Add API benchmark suite

Author: justtryingtohelp46

.env.benchmark.example

@@ -0,0 +1,28 @@
+#
+# API benchmark configuration.
+# Copy this file to .env.benchmark before running against a deployed target.
+#
+
+# Leave blank to start the local Express app in-process on a random port.
+# Set this for deployed environments, for example: https://api.example.com
+BENCHMARK_TARGET_URL=
+
+# Optional dedicated benchmark JWTs for protected routes in deployed targets.
+# Local loopback runs generate short-lived benchmark tokens automatically.
+BENCHMARK_ADMIN_TOKEN=
+BENCHMARK_CLIENT_TOKEN=
+BENCHMARK_FREELANCER_TOKEN=
+
+# Full benchmark defaults keep total local requests below the API rate limiter.
+BENCHMARK_REQUESTS_PER_ENDPOINT=8
+BENCHMARK_CONCURRENCY=2
+BENCHMARK_WARMUP_REQUESTS=1
+
+# CI-friendly mode. `npm run benchmark:smoke` sets this automatically.
+BENCHMARK_SMOKE=false
+BENCHMARK_SMOKE_REQUESTS_PER_ENDPOINT=2
+BENCHMARK_SMOKE_CONCURRENCY=1
+BENCHMARK_SMOKE_WARMUP_REQUESTS=0
+
+# Optional output directory override.
+BENCHMARK_RESULTS_DIR=benchmarks/results

.github/workflows/api-benchmark-smoke.yml

@@ -0,0 +1,33 @@
+name: API benchmark smoke
+
+on:
+  pull_request:
+    paths:
+      - "apps/api/**"
+      - "benchmarks/**"
+      - "package.json"
+      - "package-lock.json"
+      - ".github/workflows/api-benchmark-smoke.yml"
+
+permissions:
+  contents: read
+
+jobs:
+  smoke:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run API benchmark smoke
+        run: npm run benchmark:smoke

.gitignore

@@ -3,5 +3,6 @@ node_modules
 dist
 .env
 .env.*
+!.env.benchmark.example
 coverage
 *.log

apps/api/package.json

@@ -5,7 +5,7 @@
   "scripts": {
     "dev": "node src/server.js",
     "start": "node src/server.js",
-    "test": "node --test src/tests"
+    "test": "node --test src/tests/*.test.js"
   },
   "dependencies": {
     "cors": "^2.8.5",

benchmarks/README.md

@@ -0,0 +1,70 @@
+# API Benchmarks
+
+This directory contains the reproducible API benchmark for every route mounted under `/api/*`, plus the public `/health` probe.
+
+## Commands
+
+Run the full local benchmark:
+
+```sh
+npm run benchmark
+```
+
+Run the CI smoke benchmark:
+
+```sh
+npm run benchmark:smoke
+```
+
+Both commands write:
+
+- `benchmarks/results/latest.json`
+- `benchmarks/results/latest.md`
+
+## Configuration
+
+Copy `.env.benchmark.example` to `.env.benchmark` when you need to override defaults.
+
+By default the runner starts the local Express app in-process on a random port. Set `BENCHMARK_TARGET_URL` to benchmark a deployed API instead.
+
+Protected routes need dedicated benchmark tokens when running against a deployed target:
+
+```sh
+BENCHMARK_TARGET_URL=https://api.example.com
+BENCHMARK_ADMIN_TOKEN=<dedicated benchmark admin jwt>
+```
+
+For local loopback runs, the benchmark generates short-lived JWTs with a `benchmark: true` claim using the app's configured `JWT_SECRET`.
+
+## Coverage
+
+The endpoint matrix lives in `benchmarks/endpoints.mjs` and currently covers:
+
+- `/api/auth/register`
+- `/api/auth/login`
+- `/api/auth/oauth/:provider/callback`
+- `/api/auth/refresh`
+- `/api/users`
+- `/api/jobs`
+- `/api/proposals`
+- `/api/payments`
+- `/api/reviews`
+- `/api/messages`
+- `/api/notifications`
+- `/api/uploads`
+- `/api/search`
+- `/api/admin/metrics`
+
+Each endpoint includes a realistic request scenario and payload where the route accepts a request body.
+
+## Metrics
+
+The runner records:
+
+- p50, p95 and p99 full-response latency
+- p50, p95 and p99 time to first byte
+- sustained and peak requests per second
+- error rate
+- status-code distribution
+
+Thresholds for CI live in `benchmarks/thresholds.json`.

