typescript-virtual-container 1.2.0 → 1.2.1

package/src/SSHMimic/index.ts

@@ -1,6 +1,7 @@
 import { EventEmitter } from "node:events";
 import { Server as SshServer } from "ssh2";
 import { VirtualShell } from "../VirtualShell";
+import { createPerfLogger, type PerfLogger } from "../utils/perfLogger";
 import { runExec } from "./exec";
 import { loadOrCreateHostKey } from "./hostKey";
 
@@ -11,6 +12,8 @@ import { loadOrCreateHostKey } from "./hostKey";
  * Create an instance, call {@link SshMimic.start}, and stop it with
  * {@link SshMimic.stop} when your process exits.
  */
+const perf: PerfLogger = createPerfLogger("SshMimic");
+
 class SshMimic extends EventEmitter {
 	port: number;
 	server: SshServer | null;
@@ -34,6 +37,7 @@ class SshMimic extends EventEmitter {
 		shell?: VirtualShell;
 	}) {
 		super();
+		perf.mark("constructor");
 		this.port = port;
 		this.shellHostname = hostname;
 		this.server = null;
@@ -46,6 +50,7 @@ class SshMimic extends EventEmitter {
 	 * @returns Promise resolved with bound listening port.
 	 */
 	public async start(): Promise<number> {
+		perf.mark("start");
 		const shell = this.shell;
 		const privateKey = loadOrCreateHostKey();
 
@@ -169,6 +174,7 @@ class SshMimic extends EventEmitter {
 	 * Stops server if running.
 	 */
 	public stop(): void {
+		perf.mark("stop");
 		if (this.server) {
 			this.server.close(() => {
 				console.log("SSH Mimic stopped");

package/src/SSHMimic/sftp.ts

@@ -3,10 +3,12 @@ import { EventEmitter } from "node:events";
 import * as path from "node:path";
 import type { AuthenticationType, KeyboardAuthContext } from "ssh2";
 import { Server as SshServer } from "ssh2";
+import type { VfsNodeStats } from "../types/vfs";
+import type { PerfLogger } from "../utils/perfLogger";
+import { createPerfLogger } from "../utils/perfLogger";
 import type VirtualFileSystem from "../VirtualFileSystem";
 import { VirtualShell } from "../VirtualShell";
 import type { VirtualUserManager } from "../VirtualUserManager";
-import type { VfsNodeStats } from "../types/vfs";
 import { loadOrCreateHostKey } from "./hostKey";
 
 const SFTP_STATUS_CODE = {
@@ -30,6 +32,8 @@ const OPEN_MODE = {
 	EXCL: 0x00000020,
 };
 
+const perf: PerfLogger = createPerfLogger("SftpMimic");
+
 interface SftpFileHandle {
 	type: "file";
 	path: string;
@@ -154,6 +158,7 @@ export class SftpMimic extends EventEmitter {
 		users,
 	}: SftpMimicOptions) {
 		super();
+		perf.mark("constructor");
 		this.port = port;
 		this.server = null;
 		this.hostname = hostname;
@@ -184,6 +189,7 @@ export class SftpMimic extends EventEmitter {
 	}
 
 	public async start(): Promise<number> {
+		perf.mark("start");
 		const privateKey = loadOrCreateHostKey();
 
 		// Ensure VirtualShell is fully initialized before accepting connections
@@ -336,6 +342,7 @@ export class SftpMimic extends EventEmitter {
 	}
 
 	public stop(): void {
+		perf.mark("stop");
 		if (this.server) {
 			this.server.close(() => {
 				console.log("SFTP Mimic stopped");

package/src/VirtualFileSystem/index.ts

@@ -7,6 +7,8 @@ import type {
 	VfsNodeStats,
 	WriteFileOptions,
 } from "../types/vfs";
+import type { PerfLogger } from "../utils/perfLogger";
+import { createPerfLogger } from "../utils/perfLogger";
 import { normalizePath } from "./path";
 
 /**
@@ -16,6 +18,8 @@ import { normalizePath } from "./path";
  * {@link VirtualFileSystem.restoreMirror} on startup and
  * {@link VirtualFileSystem.flushMirror} to persist pending changes.
  */
+const perf: PerfLogger = createPerfLogger("VirtualFileSystem");
+
 class VirtualFileSystem extends EventEmitter {
 	private readonly mirrorRoot: string;
 
