+
 # ---------------------------------------------------------------------------
 # require_common_env
 #