fix(timeout): guard signal.alarm() against None; centralize auth; fix security issues

[srinivamd]

Summary

Fixes ROCM-23419: MAD-internal models fail with TypeError: 'NoneType' object cannot be interpreted as an integer in Timeout.__enter__ when --timeout 0 is passed.

This PR incorporates all changes from PR #108 (refactor(v2-review)) and additionally resolves all 4 unresolved Copilot review comments from that PR before merging to main.

---

Root Cause

PR #106 (merged 2026-04-20) introduced None as a sentinel for "no timeout" in cli/commands/run.py:

elif timeout == 0:
    timeout = None  # "no timeout" sentinel

But core/timeout.py passed self.seconds directly to signal.alarm(), which requires a non-negative integer — causing an immediate TypeError for any model using --timeout 0 or the no-timeout default.

PR #107 reverted PR #106 as a hotfix. This PR re-introduces the auth centralization from PR #106 with the timeout guard and all review comments addressed.

---

Changes

core/timeout.py — ROCM-23419 core fix

Added early-return guards in __enter__ and __exit__ for None (and 0), preventing signal.alarm() from receiving a non-integer:

def __enter__(self) -> None:
    if not self.seconds:   # guards None AND 0
        return
    signal.signal(signal.SIGALRM, self.handle_timeout)
    signal.alarm(self.seconds)

def __exit__(self, type, value, traceback) -> None:
    if not self.seconds:
        return
    signal.alarm(0)

core/errors.py — Copilot comment #1: avoid breaking API change

Renamed ConnectionError → NetworkError but preserved a deprecated backward-compatibility alias so downstream callers are not broken in this release:

class NetworkError(MADEngineError): ...

# Deprecated: use NetworkError instead; will be removed in a future release
ConnectionError = NetworkError

Also renamed TimeoutError → DeploymentTimeoutError to avoid shadowing the Python built-in.

core/auth.py — Copilot comment #2: correct Optional[str] typing (new file)

New centralized credential and registry-login module extracted from 4 duplicated locations. login_to_registry now correctly typed as registry: Optional[str] (was str in PR #108, but call sites pass None for unauthenticated pulls). Registry password passed via MAD_REGISTRY_PASSWORD env var instead of argv to avoid credential exposure in ps output.

core/docker.py — Copilot comment #3: re.escape() for Docker --filter name=

Docker's --filter name= interprets the value as a Go regex — container names with dots or other metacharacters produced false positives. Added re.escape() for the regex portion (separate from shlex.quote() which only escapes for shell argv):

container_name_re = re.escape(container_name)
container_name_exists = self.console.sh(
    "docker container ps -aq --filter " + shlex.quote(f"name=^/{container_name_re}$")
)

Also applied shlex.quote() consistently for docker stop/rm args and env var values.

cli/commands/run.py — Copilot comment #4: Optional[int] + display "Disabled"

• timeout option now converts to None for no-timeout (documented inline)
• Panel display shows Disabled instead of None s:

  f"Timeout: [yellow]{f'{timeout}s' if timeout is not None else 'Disabled'}[/yellow]"

• Validation message updated to mention 0 is valid

---

Testing

# Install from this branch
pip install git+https://github.com/srinivamd/madengine.git@fix/rocm-23419-timeout-none-guard

# Verify core fix
python3 -c "
from madengine.core.timeout import Timeout
with Timeout(None):
    print('None timeout — OK')
with Timeout(0):
    print('Zero timeout — OK')
with Timeout(5):
    print('Normal timeout — OK')
"

# Verify CLI display
madengine run --timeout 0 --tags <any_model_tag>  # should show "Timeout: Disabled"
madengine run --tags <any_model_tag>               # should show "Timeout: 7200s"

---

Related

• ROCM-23419: https://amd-hub.atlassian.net/browse/ROCM-23419
• PR refactor(auth): centralize credential loading and Docker registry login #106 (regression): centralize auth — introduced None sentinel without guard
• PR Revert "refactor(auth): centralize credential loading and Docker registry login" #107 (hotfix revert): reverted PR refactor(auth): centralize credential loading and Docker registry login #106 to unblock QA
• PR refactor(v2-review): fix timeout, extract auth module, fix security issues, update test suite #108 (basis): this PR resolves all 4 unresolved Copilot review comments from PR refactor(v2-review): fix timeout, extract auth module, fix security issues, update test suite #108 before merging to main

[coketaste]

Should this PR be merged into PR #108 first, since there are overlapping changes?

[gargrahul]

We can go with #108