@@ -95,6 +99,7 @@ class VirtualFileSystem extends EventEmitter {
 	 */
 	constructor(baseDir: string = process.cwd()) {
 		super();
+		perf.mark("constructor");
 		this.mirrorRoot = path.resolve(baseDir, ".vfs", "mirror");
 	}
 
@@ -104,6 +109,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * If archive does not exist or cannot be read, creates fresh mirror file.
 	 */
 	public async restoreMirror(): Promise<void> {
+		perf.mark("restoreMirror");
 		this.ensureMirrorRoot();
 	}
 
@@ -113,6 +119,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * No-op when nothing changed and archive already exists.
 	 */
 	public async flushMirror(): Promise<void> {
+		perf.mark("flushMirror");
 		this.ensureMirrorRoot();
 		this.emit("mirror:flush");
 	}
@@ -124,6 +131,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @param mode POSIX-like mode bits for new directories.
 	 */
 	public mkdir(targetPath: string, mode: number = 0o755): void {
+		perf.mark("mkdir");
 		this.ensureMirrorRoot();
 		const fsPath = this.resolveFsPath(targetPath);
 		if (fs.existsSync(fsPath) && !fs.statSync(fsPath).isDirectory()) {
@@ -149,6 +157,7 @@ class VirtualFileSystem extends EventEmitter {
 		content: string | Buffer,
 		options: WriteFileOptions = {},
 	): void {
+		perf.mark("writeFile");
 		this.ensureMirrorRoot();
 		const normalized = normalizePath(targetPath);
 		const fsPath = this.resolveFsPath(normalized);
@@ -181,6 +190,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @returns UTF-8 string content.
 	 */
 	public readFile(targetPath: string): string {
+		perf.mark("readFile");
 		this.ensureMirrorRoot();
 		const fsPath = this.resolveFsPath(targetPath);
 		if (!fs.existsSync(fsPath) || !fs.statSync(fsPath).isFile()) {
@@ -201,6 +211,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @returns True when file or directory exists.
 	 */
 	public exists(targetPath: string): boolean {
+		perf.mark("exists");
 		try {
 			const fsPath = this.resolveFsPath(targetPath);
 			return fs.existsSync(fsPath);
@@ -216,6 +227,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @param mode New POSIX-like mode.
 	 */
 	public chmod(targetPath: string, mode: number): void {
+		perf.mark("chmod");
 		const fsPath = this.resolveFsPath(targetPath);
 		if (!fs.existsSync(fsPath)) {
 			throw new Error(`Path '${normalizePath(targetPath)}' does not exist.`);
@@ -230,6 +242,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @returns Typed stat object based on node type.
 	 */
 	public stat(targetPath: string): VfsNodeStats {
+		perf.mark("stat");
 		this.ensureMirrorRoot();
 		const normalized = normalizePath(targetPath);
 		const fsPath = this.resolveFsPath(normalized);
@@ -273,6 +286,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @returns Sorted child names.
 	 */
 	public list(dirPath: string = "/"): string[] {
+		perf.mark("list");
 		const fsPath = this.resolveFsPath(dirPath);
 		if (!fs.existsSync(fsPath) || !fs.statSync(fsPath).isDirectory()) {
 			throw new Error(`Cannot list '${dirPath}': not a directory.`);
@@ -288,6 +302,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @returns Multi-line tree string.
 	 */
 	public tree(dirPath: string = "/"): string {
+		perf.mark("tree");
 		const fsPath = this.resolveFsPath(dirPath);
 		if (!fs.existsSync(fsPath) || !fs.statSync(fsPath).isDirectory()) {
 			throw new Error(`Cannot render tree for '${dirPath}': not a directory.`);
@@ -308,6 +323,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @returns Total byte usage for file content under target path.
 	 */
 	public getUsageBytes(targetPath: string = "/"): number {
+		perf.mark("getUsageBytes");
 		const fsPath = this.resolveFsPath(targetPath);
 		if (!fs.existsSync(fsPath)) {
 			throw new Error(`Path '${normalizePath(targetPath)}' does not exist.`);
@@ -321,6 +337,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @param targetPath Path to file.
 	 */
 	public compressFile(targetPath: string): void {
+		perf.mark("compressFile");
 		const fsPath = this.resolveFsPath(targetPath);
 		if (!fs.existsSync(fsPath) || !fs.statSync(fsPath).isFile()) {
 			throw new Error(`Cannot compress '${targetPath}': not a file.`);
@@ -338,6 +355,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @param targetPath Path to file.
 	 */
 	public decompressFile(targetPath: string): void {
+		perf.mark("decompressFile");
 		const fsPath = this.resolveFsPath(targetPath);
 		if (!fs.existsSync(fsPath) || !fs.statSync(fsPath).isFile()) {
 			throw new Error(`Cannot decompress '${targetPath}': not a file.`);
@@ -356,6 +374,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @param options Removal options, including recursive delete.
 	 */
 	public remove(targetPath: string, options: RemoveOptions = {}): void {
+		perf.mark("remove");
 		const normalized = normalizePath(targetPath);
 		if (normalized === "/") {
 			throw new Error("Cannot remove root directory.");
@@ -390,6 +409,7 @@ class VirtualFileSystem extends EventEmitter {
 	 * @param toPath Destination path.
 	 */
 	public move(fromPath: string, toPath: string): void {
+		perf.mark("move");
 		const fromNormalized = normalizePath(fromPath);
 		const toNormalized = normalizePath(toPath);
 

