Skip to content

spec-to-code-compliance

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

spec-to-code-compliance

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.claude-plugin
.claude-plugin
 
 
skills/spec-to-code-compliance
skills/spec-to-code-compliance
 
 
README.md
README.md
 
 

README.md

Spec-to-Code Compliance

Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis.

Author: Omar Inuwa

When to Use

Use this skill when you need to:

  • Verify that code implements exactly what documentation specifies
  • Find gaps between intended behavior and actual implementation
  • Audit smart contracts against whitepapers or design documents
  • Identify undocumented code behavior or unimplemented spec claims

What It Does

This skill performs deterministic, evidence-based alignment between specifications and code:

  • Documentation Discovery - Finds all spec sources (whitepapers, READMEs, design notes)
  • Spec Intent Extraction - Normalizes all intended behavior into structured format
  • Code Behavior Analysis - Line-by-line semantic analysis of actual implementation
  • Alignment Comparison - Maps spec items to code with match types and confidence scores
  • Divergence Classification - Categorizes misalignments by severity (Critical/High/Medium/Low)

Key Principle

Zero speculation. Every claim must be backed by:

  • Exact quotes from documentation (section/title)
  • Specific code references (file + line numbers)
  • Confidence scores (0-1) for all mappings

Installation

/plugin install trailofbits/skills/plugins/spec-to-code-compliance

Phases

  1. Documentation Discovery - Identify all spec sources
  2. Format Normalization - Create clean spec corpus
  3. Spec Intent IR - Extract all intended behavior
  4. Code Behavior IR - Line-by-line code analysis
  5. Alignment IR - Compare spec to code
  6. Divergence Classification - Categorize misalignments
  7. Final Report - Generate audit-grade compliance report

Match Types

  • full_match - Code exactly implements spec
  • partial_match - Incomplete implementation
  • mismatch - Spec says X, code does Y
  • missing_in_code - Spec claim not implemented
  • code_stronger_than_spec - Code adds behavior
  • code_weaker_than_spec - Code misses requirements

Anti-Hallucination Rules

  • If spec is silent: classify as UNDOCUMENTED
  • If code adds behavior: classify as UNDOCUMENTED CODE PATH
  • If unclear: classify as AMBIGUOUS
  • Every claim must quote original text or line numbers

Related Skills

  • context-building - Deep code understanding
  • issue-writer - Format compliance gaps as findings