← 返回
未分类 Key 中文

perfguard

Performance anti-pattern scanner — finds N+1 queries, sync I/O, missing pagination, and memory leaks before they hit production
性能反模式扫描器——在上线前检测 N+1 查询、同步 I/O、缺失分页和内存泄漏
suhteevah suhteevah 来源
未分类 clawhub v1.0.2 1 版本 100000 Key: 需要
★ 0
Stars
📥 328
下载
💾 0
安装
1
版本
#latest

概述

PerfGuard -- Performance Anti-Pattern Scanner

PerfGuard scans your codebase for performance anti-patterns including N+1 queries, synchronous I/O in async code, missing pagination, unbounded loops, memory leaks, and inefficient serialization. It supports Python (Django, Flask, FastAPI, SQLAlchemy), JavaScript/TypeScript (Node.js, React, Express), Ruby (Rails), and Java (JPA/Hibernate). All scanning happens locally using regex-based pattern matching -- no code is sent to external servers.

Commands

Free Tier (No license required)

perfguard scan [file|directory]

One-shot performance anti-pattern scan.

How to execute:

bash "<SKILL_DIR>/scripts/perfguard.sh" scan [target]

What it does:

  1. Accepts a file path or directory (defaults to current directory)
  2. Auto-detects the project stack (Python, JavaScript/TypeScript, Ruby, Java)
  3. Finds all relevant source files (excluding .git/, node_modules/, dist/, build/, vendor/, __pycache__)
  4. Runs 40+ performance checks against each source file
  5. Outputs findings with: file, line number, check ID, severity, description, recommendation
  6. Calculates a performance score (0-100)
  7. Free tier: limited to scanning up to 5 source files
  8. Exit code 0 if score >= 70, exit code 1 if score < 70 or critical issues found

Example usage scenarios:

  • "Scan my code for performance issues" -> runs perfguard scan .
  • "Check for N+1 queries in my Django app" -> runs perfguard scan .
  • "Find async anti-patterns in my Node.js project" -> runs perfguard scan src/
  • "Are there performance problems in this file?" -> runs perfguard scan path/to/file.py
  • "Look for slow database queries" -> runs perfguard scan .

Pro Tier ($19/user/month -- requires PERFGUARD_LICENSE_KEY)

perfguard scan [file|directory] (unlimited)

Full performance scan with no file limit and all 40+ checks enabled.

How to execute:

bash "<SKILL_DIR>/scripts/perfguard.sh" scan [target]

What it does (beyond free):

  1. Unlimited source file scanning
  2. Full 40+ performance checks including database, async, memory, and bundle patterns
  3. Detailed remediation advice per finding

perfguard hooks install

Install git pre-commit hooks that scan staged files for performance anti-patterns before every commit.

How to execute:

bash "<SKILL_DIR>/scripts/perfguard.sh" hooks install

What it does:

  1. Validates Pro+ license
  2. Copies lefthook config to project root
  3. Installs lefthook pre-commit hook
  4. On every commit: scans staged source files for performance anti-patterns, blocks commit if critical issues found

perfguard hooks uninstall

Remove PerfGuard git hooks.

bash "<SKILL_DIR>/scripts/perfguard.sh" hooks uninstall

perfguard report [directory]

Generate a markdown performance audit report.

bash "<SKILL_DIR>/scripts/perfguard.sh" report [directory]

What it does:

  1. Validates Pro+ license
  2. Runs full scan of the directory
  3. Generates a formatted markdown report with severity breakdown
  4. Includes per-file findings, performance score, and remediation steps
  5. Output written to PERFGUARD-REPORT.md

perfguard hotspots [directory]

Identify the files with the most performance anti-patterns (hot paths).

bash "<SKILL_DIR>/scripts/perfguard.sh" hotspots [directory]

What it does:

  1. Validates Pro+ license
  2. Scans all source files in the directory
  3. Ranks files by total anti-pattern count and severity weight
  4. Shows top 10 performance hotspot files with issue breakdown
  5. Helps prioritize which files to optimize first

Team Tier ($39/user/month -- requires PERFGUARD_LICENSE_KEY with team tier)

perfguard budget [directory]

Check code against performance budgets.

bash "<SKILL_DIR>/scripts/perfguard.sh" budget [directory]

What it does:

  1. Validates Team+ license
  2. Runs full performance scan
  3. Checks results against configurable thresholds: max critical issues, max total issues, minimum score
  4. Returns exit code 1 if any budget is exceeded
  5. Designed for CI/CD pipeline integration as a quality gate

perfguard trend [directory]

Show performance trend over recent git history.

bash "<SKILL_DIR>/scripts/perfguard.sh" trend [directory]

What it does:

  1. Validates Team+ license
  2. Checks out recent commits (up to 10) and runs performance scan on each
  3. Shows a timeline of performance scores
  4. Identifies whether code quality is improving or degrading
  5. Helps track the impact of optimizations over time

