From 08c689e6ddb50eced479053aada4eb5d1f08098a Mon Sep 17 00:00:00 2001 From: adlee-was-taken Date: Sun, 5 Apr 2026 12:07:20 -0400 Subject: [PATCH] fix(web): raise on MQTT connect timeout in _publish_arm_request Code review on 9f203d8 caught a silent-failure mode: MessageBus.connect logs and returns without raising when the MQTT handshake times out, so an overloaded broker would let bus.publish() enqueue into paho's outbox only to be discarded by the immediate disconnect(). The web endpoint would return 202 even though the FSM never received the request. Guard with 'if not bus.connected: raise RuntimeError'. The existing try/except in arm_system/disarm_system catches the exception and turns it into a 503 with the same log message as other bus failures. --- vigilar/web/blueprints/system.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vigilar/web/blueprints/system.py b/vigilar/web/blueprints/system.py index 771c350..dccd603 100644 --- a/vigilar/web/blueprints/system.py +++ b/vigilar/web/blueprints/system.py @@ -61,6 +61,8 @@ def _publish_arm_request(cfg: VigilarConfig, payload: dict) -> None: bus = MessageBus(cfg.mqtt, client_id="vigilar-web-arm-request") bus.connect() + if not bus.connected: + raise RuntimeError("MQTT broker did not accept connection within timeout") try: bus.publish(Topics.SYSTEM_ARM_REQUEST, payload) finally: