[codex] add performance benchmarks

[riderx]

Summary (AI generated)

• Adds a Bun-backed benchmark command and makes the CodSpeed PR workflow use it.
• Adds hot-path benchmarks for Capgo CLI helpers, plugin endpoint request parsing, update response shaping, checksums, and compatibility checks.
• Removes per-device debug logging from the device comparison hot path so production and benchmarks do not spend time writing comparison logs.
• Keeps benchmark files out of the app typecheck while preserving dedicated benchmark lint and execution.

Motivation (AI generated)

Recent production performance regressions need to be caught before merge. CodSpeed was installed but only covered a few utility helpers and the workflow still invoked the benchmark runner through npm-style tooling. This expands PR performance coverage around the paths most likely to affect CLI uploads and plugin traffic.

Business Impact (AI generated)

This reduces the chance of shipping changes that slow down update checks, stats ingestion, channel self-selection, and CLI upload preparation. Better PR performance signal protects production reliability for high-volume plugin traffic and lowers incident risk from accidental hot-path regressions.

Test Plan (AI generated)

• bun run lint:backend
• bunx eslint "benches/**/*.ts" vitest.config.bench.ts
• bun run cli:lint
• bun run cli:typecheck
• bun run cli:build
• bunx vitest run tests/device_comparison.test.ts
• bun typecheck
• bun run bench

Generated with AI

Summary by CodeRabbit

• New Features

  • Added multiple benchmark suites for CLI and plugin hot paths and a new bench script for easy execution.

• Chores

  • CI benchmark workflow now runs benchmarks via Bun.
  • Benchmark runner configured with path aliases; TypeScript config updated to exclude benchmarks.
  • Capacitor CLI type declarations updated.

• Bug Fixes

  • Removed debug logging from device-comparison logic.

• Tests

  • Minor benchmark label tweaks and broader edge-case coverage.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d0f40bc4-f5bd-4a29-a7f4-49ed4db3ed08

📥 Commits

Reviewing files that changed from the base of the PR and between e33e3fb and 44d9063.

📒 Files selected for processing (12)

• .github/workflows/codspeed.yml
• benches/cli-hot-paths.bench.ts
• benches/cloudflare-utils.bench.ts
• benches/device-comparison.bench.ts
• benches/password-policy.bench.ts
• benches/plugin-hot-paths.bench.ts
• cli/src/types/capacitor__cli.d.ts
• cli/tsconfig.json
• package.json
• supabase/functions/_backend/utils/deviceComparison.ts
• tsconfig.json
• vitest.config.bench.ts

✅ Files skipped from review due to trivial changes (9)

• tsconfig.json
• benches/password-policy.bench.ts
• benches/device-comparison.bench.ts
• cli/tsconfig.json
• .github/workflows/codspeed.yml
• package.json
• benches/cloudflare-utils.bench.ts
• vitest.config.bench.ts
• benches/cli-hot-paths.bench.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• cli/src/types/capacitor__cli.d.ts

---

📝 Walkthrough

Walkthrough

Adds benchmark configuration and suites, updates Capacitor CLI typings to async, configures TypeScript/Vitest for bench runs, adds a bench script and CI step change, and removes device-comparison logging.

Changes

Benchmark Infrastructure and Suite Addition

Layer / File(s)	Summary
Type Definitions for Async Capacitor APIs cli/src/types/capacitor__cli.d.ts	Introduces CapacitorCliConfig interface and updates loadConfig() to return Promise<CapacitorCliConfig), writeConfig() to return Promise<void>.
Benchmark Configuration vitest.config.bench.ts, tsconfig.json, cli/tsconfig.json	Adds path aliases (@capgo/cli/sdk → cli/src/sdk.ts, ~/ → src/) to Vitest config; excludes benches/ from type checking; updates cli/tsconfig.json typeRoots.
NPM Scripts and CodSpeed Workflow package.json, .github/workflows/codspeed.yml	Adds bench script (vitest bench --config vitest.config.bench.ts --run); updates CodSpeed workflow to execute bun run bench in simulation mode.
CLI Hot Paths Benchmarks benches/cli-hot-paths.bench.ts	New suite with fixtures for bundle and updater versions, a compatibility matrix, checksum payload; benchmarks semver validation, version suggestions/auto-bump, updater deprecation checks, compatibility classification, and checksum functions.
Plugin Hot Paths Benchmarks benches/plugin-hot-paths.bench.ts	New suite with request/response fixtures and contexts; benchmarks parsePluginBody, convertQueryToBody, makeDevice, resToVersion, and getUpdateResponseKind.
Existing Benchmark Updates benches/cloudflare-utils.bench.ts, benches/device-comparison.bench.ts, benches/password-policy.bench.ts	Minor labeling and import-order edits: NaN and Infinity → nan and infinity, import reorder, ASCII password → ascii password.
Device Comparison Cleanup supabase/functions/_backend/utils/deviceComparison.ts	Removes cloudlog import and debug logging; simplifies hasComparableDeviceChanged to return the direct field-inequality result.

