Add CI performance budgets and observability checks

.github/workflows/ci.yml

@@ -102,3 +102,148 @@ jobs:
 
     - name: Build
       run: npm run build
+
+  perf-budget:
+    runs-on: ubuntu-latest
+    needs:
+      - backend-tests
+      - frontend-tests
+    timeout-minutes: 30
+    steps:
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+    - name: Set up Node.js
+      uses: actions/setup-node@0a44ba78451273a1ed8ac2fee4e347c72dfd377f
+      with:
+        node-version: '20'
+        cache: 'npm'
+        cache-dependency-path: ./frontend/package-lock.json
+
+    - name: Install Playwright dependencies
+      run: |
+        cd frontend
+        npm ci
+        npx playwright install --with-deps
+
+    - name: Create development environment file
+      run: |
+        cat <<'ENV' > .env.development
+        PROJECT_NAME=paform
+        FRONTEND_PORT=3000
+        BACKEND_PORT=8000
+        BACKEND_HOST=backend-dev
+        HYGRAPH_WEBHOOK_SECRET=ci-placeholder
+        DATABASE_URL=sqlite:///./paform.db
+        ENV
+
+    - name: Start application stack
+      run: docker compose --env-file .env.development -f docker-compose.dev.yml up -d --build
+
+    - name: Wait for API
+      run: |
+        for i in {1..60}; do curl -sf http://localhost:8000/healthcheck && break || sleep 2; done
+
+    - name: Wait for Frontend
+      run: |
+        for i in {1..60}; do curl -sf http://localhost:3000/models/manifest.json && break || sleep 2; done
+
+    - name: Seed backend fixtures
+      env:
+        BASE_URL: http://localhost:8000
+      run: |
+        python - <<'PY'
+import json
+import os
+import urllib.error
+import urllib.request
+
+BASE_URL = os.environ.get("BASE_URL", "http://localhost:8000")
+
+def post(path: str, payload: dict) -> dict:
+    req = urllib.request.Request(
+        f"{BASE_URL}{path}",
+        data=json.dumps(payload).encode("utf-8"),
+        headers={"Content-Type": "application/json"},
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=10) as resp:
+            return json.loads(resp.read().decode("utf-8"))
+    except urllib.error.HTTPError as exc:
+        detail = exc.read().decode("utf-8", "ignore")
+        raise SystemExit(f"Seed request failed ({exc.code}): {detail}")
+
+material = post(
+    "/api/materials/",
+    {"name": "Walnut", "texture_url": None, "cost_per_sq_ft": 12.5},
+)
+material_id = material.get("id")
+if not material_id:
+    raise SystemExit("Material creation failed; missing id")
+
+post(
+    "/api/modules/",
+    {
+        "name": "Base600",
+        "width": 600.0,
+        "height": 720.0,
+        "depth": 580.0,
+        "base_price": 100.0,
+        "material_id": material_id,
+    },
+)
+PY
+
+    - name: Run Playwright performance budget
+      env:
+        PERF_BUDGET_FILE: ../perf-budget.yml
+        PERF_RESULTS_DIR: ../perf-results
+      run: |
+        mkdir -p perf-results
+        cd frontend
+        npx playwright test tests/e2e/perf/perf-budget.spec.ts --reporter=junit,line --output=playwright-report
+
+    - name: Publish performance metrics
+      if: always()
+      env:
+        PERF_RESULTS_DIR: perf-results
+        PUSHGATEWAY_URL: ${{ secrets.PUSHGATEWAY_URL }}
+        PUSHGATEWAY_JOB: ci-performance-budget
+        GITHUB_SHA: ${{ github.sha }}
+        GITHUB_REF: ${{ github.ref }}
+      run: |
+        node scripts/publish-perf-metrics.mjs
+
+    - name: Upload performance artifacts
+      if: always()
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+      with:
+        name: perf-budget-artifacts
+        path: |
+          perf-results
+          frontend/playwright-report
+
+    - name: Shutdown application stack
+      if: always()
+      run: docker compose --env-file .env.development -f docker-compose.dev.yml down
+
+  observability-budgets:
+    runs-on: ubuntu-latest
+    needs: perf-budget
+    steps:
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+
+    - name: Evaluate canary latency and error budgets
+      env:
+        PROMETHEUS_URL: ${{ secrets.PROMETHEUS_URL }}
+        PROMETHEUS_LATENCY_QUERY: ${{ vars.PROMETHEUS_LATENCY_QUERY }}
+        PROMETHEUS_ERROR_RATE_QUERY: ${{ vars.PROMETHEUS_ERROR_RATE_QUERY }}
+        LATENCY_BUDGET_MS: 3000
+        ERROR_RATE_BUDGET: 0.02
+        REGRESSION_TOLERANCE: 0.15
+        BASELINE_OFFSET_SECONDS: 3600
+        LATENCY_UNIT_SCALE: 1000
+        TEMPO_URL: ${{ secrets.TEMPO_URL }}
+        TEMPO_QUERY: ${{ secrets.TEMPO_QUERY }}
+        TEMPO_DURATION_BUDGET_MS: 4000
+      run: |
+        python3 scripts/ci/check_canary_budgets.py

