feat(cli-build): inject early-auth probe script during studio build#1294
Draft
jordanl17 wants to merge 8 commits into
Draft
feat(cli-build): inject early-auth probe script during studio build#1294jordanl17 wants to merge 8 commits into
jordanl17 wants to merge 8 commits into
Conversation
Contributor
📦 Bundle Stats —
|
| Metric | Value | vs main (fe61c5d) |
|---|---|---|
| Internal (raw) | 2.1 KB | - |
| Internal (gzip) | 799 B | - |
| Bundled (raw) | 11.13 MB | - |
| Bundled (gzip) | 2.10 MB | - |
| Import time | 854ms | +7ms, +0.8% |
bin:sanity
| Metric | Value | vs main (fe61c5d) |
|---|---|---|
| Internal (raw) | 782 B | - |
| Internal (gzip) | 423 B | - |
| Bundled (raw) | 9.87 MB | - |
| Bundled (gzip) | 1.77 MB | - |
| Import time | 1.91s | +5ms, +0.2% |
🗺️ View treemap · Artifacts
Details
- Import time regressions over 10% are flagged with
⚠️ - Sizes shown as raw / gzip 🗜️. Internal bytes = own code only. Total bytes = with all dependencies. Import time = Node.js cold-start median.
📦 Bundle Stats — @sanity/cli-core
Compared against main (fe61c5dd)
| Metric | Value | vs main (fe61c5d) |
|---|---|---|
| Internal (raw) | 98.2 KB | - |
| Internal (gzip) | 23.3 KB | - |
| Bundled (raw) | 21.70 MB | - |
| Bundled (gzip) | 3.45 MB | - |
| Import time | 753ms | -2ms, -0.3% |
🗺️ View treemap · Artifacts
Details
- Import time regressions over 10% are flagged with
⚠️ - Sizes shown as raw / gzip 🗜️. Internal bytes = own code only. Total bytes = with all dependencies. Import time = Node.js cold-start median.
📦 Bundle Stats — create-sanity
Compared against main (fe61c5dd)
| Metric | Value | vs main (fe61c5d) |
|---|---|---|
| Internal (raw) | 908 B | - |
| Internal (gzip) | 483 B | - |
| Bundled (raw) | 931 B | - |
| Bundled (gzip) | 491 B | - |
| Import time | ❌ ChildProcess denied: node | - |
Details
- Import time regressions over 10% are flagged with
⚠️ - Sizes shown as raw / gzip 🗜️. Internal bytes = own code only. Total bytes = with all dependencies. Import time = Node.js cold-start median.
Contributor
Coverage Delta
Comparing 7 changed files against main @ Overall Coverage
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The studio's first
/users/merequest waits for the multi-MB module bundle to download and evaluate - a round-trip that could start during HTML parse instead.This PR injects an inline early-auth probe as the first
<head>child of production-built studioindex.htmlwhencliConfig.api.projectIdis set. The script fires the tagged/users/mefetch (stored token as Authorization header, else cookie credentials) and parks the result onwindow.__sanityEarlyAuthfor the studio's auth store (companion consumer: sanity-io/sanity#13081). The probe is authored as a real TypeScript module,earlyAuthProbeScript.ts, transformed to inlinable JS at build time via Vite'stransformWithOxc(~1.4KB, memoized per build); the build fails loudly if module syntax survives. Absent or invalid projectId skips injection, the dev server is untouched, and any runtime error leaves the global unset - a clean no-op until a studio ships the consumer, with no release-order hazard.Why it matters (validated against 14 days of prod telemetry, 137k sessions): the auth round-trip is serialized after bundle eval on every studio load today, and the probe pre-pays it during HTML parse - a steady ~4-5% median (p50) improvement, ~100-150ms on every load for every user once studios rebuild on the new CLI. Slow-network users gain the most per load (3g round-trips run 0.5-2s). The change is strictly additive: a missed or stale probe costs nothing and falls through to today's behavior exactly.
What to review
earlyAuthProbeScript.ts- self-contained by contract (zero value imports; the transform inlines, it does not bundle). Thev2026-05-04path segment must stay in sync with the monorepo'sAUTH_API_VERSION(breadcrumb in file).decorateIndexWithEarlyAuthScript.ts- source resolution (.tsunder vitest, compiled.jsin dist), export stripping, host selection:api.sanity.iodefault,api.sanity.workonly underisStaging().plugin-sanity-build-entries.tsso the probe is the first<head>child.unsafe-inline) and custom documents without a<head>- the same constraints as the existing staging/importmap inline scripts.Testing
27 tests: skip guards, host selection including the unset-env production default, injection position, full probe URL pinned, no-module-syntax assertion, and jsdom runtime tests that execute the injected script (token vs cookie selection, the three result discriminants the consumer depends on, error leaves the global unset). Dist-path resolution verified against the built package.
How this fits
Part of the studio startup performance effort: this is the injector half of the early auth probe (a consistent ~4-5% median auth-ready win - it removes the one network round-trip that every load pays serially after bundle eval); the consumer half is sanity-io/sanity#13081. Independent of the other startup PRs - either half can ship first (the consumer treats an absent probe as a miss).