From f764497e61b16dc82216da68c508e4535dd85d0d Mon Sep 17 00:00:00 2001
From: Theodore Li <theo@sim.ai>
Date: Thu, 23 Apr 2026 11:09:08 -0700
Subject: [PATCH] Set statement timeout of 90 seconds

---
 apps/sim/socket/database/operations.ts |  7 +++++++
 packages/db/index.ts                   | 15 +++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/apps/sim/socket/database/operations.ts b/apps/sim/socket/database/operations.ts
index 3e8eeeb99bb..13a291d12f0 100644
--- a/apps/sim/socket/database/operations.ts
+++ b/apps/sim/socket/database/operations.ts
@@ -24,6 +24,10 @@ import {
 const logger = createLogger('SocketDatabase')
 
 const connectionString = env.DATABASE_URL
+/**
+ * Server-side safety net for runaway queries and abandoned transactions.
+ * See `packages/db/index.ts` for rationale.
+ */
 const socketDb = drizzle(
   postgres(connectionString, {
     prepare: false,
@@ -31,6 +35,9 @@ const socketDb = drizzle(
     connect_timeout: 20,
     max: 10,
     onnotice: () => {},
+    connection: {
+      options: '-c statement_timeout=90000 -c idle_in_transaction_session_timeout=90000',
+    },
   }),
   { schema }
 )
diff --git a/packages/db/index.ts b/packages/db/index.ts
index 0cab65a38e3..616d20bc2c9 100644
--- a/packages/db/index.ts
+++ b/packages/db/index.ts
@@ -10,12 +10,27 @@ if (!connectionString) {
   throw new Error('Missing DATABASE_URL environment variable')
 }
 
+/**
+ * Server-side safety net for runaway queries and abandoned transactions:
+ * - `statement_timeout=90000` kills any single statement still running
+ *   after 90s. Protects against pathological queries.
+ * - `idle_in_transaction_session_timeout=90000` kills a session that has
+ *   opened a transaction and gone idle for 90s. Protects against
+ *   transactions that hold row locks while waiting on external I/O.
+ *
+ * These are last-resort caps — application code should never approach
+ * them. Migrations or admin scripts that legitimately need longer limits
+ * must construct their own client with overrides.
+ */
 const postgresClient = postgres(connectionString, {
   prepare: false,
   idle_timeout: 20,
   connect_timeout: 30,
   max: 10,
   onnotice: () => {},
+  connection: {
+    options: '-c statement_timeout=90000 -c idle_in_transaction_session_timeout=90000',
+  },
 })
 
 export const db = drizzle(postgresClient, { schema })