[TERMINAL · SKILLS]
> mounting /skills...
> indexing 295 manifests...
> linking agents: claude · codex · gemini · cursor
> ready.
[░░░░░░░░░░░░░░░░░░░░░░░░░░░░] 0%
Terminal.skills
Use Cases/Run an Automated Code Quality and Performance Audit

Run an Automated Code Quality and Performance Audit

Identify complexity hotspots, performance bottlenecks, and technical debt across a codebase with automated analysis and prioritized remediation.

Development#code-review#quality#bugs#security#best-practices
Works with:claude-codeopenai-codexgemini-clicursor

Skills stack · 4 skills

Avg quality 93/100·All SAFE
>

code-reviewer

v1.0.0

Perform thorough code reviews with actionable, prioritized feedback. Use when a user asks to review code, check code quality, find bugs, review a pull request, audit code for issues, or get feedback on implementation. Covers correctness, security, performance, readability, and best practices across languages.

100/100 quality
SAFE
View skill
>

code-complexity-scanner

v1.0.0

Measures cyclomatic complexity, cognitive complexity, and function length across codebases to identify maintenance hotspots. Use when someone asks about code complexity, function length analysis, maintainability metrics, or needs to find the most complex parts of their codebase. Trigger words: complexity, cyclomatic, cognitive complexity, long functions, hotspots, maintainability index, code metrics.

93/100 quality
4.50× impact
SAFE
View skill
>

performance-reviewer

v1.0.0

Review code for performance issues and optimization opportunities. Use when someone needs to check for N+1 queries, unnecessary re-renders, memory leaks, inefficient algorithms, missing indexes, or bundle size regressions. Trigger words: performance review, slow query, N+1, memory leak, bundle size, latency, optimization, re-render, Big O.

93/100 quality
1.91× impact
SAFE
View skill
>

tech-debt-analyzer

v1.0.0

Scans codebases for technical debt signals and prioritizes them by business impact. Finds TODO/FIXME/HACK comments, outdated dependencies, code duplication, and correlates with git history to identify high-churn debt hotspots. Use when someone asks about technical debt, code quality audit, refactoring priorities, or maintainability assessment. Trigger words: tech debt, code quality, refactoring, TODOs, maintainability, code health.

87/100 quality
1.76× impact
SAFE
View skill
$

The Problem

Your codebase has grown to 120,000 lines over three years. The team knows certain modules are problematic -- deployments touching the billing service always cause anxiety -- but nobody has a clear picture of where the worst code lives. A new developer joins and asks which areas need the most attention. The answer is a shrug and "the billing folder, probably." Without data, prioritization is guesswork. Refactoring efforts target whatever annoyed someone most recently rather than what would deliver the most value.

The Solution

Use code-complexity-scanner to identify the most convoluted functions and modules, performance-reviewer to find runtime bottlenecks and memory issues, code-reviewer to assess code quality and maintainability patterns, and tech-debt-analyzer to quantify debt and produce a prioritized remediation backlog.

Step-by-Step Walkthrough

1. Scan for complexity hotspots

Find the functions that are hardest to understand and most likely to contain bugs.

Scan our src/ directory for cyclomatic complexity. Show me the top 20 most complex functions with their file paths, line counts, and complexity scores. Flag anything above 15 as high risk. Group results by module so we can see which areas are most affected.

The scanner reveals that 80% of the complexity is concentrated in three modules: billing (14 functions above threshold), permissions (8 functions), and the legacy import pipeline (6 functions).

The scanner produces a ranked report like this:

Complexity Hotspot Report — src/
=================================
Module              Functions > 15    Avg Complexity    Max Complexity
billing/            14                23.4              41
permissions/        8                 18.7              32
import-pipeline/    6                 17.2              28
notifications/      2                 16.1              19

Top 5 Functions by Cyclomatic Complexity:
  1. billing/invoice.ts:calculateLineItems()        complexity=41  lines=312
  2. billing/discount.ts:applyStackedDiscounts()     complexity=38  lines=274
  3. permissions/resolver.ts:evaluatePolicy()        complexity=32  lines=198
  4. import-pipeline/csv.ts:parseLegacyFormat()      complexity=28  lines=245
  5. import-pipeline/transform.ts:normalizeRows()    complexity=26  lines=189

28 functions exceed threshold (complexity > 15)
80% of high-complexity code concentrated in 3 of 22 modules

2. Profile runtime performance issues

Complexity does not always correlate with performance problems. A simple function called 10,000 times matters more than a complex function called once.

Review our API endpoints for performance issues. Check for N+1 database queries, missing indexes, synchronous operations that should be async, and memory leaks in long-running processes. Focus on the endpoints with the highest traffic: GET /api/orders, POST /api/checkout, and GET /api/products.

The performance review uncovers that the checkout endpoint makes 47 database queries per request due to N+1 problems in the discount calculation loop. Each cart item triggers a separate query to check applicable discounts, then another to verify inventory. The orders listing endpoint does a sequential scan on a 2.3 million row table because the composite index on (order_date, status) was never created.

3. Assess overall code quality patterns

Look beyond individual functions to systemic quality issues.

Review the codebase for code quality patterns: inconsistent error handling, missing input validation, hardcoded configuration values, duplicated business logic, and dead code. Estimate the maintenance cost of each issue category in developer hours per month.

4. Generate a prioritized tech debt backlog

Combine all findings into an actionable remediation plan ordered by impact.

Take the complexity hotspots, performance issues, and code quality findings and create a prioritized tech debt backlog. Rank by impact (how many users or developers are affected), effort (hours to fix), and risk (likelihood of causing a production incident). Output as a markdown table I can import into our project tracker.

Real-World Example

A fintech team of eight engineers inherited a codebase where every sprint felt slower than the last. The code quality audit revealed that the billing module had an average cyclomatic complexity of 23 -- nearly double the industry threshold. The performance review found that the checkout endpoint was making 47 database queries per request due to N+1 problems in the discount calculation. The tech debt analyzer estimated the team was spending 15 hours per week working around accumulated debt. Armed with this data, the engineering manager secured two sprints of dedicated refactoring time. The team reduced checkout queries from 47 to 4, cut the billing module's complexity by 60%, and sprint velocity increased 25% in the following quarter.

Tips

  • Run the full audit quarterly, not just once. Codebases accumulate debt continuously, and a quarterly scan catches regressions before they compound.
  • Start with the complexity scan because it is the fastest to run and gives immediate visibility into where problems cluster.
  • Use the tech debt backlog output directly as sprint planning input. Prioritize items that overlap high complexity and high traffic -- those deliver the most improvement per hour invested.
  • Track the total number of functions above the complexity threshold over time as a health metric. It should decrease or hold steady sprint over sprint.