The latest articles on DEV Community by GauntletCI (@gauntletci). https://dev.to/gauntletci https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3918796%2F6df556b4-e474-4313-a65a-09116f121db2.png https://dev.to/gauntletci en GauntletCI Fri, 08 May 2026 01:53:14 +0000 https://dev.to/gauntletci/post-mortem-how-a-performance-pr-introduced-28-new-regressions-4pgf https://dev.to/gauntletci/post-mortem-how-a-performance-pr-introduced-28-new-regressions-4pgf <h2> Analyzing Jellyfin PR #16062 with GauntletCI </h2> <p>Jellyfin PR #16062 is titled <strong>"Query Performance Improvements."</strong> It was a massive architectural shift: 126 files, 27,810 lines of code. It was reviewed, approved, and merged on May 3, 2026.</p> <p><strong>By May 7, the community was already reporting 90-second query hangs (Issue #16279).</strong></p> <p>We ran GauntletCI: a deterministic, rules-based Behavioral Change Risk (BCR) detector: against the merged diff. It took exactly <strong>660 ms</strong> to find exactly why the "Performance Improvement" was causing performance degradation.</p> <h2> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuxr5r1a94okw5z6rt4v3.png" alt="The GauntletCI dashboard for Jellyfin PR #16062: 129 findings across 27,000+ lines, fully analyzed in just" width="800" height="721"> </h2> <h3> The Gap Between Intent and Reality </h3> <p>In a 27,000-line diff, human review is a suggestion, not a safeguard. The maintainers intended to fix N+1 query patterns. They succeeded in some areas, but the sheer scale of the change made it impossible to see what was being introduced simultaneously.</p> <h3> 1. The Performance Traps (GCI0044) </h3> <ul> <li> <strong>Findings:</strong> 28 LINQ-in-loop patterns.</li> <li> <strong>The Reality:</strong> While the PR closed older performance issues, it introduced 28 new ones. Specifically, 9 findings in <code>BaseItemRepository.TranslateQuery.cs</code> map directly to the filtering logic that users are now reporting as "unbearably slow." </li> </ul> <blockquote> <p><strong>The Verification:</strong> <a href="https://github.com/jellyfin/jellyfin/issues/16279" rel="noopener noreferrer">Issue #16279</a> ("Filters query taking 90s each time") isn't a mystery. It's a structural regression that was visible in the diff 1546 ms after it was written.</p> </blockquote> <h3> 2. The Deadlock Time-Bombs (GCI0016) </h3> <ul> <li> <strong>Findings:</strong> 5 Block-level async violations (<code>.Wait()</code> and <code>.GetAwaiter().GetResult()</code>).</li> <li> <strong>The Risk:</strong> These are "Heisenbugs." They often pass local CI because they require specific concurrency timing to hang a thread pool. </li> <li> <strong>Status:</strong> These are currently sitting in the master branch. They haven't "exploded" yet, but the pattern is a well-documented deadlock vector in ASP.NET Core.</li> </ul> <h3> 3. The Structural Decay (GCI0038 &amp; GCI0043) </h3> <p>Beyond the crashes, the scan found:</p> <ul> <li> <strong>45 Dependency Injection Violations:</strong> Service locator anti-patterns that create hidden coupling.</li> <li> <strong>15 Type Safety Gaps:</strong> <code>as</code> casts without null checks that lead to context-less <code>NullReferenceExceptions</code>.</li> </ul> <h3> Execution Profile </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Result</th> </tr> </thead> <tbody> <tr> <td><strong>Total Findings</strong></td> <td>129</td> </tr> <tr> <td><strong>Block-Level (Merge Stoppers)</strong></td> <td>11</td> </tr> <tr> <td><strong>Scan Time</strong></td> <td>660 ms</td> </tr> <tr> <td><strong>LLMs Used</strong></td> <td>0</td> </tr> </tbody> </table></div> <h3> Why This Happened </h3> <p>The Jellyfin team is talented. The problem isn't the people: it's the <strong>Scale of Change vs. The Speed of Human Cognition.</strong> Reviewers check for intent; GauntletCI checks for structural risk.</p> <h3> Try It Yourself </h3> <p>You don't need an LLM to find these. You need a <a href="https://github.com/EricCogen/GauntletCI" rel="noopener noreferrer">pessimistic verifier</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet tool <span class="nb">install</span> <span class="nt">-g</span> GauntletCI gauntletci analyze <span class="nt">--staged</span> </code></pre> </div> dotnet csharp performance devops