Sequence Diagram(s)

sequenceDiagram
  participant CodSpeed
  participant GitHubWorkflow
  participant Bun
  participant Vitest
  CodSpeed->>GitHubWorkflow: run simulation step
  GitHubWorkflow->>Bun: bun run bench
  Bun->>Vitest: vitest bench --config vitest.config.bench.ts --run
  Vitest->>Vitest: execute benches/**/*.bench.ts

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Cap-go/capgo#1973: Updates action refs in .github/workflows/codspeed.yml alongside this PR's modification of the same workflow file.

Poem

🐰 Bun thumps the bench at early light,
fixtures scurry, semvers take flight,
plugins parse while checksums hum,
types went async — the tests will come,
quiet logs — the rabbit hops on.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title '[codex] add performance benchmarks' accurately describes the main change: adding new benchmark files and infrastructure for performance testing.
Description check	✅ Passed	The description includes Summary, Test plan (marked complete with checkboxes), and motivation/business impact sections, but lacks explicit Screenshots section and Checklist items are not checked as required by template.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/perf-test-coverage

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codspeed-hq]

Merging this PR will improve performance by ×53

⚡ 3 improved benchmarks
✅ 23 untouched benchmarks
🆕 17 new benchmarks
⏩ 2 skipped benchmarks¹

Performance Changes

	Benchmark	BASE	HEAD	Efficiency
🆕	sha256 checksum for medium bundle payload	N/A	1.2 ms	N/A
🆕	classify native package compatibility - isCompatible	N/A	148.8 µs	N/A
🆕	classify native package compatibility - getCompatibilityDetails	N/A	175.3 µs	N/A
🆕	auto bump bundle versions	N/A	160.5 µs	N/A
🆕	crc32 checksum for medium bundle payload	N/A	24.7 ms	N/A
🆕	classify updater support windows	N/A	84.3 µs	N/A
🆕	/channel_self GET query normalization	N/A	162.6 µs	N/A
🆕	/channel_self set payload validation	N/A	75.2 µs	N/A
🆕	suggest replacement bundle versions	N/A	224.7 µs	N/A
🆕	/stats payload validation	N/A	93.8 µs	N/A
🆕	/updates payload validation	N/A	142.2 µs	N/A
🆕	validate bundle semver candidates	N/A	26.1 µs	N/A
🆕	device row normalization	N/A	97.8 µs	N/A
🆕	/updates error kind classification	N/A	20.3 µs	N/A
🆕	/updates manifest response with metadata	N/A	121.2 µs	N/A
🆕	nan and infinity	N/A	17.8 µs	N/A
🆕	ascii password	N/A	40.6 µs	N/A
⚡	changes detected (version_name differs)	1,668.2 µs	41.6 µs	×40
⚡	no changes detected	1,001.8 µs	43.8 µs	×23
⚡	sparse existing vs full device	1,667.6 µs	31.2 µs	×53

---

_{Comparing codex/perf-test-coverage (44d9063) with main (0b6c1e0)²}

Footnotes

1. 2 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on main (96bdca5) during the generation of this report, so 0b6c1e0 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[coderabbitai]

🧹 Nitpick comments (1)

benches/plugin-hot-paths.bench.ts (1)

19-60: ⚡ Quick win

Use non-numeric UUID fixtures to prevent security-scan false positives.

Several device_id fixtures (for example at Line 21) are numeric-heavy UUIDs and can be flagged as payment-card-like tokens by scanners. Swapping them to valid hex UUIDs with letters keeps schema realism and reduces noisy alerts.

Proposed fixture-only update

-  device_id: '11111111-1111-4111-8111-111111111111',
+  device_id: 'aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa',

-  device_id: '22222222-2222-4222-8222-222222222222',
+  device_id: 'bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb',

-  device_id: '33333333-3333-4333-8333-333333333333',
+  device_id: 'cccccccc-cccc-4ccc-8ccc-cccccccccccc',

-  device_id: '44444444-4444-4444-8444-444444444444',
+  device_id: 'dddddddd-dddd-4ddd-8ddd-dddddddddddd',

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@benches/plugin-hot-paths.bench.ts` around lines 19 - 60, Several device_id
fixtures (in updatePayload, statsPayload, channelSelfPayload, and
channelSelfQuery) use numeric-heavy UUIDs that can trigger security scanners;
replace those UUID strings with valid hex-containing UUIDs (include letters a–f)
to keep realism and avoid false positives—update the device_id values in the
objects named updatePayload, statsPayload, channelSelfPayload, and the device_id
in channelSelfQuery accordingly while leaving all other fields unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@benches/plugin-hot-paths.bench.ts`:
- Around line 19-60: Several device_id fixtures (in updatePayload, statsPayload,
channelSelfPayload, and channelSelfQuery) use numeric-heavy UUIDs that can
trigger security scanners; replace those UUID strings with valid hex-containing
UUIDs (include letters a–f) to keep realism and avoid false positives—update the
device_id values in the objects named updatePayload, statsPayload,
channelSelfPayload, and the device_id in channelSelfQuery accordingly while
leaving all other fields unchanged.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7db86d64-7da2-4e50-9957-dd40b43c0127

📥 Commits

Reviewing files that changed from the base of the PR and between 4cff0be and 4035a99.

