spec-to-code-compliance

The Spec-to-Code Compliance Checker is a specialized auditor tool designed to bridge the gap between high-level protocol documentation and low-level source code. It is tailored for senior blockchain auditors who need to perform deterministic, evidence-based verification of smart contracts. By enforcing a strict separation between documentation extraction, intermediate representation (IR), and code alignment, the skill minimizes hallucinations and ensures that every finding is traceable back to specific lines of code or documentation sections. It is ideal for engagements where the primary risk is divergence between the intended protocol logic and the deployed implementation.

• Performs automated normalization of diverse documentation formats including whitepapers, design notes, flow diagrams, and internal architectural specs into a unified Spec-IR.

• Conducts line-by-line and block-by-block semantic code analysis to extract state transitions, invariants, authorization graphs, and security assumptions.

• Compares intended behaviors against actual code execution paths to identify undocumented logic, missing requirements, or dangerous implementation gaps.

• Generates confidence scores for every spec-to-code mapping to help auditors prioritize investigations and highlight areas of potential ambiguity.

• Maintains an exhaustive audit trail that forces explicit classification of all logic paths, preventing the common trap of assuming unspecified behavior is benign.

• Use this skill when providing both a codebase and accompanying specification documents for audit.

• Ideal for verifying invariants, math formulas, economic assumptions, and complex state-machine transitions defined in formal specifications.

• Not intended for general-purpose code review, bug hunting without specifications, or documenting an undocumented system.

• Requires high-quality, descriptive inputs to perform accurate alignment; garbage-in-garbage-out constraints apply.

• Auditors should be prepared to handle 'ambiguous' findings rather than inferring developer intent, as the skill prioritizes literal, pedantic analysis over heuristic guessing.