code-review-performance
Code Review Performance
Overview
Use this skill to detect performance regressions before merge, especially on hot paths and high-traffic execution flows.
Scope Boundaries
- Use this skill when the task matches the trigger condition described in
description. - Do not use this skill when the primary task falls outside this skill's domain.
Inputs To Gather
- Hot-path endpoints/jobs and current performance budgets.
- Workload assumptions (QPS, payload size, concurrency, data cardinality).
- Existing benchmark/profiling evidence.
- Resource constraints (CPU, memory, I/O, network).
Deliverables
- Performance findings prioritized by user impact.
- Budget-fit judgment (within budget / at risk / out of budget).
- Required follow-up checks (benchmark, profiling, load test).
Finding Focus Areas
- Algorithmic growth (
O(n^2)regressions, repeated scans). - Allocation pressure and unnecessary object churn.
- I/O amplification (N+1 calls, repeated DB/API access).
- Contention/serialization bottlenecks under concurrency.
- Cache invalidation or cache-bypass risks.
Quick Example
- Change adds per-item DB call inside loop over 10k records.
- Finding: high-severity throughput risk (N+1 query pattern).
- Fix direction: batch query + in-memory map, verify via benchmark.
Quality Standard
- Each finding ties to an explicit performance budget or hotspot.
- Recommendations include measurement plan, not assumptions only.
- Risk classification includes expected scale sensitivity.
- Missing evidence (benchmark/profile) is flagged explicitly.
Workflow
- Identify changed hot paths and performance-sensitive flows.
- Analyze algorithmic and resource behavior from diff.
- Compare expected behavior with existing budgets.
- Require measurement where uncertainty is material.
- Publish findings with mitigation and verification steps.
Failure Conditions
- Stop when high-risk regressions have no mitigation/verification plan.
- Escalate when performance impact cannot be bounded from available evidence.
More from kentoshimizu/sw-agent-skills
graph-algorithms
Graph algorithm workflow for modeling entities/relations and selecting traversal, path, ordering, or flow strategies. Use when correctness or performance depends on graph representation and algorithm choice; do not use for schema-only modeling or deployment topology planning.
14bash-style-guide
Style, review, and refactoring standards for Bash shell scripting. Trigger when `.sh` files, files with `#!/usr/bin/env bash` or `#!/bin/bash`, or CI workflow blocks with `shell: bash` are created, modified, or reviewed and Bash-specific quality controls (quoting safety, error handling, portability, readability) must be enforced. Do not use for generic POSIX `sh`, PowerShell, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
11architecture-clean-architecture
Clean Architecture workflow for enforcing dependency direction, stable domain boundaries, and use-case-centered application design. Use when teams must separate business rules from frameworks and delivery mechanisms; do not use for isolated module cleanup without boundary implications.
11powershell-style-guide
Style, review, and refactoring standards for PowerShell scripting. Trigger when `.ps1`, `.psm1`, `.psd1` files, or CI workflow blocks with `shell: pwsh` or `shell: powershell` are created, modified, or reviewed and PowerShell-specific quality controls (error handling, parameter validation, readability, operational safety) must be enforced. Do not use for Bash, generic POSIX `sh`, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
10github-codeowners-management
Govern CODEOWNERS rules so review routing reflects real ownership and risk boundaries on GitHub. Use when repository ownership mapping or mandatory reviewer rules must be defined, updated, or audited; do not use for non-GitHub runtime architecture or data-layer design.
9security-authentication
Security workflow for authentication architecture, credential lifecycle, and session/token assurance. Use when login, identity proofing, MFA, or session security decisions are required; do not use for authorization policy design or non-security quality tuning.
9