Timeout strategy
Circuit breakers, token buckets, and exponential backoff with jitter for resilient licensing calls.
Why timeouts matter
Every outbound licensing call — heartbeat, session init, grace renewal — is a potential stall point. Without a timeout strategy, a hung TCP handshake or slow KeyAuth response can freeze the loader thread and degrade the user experience.
Circuit breaker
Track consecutive failures with a sliding window. After N failures in M seconds, open the circuit and short-circuit all licensing calls for a cooldown period. This prevents cascading retries from saturating the network stack.
state: CLOSED → failures >= 5 in 30s
→ OPEN (60s cooldown)
→ HALF_OPEN (1 probe request)
→ CLOSED on success, OPEN on failureToken bucket
Rate-limit outbound calls to a configurable burst ceiling. The bucket refills at a steady rate, ensuring the loader never exceeds the server-side rate limits enforced by KeyAuth or the CDN.
Exponential backoff with jitter
On transient failures (HTTP 429, 503, DNS timeout), retry with a backoff schedule: 1s → 2s → 4s → 8s → cap at 30s. Add random jitter (±25%) to avoid thundering-herd synchronisation across multiple client instances.
Offline grace cache
When all retries are exhausted, fall back to an HMAC-signed offline grace token stored locally. The token encodes the last-known-good license state and a TTL. This keeps the product usable during network blips without weakening the license enforcement model.
Next: read Direct syscalls for the loader-side implementation that pairs with this timeout layer.