azaion/ui
1
0
Fork 0
mirror of https://github.com/azaion/ui.git synced 2026-06-21 10:21:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
ui/_docs/06_metrics/perf_2026-05-13_cycle3.md
T
Oleksandr Bezdieniezhnykh 09449bda2c
ci/woodpecker/push/build-arm Pipeline failed
Details
[AZ-510][AZ-511][AZ-512][AZ-513] Cycle 3 Steps 12-15 + admin prereq 
Wrap up cycle 3 across the autodev existing-code Phase B steps that
follow Implement (Steps 12-15), plus the cross-workspace prerequisite
ticket filed for AZ-512.

Step 12 - Test-Spec Sync:
- Un-quarantine FT-P-01 in traceability-matrix (closed by AZ-510)
- Add AZ-510 chained /users/me failure-path test reference under AC-23
- Note AZ-512 deferral status under O9 (P12 Phase B target)

Step 13 - Update Docs (task mode):
- Refresh src__auth__AuthContext module doc with AZ-510 wire shape
  (POST refresh + chained /users/me + bootstrapInflight guard)
- Add usersMe() to src__api__endpoints module doc + consumer note
- Rename src__features__annotations__classColors module doc to
  src__class-colors__classColors (matches AZ-511 git mv); refresh header
- Refresh src__components__DetectionClasses + src__features__annotations
  module group doc for the new class-colors barrel import path
- Update components/11_class-colors Module Inventory to point at the
  renamed module doc filename
- Rewrite system-flows.md Flow F2 (Bearer auto-refresh) with the AZ-510
  POST + chained /users/me sequence; close Finding B3 references
- Generate ripple_log_cycle3 documenting all changed source files,
  their reverse-dependency search results, and the docs touched

Step 14 - Security Audit (cycle-3 delta):
- Resume mode against cycle-2 baseline; cycle-2 artifacts untouched
- Re-run bun audit on both roots: clean (cycle-2 inline fix held)
- Re-rate OWASP A06: FAIL -> PASS; A07: PASS_WITH_KNOWN -> PASS (B3
  closed by AZ-510)
- New finding F-SAST-CY3-1 (LOW): __resetBootstrapInflightForTests
  exposed via src/auth public barrel; defer to hygiene cycle
- Verdict: FAIL -> PASS_WITH_WARNINGS; one HIGH (F-SAST-1
  mission-planner git-history key, unchanged) remains
- Add amendment banner to cycle-2 security_report.md

Step 15 - Performance Test:
- Static profile NFT-PERF-01 PASS (290 575 B gzipped vs 2 MB budget;
  ~14% of budget; no regression from AZ-510 surface additions)
- E2E profile SKIP (Playwright perf project still pending AZ-457..AZ-482);
  legitimate skip per test-run skill, gap acknowledged in report
- AZ-510 200ms p95 chain NFR verified at spec level only - no CI gate
  yet (covered by future AZ-457..AZ-482 work)

Cross-workspace prerequisite (AZ-513 just filed):
- Updated _docs/_process_leftovers/2026-05-13_az-512-admin-classes-prereq.md
  to reflect AZ-513 filing on admin/ workspace (parent epic AZ-509,
  Blocks link to AZ-512). Companion task spec added in admin/ repo
  (separate commit there, owned by admin/ workspace).

State file: advanced to Step 16 (Deploy) per autodev existing-code flow.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-13 03:58:21 +03:00

7.2 KiB
Raw Permalink Blame History

Performance Test Report — Cycle 3

Date: 2026-05-13 Cycle: Phase B / Cycle 3 (post AZ-510, AZ-511; AZ-512 deferred and AZ-513 prerequisite filed on the admin/ workspace) Runner: scripts/run-performance-tests.sh (generated by test-spec Phase 4) Mode: static-only profile executed (NFT-PERF-01); e2e profile (NFT-PERF-02..10) records SKIP because the Playwright perf config is not yet wired (see "E2E profile status" below) Verdict: PASS (no Warn / Fail; one Pass + nine documented SKIPs + three documented Quarantines)

Summary

Scenario Result Measured Threshold Source
NFT-PERF-01 (initial JS bundle, gzipped) PASS 290 575 B (≈ 284 KB) ≤ 2 097 152 B (2 MB) — AC-11 / row 40 of results_report.md dist/assets/*.js summed via gzip -c | wc -c after bun run build
NFT-PERF-02 (auth refresh round-trip p95) SKIP n/a ≤ 200 ms — row 11 of results_report.md Deferred — Playwright perf project not yet wired
NFT-PERF-03 (SSE refresh rotation) QUARANTINE Step 8 hardening Per script's static quarantine list
NFT-PERF-04..07 SKIP n/a per performance-tests.md Deferred — Playwright perf project not yet wired
NFT-PERF-08 (panel-width persistence) QUARANTINE Step 4 fix Per script's static quarantine list
NFT-PERF-09 (settings save error surfacing) QUARANTINE Step 4 fix Per script's static quarantine list
NFT-PERF-10 (FCP on /flights, warm-cache) SKIP n/a ≤ 3 000 ms — row 98 of results_report.md Deferred — Playwright perf project not yet wired

Per perf-mode gate logic (test-run skill §Perf Mode step 5): only Warn or Fail block. No scenario reports either; the gate passes.

