fix(registrycopy): add fetchWithRetry wrapper to apply timeouts, retries with exponential backoff, and token cache handling; use it for registry HTTP requests

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@git.zone/tsdocker',
-  version: '1.17.0',
+  version: '1.17.1',
   description: 'develop npm modules cross platform with docker'
 }

ts/classes.registrycopy.ts

@@ -20,6 +20,43 @@ interface ITokenCache {
 export class RegistryCopy {
   private tokenCache: ITokenCache = {};
 
+  /**
+   * Wraps fetch() with timeout (via AbortSignal) and retry with exponential backoff.
+   * Retries on network errors and 5xx; does NOT retry on 4xx client errors.
+   * On 401, clears the token cache entry so the next attempt re-authenticates.
+   */
+  private async fetchWithRetry(
+    url: string,
+    options: RequestInit & { duplex?: string },
+    timeoutMs: number = 300_000,
+    maxRetries: number = 3,
+  ): Promise<Response> {
+    let lastError: Error | null = null;
+    for (let attempt = 1; attempt <= maxRetries; attempt++) {
+      try {
+        const resp = await fetch(url, {
+          ...options,
+          signal: AbortSignal.timeout(timeoutMs),
+        });
+        // Retry on 5xx server errors (but not 4xx)
+        if (resp.status >= 500 && attempt < maxRetries) {
+          logger.log('warn', `Request to ${url} returned ${resp.status}, retrying (${attempt}/${maxRetries})...`);
+          await new Promise(r => setTimeout(r, 1000 * Math.pow(2, attempt - 1)));
+          continue;
+        }
+        return resp;
+      } catch (err) {
+        lastError = err as Error;
+        if (attempt < maxRetries) {
+          const delay = 1000 * Math.pow(2, attempt - 1);
+          logger.log('warn', `fetch failed (attempt ${attempt}/${maxRetries}): ${lastError.message}, retrying in ${delay}ms...`);
+          await new Promise(r => setTimeout(r, delay));
+        }
+      }
+    }
+    throw lastError!;
+  }
+
   /**
    * Reads Docker credentials from ~/.docker/config.json for a given registry.
    * Supports base64-encoded "auth" field in the config.
@@ -109,7 +146,7 @@ export class RegistryCopy {
     }
 
     try {
-      const checkResp = await fetch(`${apiBase}/v2/`, { method: 'GET' });
+      const checkResp = await this.fetchWithRetry(`${apiBase}/v2/`, { method: 'GET' }, 30_000);
       if (checkResp.ok) return null; // No auth needed
 
       const wwwAuth = checkResp.headers.get('www-authenticate') || '';
@@ -131,7 +168,7 @@ export class RegistryCopy {
         headers['Authorization'] = 'Basic ' + Buffer.from(`${creds.username}:${creds.password}`).toString('base64');
       }
 
-      const tokenResp = await fetch(tokenUrl.toString(), { headers });
+      const tokenResp = await this.fetchWithRetry(tokenUrl.toString(), { headers }, 30_000);
       if (!tokenResp.ok) {
         const body = await tokenResp.text();
         throw new Error(`Token request failed (${tokenResp.status}): ${body}`);
@@ -189,7 +226,15 @@ export class RegistryCopy {
       fetchOptions.duplex = 'half'; // Required for streaming body in Node
     }
 
-    return fetch(url, fetchOptions);
+    const resp = await this.fetchWithRetry(url, fetchOptions, 300_000);
+
+    // Token expired — clear cache so next call re-authenticates
+    if (resp.status === 401 && token) {
+      const cacheKey = `${registry}/${`repository:${repo}:${actions}`}`;
+      delete this.tokenCache[cacheKey];
+    }
+
+    return resp;
   }
 
   /**
@@ -320,11 +365,11 @@ export class RegistryCopy {
       putHeaders['Authorization'] = `Bearer ${token}`;
     }
 
-    const putResp = await fetch(putUrl, {
+    const putResp = await this.fetchWithRetry(putUrl, {
       method: 'PUT',
       headers: putHeaders,
       body: blobData,
-    });
+    }, 300_000);
 
     if (!putResp.ok) {
       const body = await putResp.text();