Merge branch 'main' into codex/fix-cache-key-comparison-logic

Author: shayancoin

.github/workflows/ci.yml

@@ -102,3 +102,76 @@ jobs:
 
     - name: Build
       run: npm run build
+
+  performance-budget:
+    runs-on: ubuntu-latest
+    needs:
+      - frontend-tests
+    env:
+      PERF_BUDGET_HEADLESS: 'true'
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+      - name: Set up Node.js
+        uses: actions/setup-node@0a44ba78451273a1ed8ac2fee4e347c72dfd377f
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: ./frontend/package-lock.json
+
+      - name: Install dependencies
+        working-directory: ./frontend
+        run: npm ci
+
+      - name: Start application stack
+        run: |
+          docker compose -f docker-compose.dev.yml up -d --build
+
+      - name: Wait for API
+        run: |
+          for i in {1..60}; do curl -sf http://localhost:8000/healthcheck && break || sleep 2; done
+
+      - name: Wait for Frontend
+        run: |
+          for i in {1..60}; do curl -sf http://localhost:3000/models/manifest.json && break || sleep 2; done
+
+      - name: Run performance budget checks
+        working-directory: ./frontend
+        env:
+          PERF_BUDGET_OUTPUT_DIR: ../test-results/perf
+        run: npm run perf:budget
+
+      - name: Upload performance budget report
+        if: always()
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        with:
+          name: perf-budget
+          path: test-results/perf
+
+      - name: Shutdown stack
+        if: always()
+        run: |
+          docker compose -f docker-compose.dev.yml down
+
+  observability-budgets:
+    runs-on: ubuntu-latest
+    needs:
+      - performance-budget
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+      - name: Set up Python
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: pip install pyyaml
+
+      - name: Check observability budgets
+        env:
+          PROMETHEUS_URL: ${{ secrets.PROMETHEUS_URL }}
+          PROMETHEUS_BEARER_TOKEN: ${{ secrets.PROMETHEUS_BEARER_TOKEN }}
+          TEMPO_URL: ${{ secrets.TEMPO_URL }}
+          TEMPO_BEARER_TOKEN: ${{ secrets.TEMPO_BEARER_TOKEN }}
+        run: python tools/ci/check_observability_budgets.py --config observability-budgets.yml