benchmarks/endpoints.mjs

@@ -0,0 +1,216 @@
+export const benchmarkEndpoints = [
+  {
+    name: "health-check",
+    method: "GET",
+    path: "/health",
+    expectedStatus: 200,
+    scenario: "Public health probe used by uptime checks and deployment smoke tests."
+  },
+  {
+    name: "auth-register-client",
+    method: "POST",
+    path: "/api/auth/register",
+    expectedStatus: 201,
+    scenario: "Client creates a new account before posting freelance work.",
+    json: ({ nextId }) => ({
+      email: `benchmark.client.${nextId()}@example.com`,
+      password: "benchmark-pass-123",
+      role: "client"
+    })
+  },
+  {
+    name: "auth-login-client",
+    method: "POST",
+    path: "/api/auth/login",
+    expectedStatus: 200,
+    scenario: "Existing client signs in with email and password.",
+    json: () => ({
+      email: "benchmark.client@example.com",
+      password: "benchmark-pass-123"
+    })
+  },
+  {
+    name: "auth-oauth-callback",
+    method: "GET",
+    path: "/api/auth/oauth/github/callback",
+    expectedStatus: 200,
+    scenario: "OAuth provider callback reaches the API callback endpoint."
+  },
+  {
+    name: "auth-refresh-token",
+    method: "POST",
+    path: "/api/auth/refresh",
+    expectedStatus: 200,
+    scenario: "Authenticated session requests a refreshed access token."
+  },
+  {
+    name: "users-list",
+    method: "GET",
+    path: "/api/users",
+    expectedStatus: 200,
+    scenario: "Directory view loads users for marketplace discovery."
+  },
+  {
+    name: "users-create-freelancer",
+    method: "POST",
+    path: "/api/users",
+    expectedStatus: 201,
+    scenario: "Freelancer profile is created with portfolio metadata.",
+    json: ({ nextId }) => ({
+      email: `benchmark.freelancer.${nextId()}@example.com`,
+      name: "Benchmark Freelancer",
+      role: "freelancer",
+      skills: ["node.js", "api performance", "sql"],
+      hourlyRate: 85
+    })
+  },
+  {
+    name: "jobs-list",
+    method: "GET",
+    path: "/api/jobs",
+    expectedStatus: 200,
+    scenario: "Marketplace job list is loaded by a freelancer browsing work."
+  },
+  {
+    name: "jobs-create",
+    method: "POST",
+    path: "/api/jobs",
+    expectedStatus: 201,
+    scenario: "Client posts a realistic API performance optimisation job.",
+    json: ({ nextId }) => ({
+      title: `Benchmark API optimisation ${nextId()}`,
+      description: "Audit API latency, add dashboard metrics, and reduce p95 response time for high-traffic endpoints.",
+      budgetMin: 750,
+      budgetMax: 2500,
+      categoryId: "cat_api_engineering",
+      skills: ["node.js", "express", "benchmarking", "observability"]
+    })
+  },
+  {
+    name: "proposals-list",
+    method: "GET",
+    path: "/api/proposals",
+    expectedStatus: 200,
+    scenario: "Client reviews proposals submitted for open work."
+  },
+  {
+    name: "proposals-create",
+    method: "POST",
+    path: "/api/proposals",
+    expectedStatus: 201,
+    scenario: "Freelancer submits a detailed proposal against a job.",
+    json: ({ nextId }) => ({
+      jobId: `job_benchmark_${nextId()}`,
+      freelancerId: "usr_benchmark_freelancer",
+      coverLetter: "I will profile the critical API routes, publish reproducible results, and tune the slowest handlers.",
+      bidAmount: 1200,
+      deliveryDays: 5
+    })
+  },
+  {
+    name: "payments-create",
+    method: "POST",
+    path: "/api/payments",
+    expectedStatus: 201,
+    scenario: "Client opens an escrow-style payment intent for accepted work.",
+    json: ({ nextId }) => ({
+      proposalId: `prp_benchmark_${nextId()}`,
+      amount: 1200,
+      currency: "usd",
+      customerId: "cus_benchmark_client"
+    })
+  },
+  {
+    name: "reviews-list",
+    method: "GET",
+    path: "/api/reviews",
+    expectedStatus: 200,
+    scenario: "Public profile loads completed-work reviews."
+  },
+  {
+    name: "reviews-create",
+    method: "POST",
+    path: "/api/reviews",
+    expectedStatus: 201,
+    scenario: "Client leaves a post-project review for a freelancer.",
+    json: ({ nextId }) => ({
+      contractId: `ctr_benchmark_${nextId()}`,
+      reviewerId: "usr_benchmark_client",
+      revieweeId: "usr_benchmark_freelancer",
+      rating: 5,
+      comment: "Delivered the benchmark report quickly with clear latency improvements."
+    })
+  },
+  {
+    name: "messages-list",
+    method: "GET",
+    path: "/api/messages",
+    expectedStatus: 200,
+    scenario: "Conversation pane fetches project messages."
+  },
+  {
+    name: "messages-create",
+    method: "POST",
+    path: "/api/messages",
+    expectedStatus: 201,
+    scenario: "Client sends project clarification to a freelancer.",
+    json: ({ nextId }) => ({
+      threadId: `thr_benchmark_${nextId()}`,
+      senderId: "usr_benchmark_client",
+      recipientId: "usr_benchmark_freelancer",
+      body: "Please include p50, p95, p99, sustained RPS, peak RPS, error rate, and TTFB in the report."
+    })
+  },
+  {
+    name: "notifications-list",
+    method: "GET",
+    path: "/api/notifications",
+    expectedStatus: 200,
+    scenario: "User notification drawer loads recent events."
+  },
+  {
+    name: "notifications-create",
+    method: "POST",
+    path: "/api/notifications",
+    expectedStatus: 201,
+    scenario: "System creates a notification for a new proposal.",
+    json: ({ nextId }) => ({
+      userId: "usr_benchmark_client",
+      type: "proposal_received",
+      title: "New benchmark proposal received",
+      body: `Proposal ${nextId()} includes latency and throughput reporting.`
+    })
+  },
+  {
+    name: "uploads-create",
+    method: "POST",
+    path: "/api/uploads",
+    expectedStatus: 201,
+    scenario: "Freelancer uploads a small project artefact.",
+    multipart: ({ nextId }) => ({
+      files: [
+        {
+          field: "file",
+          filename: `benchmark-report-${nextId()}.txt`,
+          type: "text/plain",
+          content: "Synthetic benchmark upload payload for API coverage.\n"
+        }
+      ]
+    })
+  },
+  {
+    name: "search-global",
+    method: "GET",
+    path: "/api/search?q=api%20benchmark",
+    expectedStatus: 200,
+    scenario: "Global search looks for API benchmark related marketplace data."
+  },
+  {
+    name: "admin-metrics",
+    method: "GET",
+    path: "/api/admin/metrics",
+    expectedStatus: 200,
+    auth: "admin",
+    scenario: "Admin user loads platform metrics with a dedicated benchmark token."
+  }
+];