📒 Files selected for processing (12)

• .github/workflows/codspeed.yml
• benches/cli-hot-paths.bench.ts
• benches/cloudflare-utils.bench.ts
• benches/device-comparison.bench.ts
• benches/password-policy.bench.ts
• benches/plugin-hot-paths.bench.ts
• cli/src/types/capacitor__cli.d.ts
• cli/tsconfig.json
• package.json
• supabase/functions/_backend/utils/deviceComparison.ts
• tsconfig.json
• vitest.config.bench.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@benches/cli-hot-paths.bench.ts`:
- Around line 62-66: The fixture assertion in the bench 'validate bundle semver
candidates' only ensures each bundleVersions entry matches regexSemver or is
'invalid-version' but doesn't ensure the 'invalid-version' fixture itself does
not accidentally match; update the loop that iterates bundleVersions to also
assert that when version === 'invalid-version' it fails regexSemver (i.e., throw
an error if regexSemver.test(version) is true for the 'invalid-version'
fixture), referencing the bench name, the bundleVersions array, and the
regexSemver variable so both positive and negative expectations are protected.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eabea51f-ee1a-4089-b3fa-27c47ce53755

📥 Commits

Reviewing files that changed from the base of the PR and between 4035a99 and cd73dbb.

📒 Files selected for processing (12)

• .github/workflows/codspeed.yml
• benches/cli-hot-paths.bench.ts
• benches/cloudflare-utils.bench.ts
• benches/device-comparison.bench.ts
• benches/password-policy.bench.ts
• benches/plugin-hot-paths.bench.ts
• cli/src/types/capacitor__cli.d.ts
• cli/tsconfig.json
• package.json
• supabase/functions/_backend/utils/deviceComparison.ts
• tsconfig.json
• vitest.config.bench.ts

✅ Files skipped from review due to trivial changes (8)

• benches/password-policy.bench.ts
• tsconfig.json
• benches/device-comparison.bench.ts
• benches/cloudflare-utils.bench.ts
• vitest.config.bench.ts
• .github/workflows/codspeed.yml
• cli/src/types/capacitor__cli.d.ts
• cli/tsconfig.json

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

🧹 Nitpick comments (1)

benches/cli-hot-paths.bench.ts (1)

90-95: ⚡ Quick win

Split compatibility benchmarks to improve regression attribution.

getCompatibilityDetails and isCompatible are timed together, which makes it harder to identify which helper regressed when this bench moves.

Proposed patch

 describe('cli compatibility helpers', () => {
-  bench('classify native package compatibility', () => {
+  bench('classify native package compatibility details', () => {
     for (const entry of compatibilityMatrix) {
       getCompatibilityDetails(entry)
+    }
+  })
+
+  bench('classify native package compatibility boolean', () => {
+    for (const entry of compatibilityMatrix) {
       isCompatible(entry)
     }
   })
 })

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@benches/cli-hot-paths.bench.ts` around lines 90 - 95, The benchmark currently
times getCompatibilityDetails and isCompatible together; split them into two
separate benches so each helper is measured independently: create one bench
named something like "classify native package compatibility -
getCompatibilityDetails" that loops over compatibilityMatrix and calls
getCompatibilityDetails(entry), and another bench named "classify native package
compatibility - isCompatible" that loops and calls isCompatible(entry); keep the
same iteration and input (compatibilityMatrix) so results remain comparable.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@benches/cli-hot-paths.bench.ts`:
- Around line 90-95: The benchmark currently times getCompatibilityDetails and
isCompatible together; split them into two separate benches so each helper is
measured independently: create one bench named something like "classify native
package compatibility - getCompatibilityDetails" that loops over
compatibilityMatrix and calls getCompatibilityDetails(entry), and another bench
named "classify native package compatibility - isCompatible" that loops and
calls isCompatible(entry); keep the same iteration and input
(compatibilityMatrix) so results remain comparable.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 84f34295-2c4a-455f-ba6e-1fd48b55248a

📥 Commits

Reviewing files that changed from the base of the PR and between cd73dbb and e33e3fb.

📒 Files selected for processing (12)

• .github/workflows/codspeed.yml
• benches/cli-hot-paths.bench.ts
• benches/cloudflare-utils.bench.ts
• benches/device-comparison.bench.ts
• benches/password-policy.bench.ts
• benches/plugin-hot-paths.bench.ts
• cli/src/types/capacitor__cli.d.ts
• cli/tsconfig.json
• package.json
• supabase/functions/_backend/utils/deviceComparison.ts
• tsconfig.json
• vitest.config.bench.ts

✅ Files skipped from review due to trivial changes (8)

• tsconfig.json
• benches/device-comparison.bench.ts
• .github/workflows/codspeed.yml
• package.json
• cli/tsconfig.json
• benches/cloudflare-utils.bench.ts
• benches/password-policy.bench.ts
• vitest.config.bench.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• cli/src/types/capacitor__cli.d.ts

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud