Hi HN, I'm working on CodeProt. We recently wrote about how we use static analysis (AST and data-flow) to catch performance killers like Zip Bombs and architectural bottlenecks (e.g., full DB reloads) early in the review process.

We found that performance isn't just about speed—it's about availability. A single unconstrained extraction or a bad architectural pattern can bring down a system just as effectively as a DDoS.

Curious to hear how others are automating these kinds of architectural checks.