What changed in cycle 3 vs the cycle-2 perf posture

AZ-510 (auth bootstrap consolidation) — perf surface

The bootstrap path now does TWO sequential network calls on every cold mount:

  1. POST /api/admin/auth/refresh (with credentials:'include')
  2. GET /api/admin/users/me (chained, gated on the bearer set in step 1)

Spec NFR budget (from _docs/02_tasks/done/AZ-510_auth_bootstrap_consolidation.md): the chain must complete within 200 ms p95 on dev compose — same nginx/auth/host topology as production. This is the same threshold NFT-PERF-02 measures (the cycle-2 test only measured the standalone refresh; cycle 3 implicitly extends the budget to cover the chain).

Bundle-size impact: the AZ-510 patch added one new endpoint builder (endpoints.admin.usersMe()), a runBootstrap helper, a module-scoped bootstrapInflight promise, the __resetBootstrapInflightForTests test hook, and a defensive permissions?.includes check. NFT-PERF-01 measured 290 575 B gzipped — well under the 2 MB threshold (~14% of budget). For comparison: the cycle-2 baseline measurement was not recorded in a comparable file, but the order of magnitude is unchanged. No bundle regression.

Cold-mount p95 latency (NFT-PERF-02): not measured this cycle because the e2e Playwright perf project is still pending (see below). The AZ-510 unit tests cover the wire-shape contract (FT-P-01 un-quarantined) but do not measure latency. Coverage gap acknowledged; closing it requires shipping the Playwright perf project (tracked under AZ-457..AZ-482).

AZ-511 (classColors carve-out) — perf surface

Pure structural move + import-path swap. Function bodies unchanged. No bundle-size delta beyond noise (a second module file is now resolved, but tree-shaking eliminates any per-symbol overhead). No measurable perf impact.

AZ-512 (deferred) — perf surface

No source code changes shipped. No perf impact.

E2E profile status

The script's e2e profile (NFT-PERF-02..10) records SKIP for all scenarios because e2e/playwright.perf.config.ts does not exist yet. Quoting scripts/run-performance-tests.sh:138:

Awaiting NFT-PERF-* task implementations (AZ-457..AZ-482); until then the e2e perf scenarios are SKIPPED.

This is a legitimate skip per the test-run skill's classification:

  • Tracked: AZ-457..AZ-482 are the per-AC tasks that will produce the Playwright perf project.
  • Documented: the script itself names the skip rationale and the unblocking ticket range.
  • Not a "we didn't set something up" workaround — it is a "feature not yet implemented" pattern with a clear unblock path.
  • Coverage cost: NFT-PERF-02 (auth refresh ≤ 200ms p95) — directly relevant to AZ-510 — is therefore not measured this cycle.

Recommendation for the next cycle: prioritise one or more of AZ-457..AZ-482 specifically to deliver the Playwright perf project so NFT-PERF-02 can serve as the regression guard for AZ-510's bootstrap-chain latency.

Until then: AZ-510's latency is verified only at the spec-NFR level, not by an executable threshold check. The console.error diagnostic prefix on the chained /users/me failure path means a backend latency regression that pushes the chain over budget would still surface as a failure event in dev-tools console, but not as a CI gate.

Quarantined scenarios (carry-over, unchanged in cycle 3)

These three are documentary-only in the script — they never gate today and have not been re-classified by cycle 3:

  • NFT-PERF-03 — SSE refresh rotation (deferred to Step 8 hardening — pre-existing).
  • NFT-PERF-08 — panel-width persistence (deferred to Step 4 fix — pre-existing).
  • NFT-PERF-09 — settings save error surfacing (deferred to Step 4 fix — pre-existing).

The NFT-PERF-09 quarantine is interesting in context: AZ-477 (cycle 2) added a Vitest-level test for the same 2 s error budget (tests/settings_resilience.test.tsx), which passed in the cycle 3 functional sanity run (231/231, 14.72 s total). So the behaviour the quarantined NFT-PERF-09 was meant to gate is now covered functionally; the perf-budget aspect remains deferred to the e2e Playwright project.

Verdict

PASS for cycle 3. The single executable scenario (NFT-PERF-01) is well under threshold; all SKIPs are legitimate (Playwright perf project not yet wired, with a tracked unblock path); all QUARANTINES are pre-existing carry-overs.

Coverage gap acknowledged: AZ-510's bootstrap-chain latency (NFT-PERF-02 budget = 200 ms p95) is not executed by an automated gate. Closing this gap requires AZ-457..AZ-482 to ship the Playwright perf project.

Self-verification

  • Static-only profile executed; exit code 0.
  • All scenarios classified per test-run perf-mode step 4 (Pass / Warn / Fail / Unverified / SKIP / QUARANTINE).
  • Each SKIP carries a documented rationale + tracked unblock path.
  • AZ-510 perf surface explicitly addressed (bundle delta + acknowledged latency-gate gap).
  • AZ-511 perf surface explicitly addressed (no measurable impact).
  • AZ-512 perf surface explicitly addressed (deferred, no shipped code).
  • Per-perf-mode gate logic applied: no Warn / Fail → return success.

Pointer back

Raw runner summary: test-output/performance-summary.txt. Cycle 3 implementation report: _docs/03_implementation/implementation_report_auth_classcolors_cycle3.md. Cycle 3 security delta: _docs/05_security/security_report_cycle3_delta.md.

Reference in New Issue View Git Blame Copy Permalink