docs/release-checklist.md

@@ -0,0 +1,34 @@
+# Release Checklist
+
+This checklist captures the operational gates that must be satisfied before promoting a build to production. It ties runtime telemetry, CI results, and preview deployments together so on-call responders have a consistent view of system health.
+
+## 1. Verify CI performance budgets
+
+1. Inspect the **perf-budget** job in the CI workflow. Confirm the Playwright run stores the latest navigation and LCP percentiles in the `perf-results` artifact or that they appear in Grafana when the Pushgateway integration is configured.
+2. Ensure the homepage → configurator journey meets the navigation (P90 < 3s) and Largest Contentful Paint (P95 < 4s) budgets. Any regression should block the release until a remediation plan is documented.
+3. Cross check the JUnit report (or Pushgateway metrics) against historical trends before approving the release branch merge.
+
+## 2. Review canary latency and error budgets
+
+1. Open the **observability-budgets** job logs for the Prometheus/Tempo regression check. Confirm the P95 API latency and error-rate budgets are below their configured thresholds and have not regressed more than the allowed tolerance from the previous build.
+2. If the job fails, review the Prometheus dashboards for the affected service and either mitigate or roll back before continuing the release.
+
+## 3. Validate Grafana alerts and on-call notifications
+
+1. Check that the Grafana dashboard for the configurator experience displays the latest CI metrics (either from the Pushgateway metrics or the uploaded JUnit results).
+2. Confirm Grafana alert rules reference the same Prometheus queries used in CI and that alert routing targets the active on-call channel (PagerDuty, Opsgenie, or Slack On-call). Perform a synthetic alert test each quarter to verify paging works end-to-end.
+3. Update the on-call schedule if coverage changed since the previous release.
+
+## 4. Preview environment gating
+
+1. Before cutting a release tag, verify that the preview deployment (staging or review app) is healthy:
+   - Synthetic navigation checks load within the CI-defined budgets.
+   - Error budgets are green in Grafana/Prometheus for the staging namespace.
+2. Confirm preview environment alerts route to the same on-call channel so responders see issues ahead of production rollout.
+3. Capture a short Loom or screenshot walkthrough of the configurator flow and attach it to the release ticket to document the state of the UI prior to launch.
+
+## 5. Final approval
+
+1. Ensure all checklist items above are marked complete in the release issue template.
+2. Obtain sign-off from the engineering lead (performance budgets) and on-call lead (alert routing) before performing the production deploy.
+3. After deployment, monitor Grafana dashboards for at least one full canary window to confirm runtime telemetry stays within budget. If alerts fire, follow the incident response playbook and update the release retrospective.

frontend/package.json

@@ -39,6 +39,7 @@
     "@types/node": "^20",
     "@types/react": "^18",
     "@types/react-dom": "^18",
+    "@types/js-yaml": "^4.0.9",
     "autoprefixer": "^10.0.1",
     "eslint": "^8",
     "eslint-config-next": "14.2.0",
@@ -54,7 +55,8 @@
     "meshoptimizer": "0.25.0",
     "vitest": "^1.6.0",
     "@playwright/test": "^1.56.0",
-    "ts-node": "^10.9.2"
+    "ts-node": "^10.9.2",
+    "js-yaml": "^4.1.0"
   },
   "jest": {
     "setupFilesAfterEnv": [