Pull request overview

Refactors the performance.yml GitHub Actions workflow so performance benchmarks no longer run on every PR update, and instead run only when the run-performance label is applied (and then auto-remove that label after starting).

Changes:

• Updated performance.yml to trigger on pull_request:labeled and gate execution on the run-performance label.
• Added an automated step to remove the run-performance label at the start of the run.
• Updated workflow reference docs/rules to reflect the new trigger behavior.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Summary

This PR converts the performance.yml GitHub Actions workflow from running automatically on every PR to an opt-in model triggered by applying the run-performance label. The workflow continues to run automatically on push to develop and via workflow_call. A label-removal step is added so the label is cleaned up after the workflow starts, allowing re-triggering by re-applying the label. All three documentation files (.github/workflows/AGENTS.md, .cursor/rules/workflows.mdc, .github/instructions/workflows.instructions.md) are updated consistently.

Reviewer consensus: All three reviewers (claude-4.6-opus-high-thinking, gemini-3.1-pro, gpt-5.3-codex-high) approved this PR unanimously with no blocking issues.

Code Quality

The changes are clean, focused, and consistent with established patterns — particularly the existing load-testing.yml opt-in workflow. All reviewers agreed on the quality of the implementation. Specific highlights:

• Defensive trigger filtering: The workflow uses both event configuration (pull_request.types: [labeled]) and a job-level if guard, reducing accidental execution (noted by all reviewers).
• Shell injection prevention: The label-removal step passes github.repository and github.event.pull_request.number through env: variables rather than interpolating them directly in the run: block. Claude-4.6-opus noted this is an improvement over the existing load-testing.yml pattern, which interpolates these values directly.
• Graceful failure handling: The || true on the gh api DELETE call prevents failures if the label was already removed or the token lacks write permissions (e.g., fork PRs).

No structural or maintainability concerns were identified by any reviewer.

Test Coverage

All reviewers agreed that no unit or e2e tests are needed for this CI workflow configuration change. Manual verification is the appropriate testing strategy. GPT-5.3-codex noted that behavior should be confirmed on at least one labeled PR run and one non-labeled PR run, which is reasonable validation advice.

Backwards Compatibility

Fully backward compatible. No user-facing Streamlit runtime behavior is changed. Performance benchmarks continue running automatically on push to develop, preserving baseline data collection. The only behavioral change is for PRs, where performance tests now require explicit opt-in — an intentional CI cost optimization. All reviewers agreed on this assessment.

Security & Risk

Low risk. All reviewers concurred with no security concerns:

• Permissions: contents: read and pull-requests: write are appropriately scoped (least privilege).
• Shell injection: Dynamic values are passed via env: variables, following repo guidelines.
• No new external actions: Label removal uses the built-in gh CLI.
• No application code changes: No modifications to the Streamlit library, frontend, or backend.

The removal of paths-ignore for specs/** and wiki/** is a non-issue since the workflow is now opt-in (noted by Claude-4.6-opus).

External test recommendation

• Recommend external_test: No
• Triggered categories: None
• Evidence:
  • .github/workflows/performance.yml: CI trigger configuration change only — no modifications to routing, auth, WebSocket, embedding, assets, cross-origin behavior, SiS runtime, storage, or security headers.
  • Documentation files: Table cell text updates only.
• Suggested external_test focus areas: N/A
• Confidence: High
• Assumptions and gaps: None. All reviewers unanimously agreed no external test coverage is needed.

Accessibility

Not applicable — no frontend changes.

Recommendations

No blocking issues. Two minor, non-blocking suggestions emerged from the reviews:

1. Align load-testing.yml label removal to use env: variables (from claude-4.6-opus): The new pattern here is an improvement over load-testing.yml's direct interpolation. Consider updating load-testing.yml in a follow-up PR for consistency.
2. Add an inline comment explaining || true (from gpt-5.3-codex): A brief comment near the label deletion step explaining the intentional fail-open behavior for restricted-token contexts (fork PR scenarios) could improve readability.

Verdict

APPROVED: Clean, low-risk CI workflow refactor that converts performance benchmarks to opt-in for PRs, following established patterns and best practices. All three reviewers approved unanimously with no blocking issues.

This is a consolidated AI review by claude-4.6-opus-high-thinking, synthesizing reviews from claude-4.6-opus-high-thinking, gemini-3.1-pro, and gpt-5.3-codex-high. Please verify the feedback and use your judgment.

LGTM 👍