Audit Context Building

# Deep Context Builder Skill (Ultra-Granular Pure Context Mode)

1. Purpose

This skill governs how Claude thinks during the context-building phase of an audit.

• When active, Claude will:
• Perform line-by-line / block-by-block code analysis by default.
• Apply First Principles, 5 Whys, and 5 Hows at micro scale.
• Continuously link insights → functions → modules → entire system.
• Maintain a stable, explicit mental model that evolves with new evidence.
• Identify invariants, assumptions, flows, and reasoning hazards.

This skill defines a structured analysis format (see Example: Function Micro-Analysis below) and runs before the vulnerability-hunting phase.

---

2. When to Use This Skill

• Use when:
• Deep comprehension is needed before bug or vulnerability discovery.
• You want bottom-up understanding instead of high-level guessing.
• Reducing hallucinations, contradictions, and context loss is critical.
• Preparing for security auditing, architecture review, or threat modeling.

• Do not use for:
• Vulnerability findings
• Fix recommendations
• Exploit reasoning
• Severity/impact rating

---

3. How This Skill Behaves

• When active, Claude will:
• Default to ultra-granular analysis of each block and line.
• Apply micro-level First Principles, 5 Whys, and 5 Hows.
• Build and refine a persistent global mental model.
• Update earlier assumptions when contradicted ("Earlier I thought X; now Y.").
• Periodically anchor summaries to maintain stable context.
• Avoid speculation; express uncertainty explicitly when needed.

Goal: deep, accurate understanding, not conclusions.

---

Rationalizations (Do Not Skip)

| Rationalization | Why It's Wrong | Required Action | |-----------------|----------------|-----------------| | "I get the gist" | Gist-level understanding misses edge cases | Line-by-line analysis required | | "This function is simple" | Simple functions compose into complex bugs | Apply 5 Whys anyway | | "I'll remember this invariant" | You won't. Context degrades. | Write it down explicitly | | "External call is probably fine" | External = adversarial until proven otherwise | Jump into code or model as hostile | | "I can skip this helper" | Helpers contain assumptions that propagate | Trace the full call chain | | "This is taking too long" | Rushed context = hallucinated vulnerabilities later | Slow is fast |

---

4. Phase 1 — Initial Orientation (Bottom-Up Scan)

Before deep analysis, Claude performs a minimal mapping:

1. Identify major modules/files/contracts.
2. Note obvious public/external entrypoints.
3. Identify likely actors (users, owners, relayers, oracles, other contracts).
4. Identify important storage variables, dicts, state structs, or cells.
5. Build a preliminary structure without assuming behavior.

This establishes anchors for detailed analysis.

---

5. Phase 2 — Ultra-Granular Function Analysis (Default Mode)

Every non-trivial function receives full micro analysis.

5.1 Per-Function Microstructure Checklist

For each function:

1. Purpose
2. - Why the function exists and its role in the system.

1. Inputs & Assumptions
2. - Parameters and implicit inputs (state, sender, env).
3. - Preconditions and constraints.

1. Outputs & Effects
2. - Return values.
3. - State/storage writes.
4. - Events/messages.
5. - External interactions.

1. Block-by-Block / Line-by-Line Analysis
2. For each logical block:
3. - What it does.
4. - Why it appears here (ordering logic).
5. - What assumptions it relies on.
6. - What invariants it establishes or maintains.
7. - What later logic depends on it.

Apply per-block: - First Principles - 5 Whys - 5 Hows

---

5.2 Cross-Function & External Flow Analysis *(Full Integration of Jump-Into-External-Code Rule)*

When encountering calls, continue the same micro-first analysis across boundaries.

• #### Internal Calls
• Jump into the callee immediately.
• Perform block-by-block analysis of relevant code.
• Track flow of data, assumptions, and invariants:
• caller → callee → return → caller.
• Note if callee logic behaves differently in this specific call context.

#### External Calls — Two Cases

• Case A — External Call to a Contract Whose Code Exists in the Codebase
• Treat as an internal call:
• Jump into the target contract/function.
• Continue block-by-block micro-analysis.
• Propagate invariants and assumptions seamlessly.
• Consider edge cases based on the *actual* code, not a black-box guess.

• Case B — External Call Without Available Code (True External / Black Box)
• Analyze as adversarial:
• Describe payload/value/gas or parameters sent.
• Identify assumptions about the target.
• Consider all outcomes:
• - revert
• - incorrect/strange return values
• - unexpected state changes
• - misbehavior
• - reentrancy (if applicable)

#### Continuity Rule Treat the entire call chain as one continuous execution flow. Never reset context. All invariants, assumptions, and data dependencies must propagate across calls.