package/src/VirtualShell/index.ts

@@ -3,6 +3,8 @@ import { EventEmitter } from "node:events";
 import { createCustomCommand, registerCommand, runCommand } from "../commands";
 import type { CommandContext, CommandResult } from "../types/commands";
 import type { ShellStream } from "../types/streams";
+import type { PerfLogger } from "../utils/perfLogger";
+import { createPerfLogger } from "../utils/perfLogger";
 import VirtualFileSystem from "../VirtualFileSystem";
 import { VirtualUserManager } from "../VirtualUserManager";
 import { startShell } from "./shell";
@@ -19,13 +21,23 @@ const defaultShellProperties: ShellProperties = {
 	arch: "x86_64",
 };
 
+const perf: PerfLogger = createPerfLogger("VirtualShell");
+
+let cachedRootPassword: string | null = null;
+
 function resolveRootPassword(): string {
+	if (cachedRootPassword) {
+		return cachedRootPassword;
+	}
+
 	const configured = process.env.SSH_MIMIC_ROOT_PASSWORD;
 	if (configured && configured.trim().length > 0) {
-		return configured;
+		cachedRootPassword = configured.trim();
+		return cachedRootPassword;
 	}
 
 	const generated = randomBytes(18).toString("base64url");
+	cachedRootPassword = generated;
 	console.warn(
 		`[ssh-mimic] SSH_MIMIC_ROOT_PASSWORD missing; generated ephemeral root password: ${generated}`,
 	);
@@ -68,6 +80,7 @@ class VirtualShell extends EventEmitter {
 		basePath?: string,
 	) {
 		super();
+		perf.mark("constructor");
 		this.hostname = hostname;
 		this.properties = properties || defaultShellProperties;
 		this.basePath = basePath || ".";
@@ -95,6 +108,7 @@ class VirtualShell extends EventEmitter {
 	 * Call this before any authentication or command execution.
 	 */
 	public async ensureInitialized(): Promise<void> {
+		perf.mark("ensureInitialized");
 		await this.initialized;
 	}
 
@@ -126,6 +140,7 @@ class VirtualShell extends EventEmitter {
 	 * @param cwd
 	 */
 	executeCommand(rawInput: string, authUser: string, cwd: string): void {
+		perf.mark("executeCommand");
 		runCommand(rawInput, authUser, this.hostname, "shell", cwd, this);
 		this.emit("command", { command: rawInput, user: authUser, cwd });
 	}
@@ -146,6 +161,7 @@ class VirtualShell extends EventEmitter {
 		remoteAddress: string,
 		terminalSize: { cols: number; rows: number },
 	): void {
+		perf.mark("startInteractiveSession");
 		// Interactive shell logic
 		this.emit("session:start", { user: authUser, sessionId, remoteAddress });
 		startShell(
@@ -199,6 +215,7 @@ class VirtualShell extends EventEmitter {
 		targetPath: string,
 		content: string | Buffer,
 	): void {
+		perf.mark("writeFileAsUser");
 		this.users.assertWriteWithinQuota(authUser, targetPath, content);
 		this.vfs.writeFile(targetPath, content);
 	}

package/src/VirtualUserManager/index.ts

@@ -1,6 +1,8 @@
-import { randomBytes, randomUUID, scryptSync } from "node:crypto";
+import { createHash, randomBytes, randomUUID, scryptSync } from "node:crypto";
 import { EventEmitter } from "node:events";
 import * as path from "node:path";
+import type { PerfLogger } from "../utils/perfLogger";
+import { createPerfLogger } from "../utils/perfLogger";
 import type VirtualFileSystem from "../VirtualFileSystem";
 
 /** Persisted virtual user credential record. */
@@ -27,12 +29,24 @@ export interface VirtualActiveSession {
 	startedAt: string;
 }
 
+function resolveFastPasswordHash(): boolean {
+	const configured = process.env.SSH_MIMIC_FAST_PASSWORD_HASH;
+	return (
+		!!configured &&
+		!["0", "false", "no", "off"].includes(configured.toLowerCase())
+	);
+}
+
+const perf: PerfLogger = createPerfLogger("VirtualUserManager");
+
 /**
  * Persistent user, sudoers, and active-session manager for the shell runtime.
  *
- * Passwords are hashed with scrypt and stored in the backing virtual filesystem.
+ * Passwords are hashed with scrypt by default and stored in the backing virtual filesystem.
  */
 export class VirtualUserManager extends EventEmitter {
+	private static readonly recordCache = new Map<string, VirtualUserRecord>();
+	private static readonly fastPasswordHash = resolveFastPasswordHash();
 	private readonly usersPath = "/virtual-env-js/.auth/htpasswd";
 	private readonly sudoersPath = "/virtual-env-js/.auth/sudoers";
 	private readonly quotasPath = "/virtual-env-js/.auth/quotas";
@@ -56,6 +70,7 @@ export class VirtualUserManager extends EventEmitter {
 		private readonly autoSudoForNewUsers: boolean = true,
 	) {
 		super();
+		perf.mark("constructor");
 	}
 
 	/**
@@ -63,23 +78,30 @@ export class VirtualUserManager extends EventEmitter {
 	 * Also creates the current system user if not already present.
 	 */
 	public async initialize(): Promise<void> {
+		perf.mark("initialize");
 		this.loadFromVfs();
 		this.loadSudoersFromVfs();
 		this.loadQuotasFromVfs();
 
-		this.users.set("root", this.createRecord("root", this.defaultRootPassword));
+		let changed = false;
+		if (!this.users.has("root")) {
+			this.users.set(
+				"root",
+				this.createRecord("root", this.defaultRootPassword),
+			);
+			changed = true;
+		}
 
 		this.sudoers.add("root");
 
 		// Auto-create current system user for easier authentication
 		const currentUser = process.env.USER || process.env.USERNAME;
 		if (currentUser && currentUser !== "root" && !this.users.has(currentUser)) {
-			// Use same password as root for convenience, or a generic default
 			const userPassword = this.defaultRootPassword;
 			this.users.set(currentUser, this.createRecord(currentUser, userPassword));
 			this.sudoers.add(currentUser);
+			changed = true;
 
-			// Create home directory for the system user
 			const homePath = `/home/${currentUser}`;
 			if (!this.vfs.exists(homePath)) {
 				this.vfs.mkdir(homePath, 0o755);
@@ -90,7 +112,9 @@ export class VirtualUserManager extends EventEmitter {
 			}
 		}
 
-		await this.persist();
+		if (changed) {
+			await this.persist();
+		}
 		this.emit("initialized");
 	}
 
@@ -104,6 +128,7 @@ export class VirtualUserManager extends EventEmitter {
 		username: string,
 		maxBytes: number,
 	): Promise<void> {
+		perf.mark("setQuotaBytes");
 		this.validateUsername(username);
 		if (!this.users.has(username)) {
 			throw new Error(`quota: user '${username}' does not exist`);
@@ -123,6 +148,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @param username Target username.
 	 */
 	public async clearQuota(username: string): Promise<void> {
+		perf.mark("clearQuota");
 		this.validateUsername(username);
 		this.quotas.delete(username);
 		await this.persist();
@@ -135,6 +161,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @returns Quota in bytes, or null when unlimited.
 	 */
 	public getQuotaBytes(username: string): number | null {
+		perf.mark("getQuotaBytes");
 		return this.quotas.get(username) ?? null;
 	}
 
