perf(auth): replace bcrypt with bcryptjs (pure JS, no native build tools)

- Switch from bcrypt (native C++ addon) to bcryptjs (pure JavaScript)
- Remove python3/make/g++ build tools from Dockerfile builder stage
- bcryptjs is 100% hash-compatible with bcrypt
- Smaller builder image and faster Docker builds

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

services/mana-core-auth/Dockerfile

@@ -2,9 +2,8 @@
 # Using node:20-slim instead of alpine for DuckDB glibc compatibility
 FROM node:20-slim AS builder
 
-# Install pnpm and build tools for native modules (bcrypt)
-RUN corepack enable && corepack prepare pnpm@9.15.0 --activate \
-    && apt-get update && apt-get install -y python3 make g++ && rm -rf /var/lib/apt/lists/*
+# Install pnpm (no build tools needed — bcryptjs is pure JS, DuckDB ships prebuilt binaries)
+RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
 
 WORKDIR /app
 

services/mana-core-auth/package.json

@@ -37,7 +37,7 @@
 		"@nestjs/throttler": "^6.2.1",
 		"@types/multer": "^2.0.0",
 		"axios": "^1.7.2",
-		"bcrypt": "^5.1.1",
+		"bcryptjs": "^2.4.3",
 		"better-auth": "^1.4.3",
 		"body-parser": "^2.2.2",
 		"class-transformer": "^0.5.1",
@@ -66,7 +66,7 @@
 		"@nestjs/cli": "^11.0.0",
 		"@nestjs/schematics": "^11.0.0",
 		"@nestjs/testing": "^10.4.15",
-		"@types/bcrypt": "^5.0.2",
+		"@types/bcryptjs": "^2.4.6",
 		"@types/body-parser": "^1.19.6",
 		"@types/cookie-parser": "^1.4.7",
 		"@types/express": "^5.0.0",

services/mana-core-auth/src/__tests__/utils/mock-factories.ts

@@ -5,7 +5,7 @@
  */
 
 import { nanoid } from 'nanoid';
-import * as bcrypt from 'bcrypt';
+import * as bcrypt from 'bcryptjs';
 
 /**
  * Mock User Factory

services/mana-core-auth/src/auth/services/better-auth.service.ts

@@ -1500,7 +1500,7 @@ export class BetterAuthService {
 		const db = getDb(this.databaseUrl);
 		const { accounts } = await import('../../db/schema/auth.schema');
 		const { eq, and } = await import('drizzle-orm');
-		const bcrypt = await import('bcrypt');
+		const bcrypt = await import('bcryptjs');
 
 		// Get credential account (where password is stored)
 		const [account] = await db
@@ -1560,7 +1560,7 @@ export class BetterAuthService {
 		const db = getDb(this.databaseUrl);
 		const { accounts, users, sessions } = await import('../../db/schema/auth.schema');
 		const { eq, and } = await import('drizzle-orm');
-		const bcrypt = await import('bcrypt');
+		const bcrypt = await import('bcryptjs');
 
 		// Get credential account
 		const [account] = await db

services/mana-core-auth/src/gifts/services/gift-code.service.ts

@@ -8,7 +8,7 @@ import {
 } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
 import { eq, and, desc, sql } from 'drizzle-orm';
-import * as bcrypt from 'bcrypt';
+import * as bcrypt from 'bcryptjs';
 import { getDb } from '../../db/connection';
 import {
 	giftCodes,