feat(db): add timeout_ms parameter to execute_query
This MR is the gate's demo case: one function signature change in app.db.execute_query.
ℹ️ Reading the gate's notes below? A live run against this MR can return PASS / radius 0 — GitLab's Orbit index transiently de-indexes a project right after a merge tomain, so the changed-definition query comes back empty. That cold-index reading is exactly what a snapshot-pinned gate is built to survive. The canonical verdict is the replay (below), reproduced byte-for-byte from a committed, sha256-fingerprinted snapshot. Touch it live: gate report · README.Which note is the verdict? In the thread below, the canonical result is note 3459968417 — FAIL / radius 6 / uncovered 4-of-6 /
blast-radius::medium, posted live by the gate's service account on a warm Orbit index. The earlier note 3449657489 showing PASS / radius 0 is the documented 2026-06-12 de-index incident, kept on purpose as robustness evidence (seedocs/sample/flow-run.md) — it is not the verdict. A handful ofstarted/…dropped sessionsystem notes are sandbox-provisioning retries from iterating on the flow config; the run that posted note 3459968417 is the one that counts.
Canonical verdict (replay): FAIL · blast radius 6 · uncovered 4 / 6 (blast-radius::medium)
(Radius 6 is a CALLS-only, Python-only lower bound on true impact — the engine also walks EXTENDS; see README §Scope.)
The deterministic verdict for this MR, computed from Orbit responses recorded 2026-06-12 and reproduced byte-for-byte by the offline replay suite (python -m unittest discover -s tests → 36 tests, all green; evidence SHA cfa80c93af4cfa67). Query fingerprints: docs/sample/sample-gate-report.json.
Note what the changed-definition query did not include: app.db.get_connection sits in the same file, three lines above the change, inside the diff hunk's context lines — and is correctly excluded, because the gate intersects definition line ranges with changed lines only.