Detected Performance Anti-Patterns

PerfGuard checks for 40+ performance anti-patterns across 4 categories:

Database / ORM Patterns

| Check | Description | Severity |

|-------|-------------|----------|

| N+1 Query | Query inside a loop / loop inside a query | Critical |

| SELECT | Using SELECT instead of specific columns | High |

| Missing Eager Loading | No select_related/prefetch_related (Django), includes/eager_load (Rails), JOIN FETCH (JPA) | Critical |

| Unbounded Query | Query without LIMIT or pagination | High |

| Sequential Queries | Multiple queries that could be batched | Medium |

| String SQL Concatenation | Building SQL with string concatenation | Critical |

| Missing Index Hint | Complex queries without index annotations | Medium |

JavaScript / TypeScript Patterns

| Check | Description | Severity |

|-------|-------------|----------|

| Await in Loop | Sequential async operations instead of parallel | Critical |

| Missing Promise.all | Multiple independent awaits without Promise.all | High |

| Sync File I/O | readFileSync/writeFileSync in server code | High |

| JSON Clone | JSON.parse(JSON.stringify()) for deep cloning | Medium |

| Unbounded Array Ops | Large array operations without chunking | Medium |

| Memory Leak | Event listeners without cleanup | High |

| Missing Memoization | React components without useMemo/useCallback/React.memo | Medium |

| Full Lodash Import | Importing entire lodash instead of specific functions | High |

| Missing Pagination | API responses without pagination | High |

| Console in Production | console.log statements in production code | Low |

Python Patterns

| Check | Description | Severity |

|-------|-------------|----------|

| Heavy Module in Function | Importing heavy modules inside functions | Medium |

| List vs Generator | Large list comprehensions that should be generators | Medium |

| String Concat in Loop | String concatenation in loops instead of join | Medium |

| Sleep in Async | time.sleep() in async code | Critical |

| Missing Connection Pool | Direct connections without pooling | High |

| Sync in Async | Synchronous I/O in async functions | High |

| Full File Load | Loading entire files into memory | Medium |

| Regex in Loop | Compiling regex inside loops | Medium |

General Patterns

| Check | Description | Severity |

|-------|-------------|----------|

| Unbounded Retry | Retries without exponential backoff | High |

| Missing Timeout | HTTP requests without timeout | High |

| Polling | Polling instead of webhooks/events | Medium |

| Hardcoded Delay | Hardcoded sleep/delay values | Low |

| Missing Cache | Repeated computations without caching | Medium |

| No Memoization | Recursive functions without memoization | Medium |

| Large Payload | Serialization without streaming | Medium |

Configuration

Users can configure PerfGuard in ~/.openclaw/openclaw.json:

{
  "skills": {
    "entries": {
      "perfguard": {
        "enabled": true,
        "apiKey": "YOUR_LICENSE_KEY_HERE",
        "config": {
          "severityThreshold": "high",
          "excludePatterns": ["**/node_modules/**", "**/dist/**", "**/.git/**"],
          "reportFormat": "markdown"
        }
      }
    }
  }
}

Important Notes

  • Free tier works immediately with no configuration (limited to 5 source files)
  • All scanning happens locally -- no code is sent to external servers
  • License validation is offline -- no phone-home or network calls
  • Supports Python, JavaScript/TypeScript, Ruby, and Java
  • Git hooks use lefthook which must be installed (see install metadata above)
  • Exit codes: 0 = clean (score >= 70), 1 = issues found (for CI/CD integration)

Error Handling

  • If lefthook is not installed and user tries hooks install, prompt to install it
  • If license key is invalid or expired, show clear message with link to https://perfguard.pages.dev/renew
  • If a file is binary, skip it automatically with no warning
  • If no source files found in target, report clean scan with info message
  • If project stack cannot be auto-detected, try all patterns

When to Use PerfGuard

The user might say things like:

  • "Scan my code for performance issues"
  • "Find N+1 queries in my app"
  • "Check for async anti-patterns"
  • "Are there performance problems in my code?"
  • "Look for slow database queries"
  • "Find memory leaks in my React app"
  • "Check for missing pagination"
  • "Scan for sync I/O in my server code"
  • "Generate a performance report"
  • "Show me performance hotspots"
  • "Set up performance checks on my commits"
  • "Check if code meets performance budgets"
  • "Show performance trends over time"
  • "Find unbounded queries"
  • "Check for missing eager loading"

版本历史

共 1 个版本

  • v1.0.2 当前
    2026-05-07 20:09 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

DepGuard

suhteevah
使用原生包管理器审计扫描项目依赖的漏洞和许可证合规性,并生成安全或合规报告。
★ 0 📥 1,339
dev-programming

YouTube

byungkyu
使用托管OAuth集成YouTube Data API,支持搜索视频、管理播放列表、获取频道数据及评论互动,适用于用户需要时使用此技能。
★ 142 📥 42,395
dev-programming

Github

steipete
使用 `gh` CLI 与 GitHub 交互,通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。
★ 689 📥 332,695