.github/workflows/perf-light.yml

@@ -11,6 +11,111 @@ on:
   pull_request: {}
 
 jobs:
+  playwright-budgets:
+    runs-on: ubuntu-latest
+    timeout-minutes: 25
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+      - name: Use Node.js 20
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+
+      - name: Install frontend dependencies
+        working-directory: frontend
+        run: npm ci
+
+      - name: Install Playwright browsers
+        working-directory: frontend
+        run: npx playwright install --with-deps chromium
+
+      - name: Start stack
+        run: |
+          docker compose --env-file .env.development -f docker-compose.dev.yml up -d --build
+
+      - name: Wait for API
+        run: |
+          for i in {1..60}; do curl -sf http://localhost:8000/healthcheck && break || sleep 2; done
+
+      - name: Wait for Frontend
+        run: |
+          for i in {1..60}; do curl -sf http://localhost:3000/models/manifest.json && break || sleep 2; done
+
+      - name: Seed backend for perf
+        env:
+          BASE_URL: http://localhost:8000
+        run: |
+          python - <<'PY'
+import json
+import os
+import urllib.error
+import urllib.request
+
+BASE_URL = os.environ.get("BASE_URL", "http://localhost:8000")
+
+def post(path: str, payload: dict) -> dict:
+    req = urllib.request.Request(
+        f"{BASE_URL}{path}",
+        data=json.dumps(payload).encode("utf-8"),
+        headers={"Content-Type": "application/json"},
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=10) as resp:
+            return json.loads(resp.read().decode("utf-8"))
+    except urllib.error.HTTPError as exc:
+        detail = exc.read().decode("utf-8", "ignore")
+        raise SystemExit(f"Seed request failed ({exc.code}): {detail}")
+
+material = post(
+    "/api/materials/",
+    {"name": "Walnut", "texture_url": None, "cost_per_sq_ft": 12.5},
+)
+material_id = material.get("id")
+if not material_id:
+    raise SystemExit("Material creation failed; missing id")
+
+post(
+    "/api/modules/",
+    {
+        "name": "Base600",
+        "width": 600.0,
+        "height": 720.0,
+        "depth": 580.0,
+        "base_price": 100.0,
+        "material_id": material_id,
+    },
+)
+PY
+
+      - name: Run Playwright performance budgets
+        env:
+          PERF_RESULTS_DIR: ${{ github.workspace }}/artifacts/perf
+          PERF_BUDGET_CONFIG: ${{ github.workspace }}/perf-budget.yml
+        run: |
+          mkdir -p artifacts/perf
+          cd frontend
+          npm run test:perf -- --output=playwright-report/perf
+
+      - name: Convert Playwright metrics to JUnit
+        run: node tools/perf/metrics-to-junit.mjs artifacts/perf artifacts/perf/perf-metrics.junit.xml
+
+      - name: Upload performance artifacts
+        if: always()
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        with:
+          name: perf-budgets
+          path: |
+            artifacts/perf
+            frontend/playwright-report
+
+      - name: Shutdown stack
+        if: always()
+        run: |
+          docker compose --env-file .env.development -f docker-compose.dev.yml down
+
   k6:
     runs-on: ubuntu-latest
     timeout-minutes: 15
@@ -98,3 +203,28 @@ PY
         if: always()
         run: |
           docker compose --env-file .env.development -f docker-compose.dev.yml down
+
+  canary-metrics:
+    runs-on: ubuntu-latest
+    needs:
+      - playwright-budgets
+      - k6
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+      - name: Compare canary metrics against budgets
+        env:
+          PROMETHEUS_URL: ${{ secrets.PROMETHEUS_URL }}
+          TEMPO_URL: ${{ secrets.TEMPO_URL }}
+          GITHUB_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          GITHUB_SHA: ${{ github.sha }}
+          CANARY_RESULTS_DIR: ${{ github.workspace }}/artifacts/canary
+        run: |
+          python tools/perf/check-canary-metrics.py
+
+      - name: Upload canary metric report
+        if: always()
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        with:
+          name: canary-metrics
+          path: artifacts/canary

.github/workflows/perf.yml

@@ -0,0 +1,75 @@
+name: perf
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+
+jobs:
+  playwright-perf:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    defaults:
+      run:
+        working-directory: ./frontend
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+      - name: Set up Node.js
+        uses: actions/setup-node@0a44ba78451273a1ed8ac2fee4e347c72dfd377f
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: ./frontend/package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Install Playwright browsers
+        run: npx playwright install --with-deps
+
+      - name: Build application
+        run: npm run build
+
+      - name: Start application
+        run: |
+          npm run start -- --hostname 0.0.0.0 --port 3000 &
+          echo $! > ../.next-server-pid
+          for i in {1..60}; do
+            if curl -sSf http://127.0.0.1:3000 > /dev/null; then
+              break
+            fi
+            sleep 2
+          done
+          if ! curl -sSf http://127.0.0.1:3000 > /dev/null; then
+            echo "Application failed to start" >&2
+            exit 1
+          fi
+
+      - name: Run Playwright perf tests
+        env:
+          BASE_URL: http://127.0.0.1:3000
+        run: npx playwright test --reporter=line,html
+
+      - name: Stop application
+        if: always()
+        run: |
+          if [ -f ../.next-server-pid ]; then
+            kill $(cat ../.next-server-pid) || true
+            rm -f ../.next-server-pid
+          fi
+
+      - name: Upload Playwright artifacts
+        if: always()
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        with:
+          name: playwright-perf-artifacts
+          path: |
+            frontend/playwright-report
+            frontend/test-results
+          if-no-files-found: warn

.gitignore

@@ -36,6 +36,7 @@ yarn-error.log*
 .next/
 out/
 .cache/
+artifacts/
 
 # Env files (keep example)
 .env

artifacts/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

backend/README.md

@@ -25,7 +25,9 @@ docker compose --env-file .env.development -f docker-compose.dev.yml up backend-
 
 The backend expects the following environment variables (or entries in `.env.development`):
 
+- `API_WRITE_TOKEN` – Bearer token required for privileged sync and admin endpoints.
 - `HYGRAPH_WEBHOOK_SECRET` – Shared secret used to validate incoming Hygraph webhook signatures.
+- `API_WRITE_TOKEN` – Bearer token required for privileged sync endpoints such as `/api/sync/hygraph/pull`.
 
 ## Project Structure