@@ -145,6 +172,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @returns Current usage in bytes.
 	 */
 	public getUsageBytes(username: string): number {
+		perf.mark("getUsageBytes");
 		const homePath = `/home/${username}`;
 		if (!this.vfs.exists(homePath)) {
 			return 0;
@@ -167,6 +195,7 @@ export class VirtualUserManager extends EventEmitter {
 		targetPath: string,
 		nextContent: string | Buffer,
 	): void {
+		perf.mark("assertWriteWithinQuota");
 		const quota = this.quotas.get(username);
 		if (quota === undefined) {
 			return;
@@ -209,6 +238,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @returns True when credentials are valid.
 	 */
 	public verifyPassword(username: string, password: string): boolean {
+		perf.mark("verifyPassword");
 		const record = this.users.get(username);
 		if (!record) {
 			return false;
@@ -224,6 +254,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @param password Initial plaintext password.
 	 */
 	public async addUser(username: string, password: string): Promise<void> {
+		perf.mark("addUser");
 		this.validateUsername(username);
 		this.validatePassword(password);
 
@@ -255,6 +286,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @param password New plaintext password.
 	 */
 	public async setPassword(username: string, password: string): Promise<void> {
+		perf.mark("setPassword");
 		this.validateUsername(username);
 		this.validatePassword(password);
 
@@ -272,6 +304,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @param username Username to remove.
 	 */
 	public async deleteUser(username: string): Promise<void> {
+		perf.mark("deleteUser");
 		this.validateUsername(username);
 
 		if (username === "root") {
@@ -295,6 +328,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @returns True when user can run sudo.
 	 */
 	public isSudoer(username: string): boolean {
+		perf.mark("isSudoer");
 		return this.sudoers.has(username);
 	}
 
@@ -304,6 +338,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @param username Username to promote.
 	 */
 	public async addSudoer(username: string): Promise<void> {
+		perf.mark("addSudoer");
 		this.validateUsername(username);
 		if (!this.users.has(username)) {
 			throw new Error(`sudoers: user '${username}' does not exist`);
@@ -319,6 +354,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @param username Username to demote.
 	 */
 	public async removeSudoer(username: string): Promise<void> {
+		perf.mark("removeSudoer");
 		this.validateUsername(username);
 		if (username === "root") {
 			throw new Error("sudoers: cannot remove root");
@@ -339,6 +375,7 @@ export class VirtualUserManager extends EventEmitter {
 		username: string,
 		remoteAddress: string,
 	): VirtualActiveSession {
+		perf.mark("registerSession");
 		const session: VirtualActiveSession = {
 			id: randomUUID(),
 			username,
@@ -361,6 +398,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @param sessionId Session identifier; ignored when nullish.
 	 */
 	public unregisterSession(sessionId: string | null | undefined): void {
+		perf.mark("unregisterSession");
 		if (!sessionId) {
 			return;
 		}
@@ -388,6 +426,7 @@ export class VirtualUserManager extends EventEmitter {
 		username: string,
 		remoteAddress: string,
 	): void {
+		perf.mark("updateSession");
 		if (!sessionId) {
 			return;
 		}
@@ -410,6 +449,7 @@ export class VirtualUserManager extends EventEmitter {
 	 * @returns Snapshot of active session descriptors.
 	 */
 	public listActiveSessions(): VirtualActiveSession[] {
+		perf.mark("listActiveSessions");
 		return Array.from(this.activeSessions.values()).sort((left, right) =>
 			left.startedAt.localeCompare(right.startedAt),
 		);
@@ -488,47 +528,84 @@ export class VirtualUserManager extends EventEmitter {
 			this.vfs.mkdir(this.authDirPath, 0o700);
 		}
 