---

5.3 Complete Analysis Example

• See FUNCTION_MICRO_ANALYSIS_EXAMPLE.md for a complete walkthrough demonstrating:
• Full micro-analysis of a DEX swap function
• Application of First Principles, 5 Whys, and 5 Hows
• Block-by-block analysis with invariants and assumptions
• Cross-function dependency mapping
• Risk analysis for external interactions

This example demonstrates the level of depth and structure required for all analyzed functions.

---

5.4 Output Requirements

When performing ultra-granular analysis, Claude MUST structure output following the format defined in OUTPUT_REQUIREMENTS.md.

• Key requirements:
• Purpose (2-3 sentences minimum)
• Inputs & Assumptions (all parameters, preconditions, trust assumptions)
• Outputs & Effects (returns, state writes, external calls, events, postconditions)
• Block-by-Block Analysis (What, Why here, Assumptions, First Principles/5 Whys/5 Hows)
• Cross-Function Dependencies (internal calls, external calls with risk analysis, shared state)

• Quality thresholds:
• Minimum 3 invariants per function
• Minimum 5 assumptions documented
• Minimum 3 risk considerations for external interactions
• At least 1 First Principles application
• At least 3 combined 5 Whys/5 Hows applications

---

5.5 Completeness Checklist

Before concluding micro-analysis of a function, verify against the COMPLETENESS_CHECKLIST.md:

• Structural Completeness: All required sections present (Purpose, Inputs, Outputs, Block-by-Block, Dependencies)
• Content Depth: Minimum thresholds met (invariants, assumptions, risk analysis, First Principles)
• Continuity & Integration: Cross-references, propagated assumptions, invariant couplings
• Anti-Hallucination: Line number citations, no vague statements, evidence-based claims

Analysis is complete when all checklist items are satisfied and no unresolved "unclear" items remain.

---

6. Phase 3 — Global System Understanding

After sufficient micro-analysis:

1. State & Invariant Reconstruction
2. - Map reads/writes of each state variable.
3. - Derive multi-function and multi-module invariants.

1. Workflow Reconstruction
2. - Identify end-to-end flows (deposit, withdraw, lifecycle, upgrades).
3. - Track how state transforms across these flows.
4. - Record assumptions that persist across steps.

1. Trust Boundary Mapping
2. - Actor → entrypoint → behavior.
3. - Identify untrusted input paths.
4. - Privilege changes and implicit role expectations.

1. Complexity & Fragility Clustering
2. - Functions with many assumptions.
3. - High branching logic.
4. - Multi-step dependencies.
5. - Coupled state changes across modules.

These clusters help guide the vulnerability-hunting phase.

---

7. Stability & Consistency Rules *(Anti-Hallucination, Anti-Contradiction)*

Claude must:

• Never reshape evidence to fit earlier assumptions.
• When contradicted:
• - Update the model.
• - State the correction explicitly.

• Periodically anchor key facts
• Summarize core:
• - invariants
• - state relationships
• - actor roles
• - workflows

• Avoid vague guesses
• Use:
• - "Unclear; need to inspect X."
• instead of:
• - "It probably…"

• Cross-reference constantly
• Connect new insights to previous state, flows, and invariants to maintain global coherence.

---

8. Subagent Usage

• Claude may spawn subagents for:
• Dense or complex functions.
• Long data-flow or control-flow chains.
• Cryptographic / mathematical logic.
• Complex state machines.
• Multi-module workflow reconstruction.

Use the `function-analyzer` agent for per-function deep analysis. It follows the full microstructure checklist, cross-function flow rules, and quality thresholds defined in this skill, and enforces the pure-context-building constraint.

• Subagents must:
• Follow the same micro-first rules.
• Return summaries that Claude integrates into its global model.

---

9. Relationship to Other Phases

• This skill runs before:
• Vulnerability discovery
• Classification / triage
• Report writing
• Impact modeling
• Exploit reasoning

• It exists solely to build:
• Deep understanding
• Stable context
• System-level clarity

---

10. Non-Goals

• While active, Claude should NOT:
• Identify vulnerabilities
• Propose fixes
• Generate proofs-of-concept
• Model exploits
• Assign severity or impact

This is pure context building only.