MCPxelMCPxel
Co-Pilot
Updated a month ago

spec-to-code-compliance

Ttrailofbits
1.8k
trailofbits/skills/plugins/spec-to-code-compliance
84
Agent Score

💡 Summary

This skill checks code compliance against specifications for blockchain audits, ensuring alignment and identifying gaps.

🎯 Target Audience

Blockchain developersSmart contract auditorsCompliance officersTechnical project managersQuality assurance engineers

🤖 AI Roast:Powerful, but the setup might scare off the impatient.

Security AnalysisMedium Risk

Risk: Medium. Review: filesystem read/write scope and path traversal. Run with least privilege and audit before enabling in production.

Spec-to-Code Compliance

Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis.

Author: Omar Inuwa

When to Use

Use this skill when you need to:

  • Verify that code implements exactly what documentation specifies
  • Find gaps between intended behavior and actual implementation
  • Audit smart contracts against whitepapers or design documents
  • Identify undocumented code behavior or unimplemented spec claims

What It Does

This skill performs deterministic, evidence-based alignment between specifications and code:

  • Documentation Discovery - Finds all spec sources (whitepapers, READMEs, design notes)
  • Spec Intent Extraction - Normalizes all intended behavior into structured format
  • Code Behavior Analysis - Line-by-line semantic analysis of actual implementation
  • Alignment Comparison - Maps spec items to code with match types and confidence scores
  • Divergence Classification - Categorizes misalignments by severity (Critical/High/Medium/Low)

Key Principle

Zero speculation. Every claim must be backed by:

  • Exact quotes from documentation (section/title)
  • Specific code references (file + line numbers)
  • Confidence scores (0-1) for all mappings

Installation

/plugin install trailofbits/skills/plugins/spec-to-code-compliance

Phases

  1. Documentation Discovery - Identify all spec sources
  2. Format Normalization - Create clean spec corpus
  3. Spec Intent IR - Extract all intended behavior
  4. Code Behavior IR - Line-by-line code analysis
  5. Alignment IR - Compare spec to code
  6. Divergence Classification - Categorize misalignments
  7. Final Report - Generate audit-grade compliance report

Match Types

  • full_match - Code exactly implements spec
  • partial_match - Incomplete implementation
  • mismatch - Spec says X, code does Y
  • missing_in_code - Spec claim not implemented
  • code_stronger_than_spec - Code adds behavior
  • code_weaker_than_spec - Code misses requirements

Anti-Hallucination Rules

  • If spec is silent: classify as UNDOCUMENTED
  • If code adds behavior: classify as UNDOCUMENTED CODE PATH
  • If unclear: classify as AMBIGUOUS
  • Every claim must quote original text or line numbers

Related Skills

  • context-building - Deep code understanding
  • issue-writer - Format compliance gaps as findings
5-Dim Analysis
Clarity9/10
Novelty8/10
Utility9/10
Completeness8/10
Maintainability8/10
Pros & Cons

Pros

  • Provides detailed compliance analysis
  • Identifies gaps between spec and code
  • Supports multiple documentation formats

Cons

  • May require extensive documentation
  • Complexity in setup for large projects
  • Can be time-consuming for large codebases

Related Skills

building-secure-contracts

A
toolCo-Pilot
88/ 100

“Powerful, but the setup might scare off the impatient.”

View Analysis

entry-point-analyzer

A
toolCo-Pilot
84/ 100

“Powerful, but the setup might scare off the impatient.”

View Analysis

phantom-connect-skill

A
toolCo-Pilot
80/ 100

“Powerful, but the setup might scare off the impatient.”

View Analysis

Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.

Copyright belongs to the original author trailofbits.