-		const content = Array.from(this.users.values())
+		const authContent = Array.from(this.users.values())
 			.sort((left, right) => left.username.localeCompare(right.username))
 			.map((record) =>
 				[record.username, record.salt, record.passwordHash].join(":"),
 			)
 			.join("\n");
-
-		this.vfs.writeFile(
-			this.usersPath,
-			content.length > 0 ? `${content}\n` : "",
-			{ mode: 0o600 },
-		);
 		const sudoersContent = Array.from(this.sudoers.values()).sort().join("\n");
-		this.vfs.writeFile(
-			this.sudoersPath,
-			sudoersContent.length > 0 ? `${sudoersContent}\n` : "",
-			{ mode: 0o600 },
-		);
 		const quotasContent = Array.from(this.quotas.entries())
 			.sort(([left], [right]) => left.localeCompare(right))
 			.map(([username, maxBytes]) => `${username}:${maxBytes}`)
 			.join("\n");
-		this.vfs.writeFile(
-			this.quotasPath,
-			quotasContent.length > 0 ? `${quotasContent}\n` : "",
-			{ mode: 0o600 },
-		);
-		await this.vfs.flushMirror();
+
+		let changed = false;
+		changed =
+			this.writeIfChanged(
+				this.usersPath,
+				authContent.length > 0 ? `${authContent}\n` : "",
+				0o600,
+			) || changed;
+		changed =
+			this.writeIfChanged(
+				this.sudoersPath,
+				sudoersContent.length > 0 ? `${sudoersContent}\n` : "",
+				0o600,
+			) || changed;
+		changed =
+			this.writeIfChanged(
+				this.quotasPath,
+				quotasContent.length > 0 ? `${quotasContent}\n` : "",
+				0o600,
+			) || changed;
+
+		if (changed) {
+			await this.vfs.flushMirror();
+		}
+	}
+
+	private writeIfChanged(
+		targetPath: string,
+		content: string,
+		mode: number,
+	): boolean {
+		if (this.vfs.exists(targetPath)) {
+			const existing = this.vfs.readFile(targetPath);
+			if (existing === content) {
+				this.vfs.chmod(targetPath, mode);
+				return false;
+			}
+		}
+
+		this.vfs.writeFile(targetPath, content, { mode });
+		return true;
 	}
 
 	private createRecord(username: string, password: string): VirtualUserRecord {
+		const cacheKey = `${username}:${password}`;
+		const cached = VirtualUserManager.recordCache.get(cacheKey);
+		if (cached) {
+			return cached;
+		}
+
 		const salt = randomBytes(16).toString("hex");
-		return {
+		const record = {
 			username,
 			salt,
 			passwordHash: this.hashPassword(password, salt),
 		};
+
+		VirtualUserManager.recordCache.set(cacheKey, record);
+		return record;
 	}
 
 	private hashPassword(password: string, salt: string): string {
-		return scryptSync(password, salt, 64).toString("hex");
+		if (VirtualUserManager.fastPasswordHash) {
+			return createHash("sha256").update(`${salt}:${password}`).digest("hex");
+		}
+
+		return scryptSync(password, salt, 32).toString("hex");
 	}
 
 	private validateUsername(username: string): void {

package/src/utils/perfLogger.ts

@@ -0,0 +1,72 @@
+export type PerfLogger = {
+	enabled: boolean;
+	mark: (label: string) => void;
+	done: (label?: string) => void;
+};
+
+function isTruthyEnv(value: string | undefined): boolean {
+	return value === "1" || value === "true";
+}
+
+function nowMs(): number {
+	if (
+		typeof performance !== "undefined" &&
+		typeof performance.now === "function"
+	) {
+		return performance.now();
+	}
+
+	return Date.now();
+}
+
+export function isPerfLoggingEnabled(): boolean {
+	return (
+		isTruthyEnv(process.env.DEV_MODE) || isTruthyEnv(process.env.RENDER_PERF)
+	);
+}
+
+export function createPerfLogger(scope: string): PerfLogger {
+	const enabled = isPerfLoggingEnabled();
+	if (!enabled) {
+		return {
+			enabled,
+			mark: () => undefined,
+			done: () => undefined,
+		};
+	}
+
+	const startedAt = nowMs();
+
+	const mark = (label: string): void => {
+		const elapsedMs = nowMs() - startedAt;
+		console.log(`[perf][${scope}] ${label}: ${elapsedMs.toFixed(1)}ms`);
+	};
+
+	const done = (label = "done"): void => {
+		mark(label);
+	};
+
+	return {
+		enabled,
+		mark,
+		done,
+	};
+}
+
+export async function withPerf<T>(
+	scope: string,
+	label: string,
+	work: () => Promise<T>,
+): Promise<T> {
+	const perf = createPerfLogger(scope);
+	if (!perf.enabled) {
+		return work();
+	}
+
+	perf.mark(`${label}:start`);
+	try {
+		return await work();
+	} finally {
+		perf.done(`${label}:done`);
+	}
+}