跳转到主要内容
此内容尚未提供您的语言版本,正在以英文显示。

Spec To Code Compliance Checker

技能 活跃
属于:Spec To Code Compliance

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.

目的

To ensure strict adherence between blockchain protocol documentation and its implementation, identifying gaps, inconsistencies, and security risks.

功能

  • Deterministic spec-to-code analysis
  • Intermediate Representation (IR) generation for spec and code
  • Alignment and divergence analysis
  • Severity classification of compliance issues
  • Audit-grade reporting

使用场景

  • Verifying smart contracts against whitepapers.
  • Finding gaps between intended protocol behavior and actual implementation.
  • Performing compliance checks for blockchain protocol implementations.
  • Auditing undocumented code behavior or unimplemented spec claims.

非目标

  • General code review or vulnerability hunting outside of spec compliance.
  • Writing or improving documentation.
  • Analyzing non-blockchain projects without formal specifications.
  • Inferring unspecified behavior or guessing intent.

工作流

  1. Discover and normalize all documentation into a spec corpus.
  2. Extract spec intent into an Intermediate Representation (Spec-IR).
  3. Perform detailed, line-by-line analysis of the codebase into Code-IR.
  4. Align Spec-IR and Code-IR to generate Alignment-IR.
  5. Classify all divergences by severity (critical, high, medium, low).
  6. Produce a final audit-grade report including findings and recommendations.

实践

  • Audit rigor
  • Evidence-based analysis
  • Determinism
  • Traceability
  • Compliance checking

先决条件

  • Specification documents (e.g., whitepaper, protocol docs)
  • Codebase to be analyzed

Trust

  • warning:Issues Attention13 issues opened, 4 closed in last 90 days, indicating slow response to reported issues.

安装

请先添加 Marketplace

/plugin marketplace add trailofbits/skills
/plugin install spec-to-code-compliance@trailofbits

质量评分

75 /100
about 24 hours ago 分析

信任信号

最近提交3 days ago
GitHub 所有者 trailofbits (opens in new tab)
星标5.2k
许可证CC-BY-SA-4.0
状态
查看源代码

类似扩展

Investigate Capa Root Cause

100

Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.

技能
pjt222

Soul Guardian

100

Drift detection + baseline integrity guard for agent workspace files with automatic alerting support

技能
prompt-security

Audit Dependency Versions

100

Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.

技能
pjt222

Codex Diff Develop

100

Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.

技能
j4rk0r

Qms Audit Expert

100

ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.

技能
alirezarezvani

Prepare Inspection Readiness

100

Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.

技能
pjt222