Deep Analysis Skill

Comprehensive analytical templates for thorough investigation, audits, and evaluations leveraging extended thinking capabilities.

When to Use

• Code audits requiring systematic review
• Security assessments and threat modeling
• Performance analysis and optimization planning
• Architecture reviews and technical debt assessment
• Incident post-mortems and root cause analysis
• Compliance audits and risk assessments

Analysis Templates

Code Audit Template

## Code Audit Report

**Repository**: [repo-name]
**Scope**: [files/modules audited]
**Date**: [YYYY-MM-DD]
**Auditor**: Claude + [Human reviewer]

### Executive Summary
[2-3 sentence overview of findings]

### Audit Criteria
- [ ] Code quality and maintainability
- [ ] Security vulnerabilities
- [ ] Performance concerns
- [ ] Test coverage
- [ ] Documentation completeness
- [ ] Dependency health

### Critical Findings
| ID | Severity | Location | Issue | Recommendation |
|----|----------|----------|-------|----------------|
| C1 | Critical | file:line | [Issue] | [Fix] |
| C2 | Critical | file:line | [Issue] | [Fix] |

### High Priority Findings
| ID | Severity | Location | Issue | Recommendation |
|----|----------|----------|-------|----------------|
| H1 | High | file:line | [Issue] | [Fix] |

### Medium Priority Findings
[...]

### Low Priority / Suggestions
[...]

### Metrics
| Metric | Value | Target | Status |
|--------|-------|--------|--------|
| Test Coverage | 75% | 80% | ⚠️ |
| Cyclomatic Complexity | 12 | <10 | ⚠️ |
| Technical Debt | 4.2d | <3d | ❌ |
| Security Score | 8/10 | 9/10 | ⚠️ |

### Recommendations
1. **Immediate**: [Critical fixes]
2. **Short-term**: [Within sprint]
3. **Long-term**: [Tech debt reduction]

### Sign-off
- [ ] All critical issues addressed
- [ ] High priority issues have timeline
- [ ] Audit findings documented in backlog

Security Threat Model Template

## Threat Model: [System/Component Name]

**Version**: [1.0]
**Last Updated**: [YYYY-MM-DD]
**Classification**: [Internal/Confidential]

### System Overview
[Brief description of the system being modeled]

### Assets
| Asset | Description | Sensitivity | Owner |
|-------|-------------|-------------|-------|
| User Data | PII, credentials | Critical | Auth Team |
| API Keys | Service credentials | High | DevOps |
| Business Data | Transactions | High | Product |

### Trust Boundaries

┌─────────────────────────────────────────┐ │ External (Untrusted) │ │ [Internet Users] [Third-party APIs] │ └──────────────────┬──────────────────────┘ │ WAF/Load Balancer ┌──────────────────┴──────────────────────┐ │ DMZ (Semi-trusted) │ │ [API Gateway] [CDN] [Public Services] │ └──────────────────┬──────────────────────┘ │ Internal Firewall ┌──────────────────┴──────────────────────┐ │ Internal (Trusted) │ │ [App Servers] [Databases] [Queues] │ └─────────────────────────────────────────┘

### Threat Categories (STRIDE)

#### Spoofing
| Threat | Likelihood | Impact | Mitigation |
|--------|------------|--------|------------|
| Credential theft | Medium | High | MFA, rate limiting |
| Session hijacking | Low | High | Secure cookies, HTTPS |

#### Tampering
| Threat | Likelihood | Impact | Mitigation |
|--------|------------|--------|------------|
| SQL injection | Medium | Critical | Parameterized queries |
| Data modification | Low | High | Integrity checks |

#### Repudiation
[...]

#### Information Disclosure
[...]

#### Denial of Service
[...]

#### Elevation of Privilege
[...]

### Attack Vectors
1. **Vector 1**: [Description]
   - Entry point: [Where]
   - Technique: [How]
   - Mitigation: [Defense]

### Risk Matrix
| Threat | Likelihood | Impact | Risk Score | Priority |
|--------|------------|--------|------------|----------|
| T1     | High       | Critical | 9 | P1 |
| T2     | Medium     | High | 6 | P2 |
| T3     | Low        | Medium | 3 | P3 |

### Security Controls
| Control | Type | Status | Coverage |
|---------|------|--------|----------|
| WAF | Preventive | ✅ Active | External |
| SAST | Detective | ✅ CI/CD | Code |
| DAST | Detective | ⚠️ Partial | Runtime |
| Encryption | Preventive | ✅ Active | Data |

### Recommendations
1. [Priority 1 recommendations]
2. [Priority 2 recommendations]
3. [Priority 3 recommendations]

Performance Analysis Template

## Performance Analysis Report

**System**: [System name]
**Period**: [Date range]
**Environment**: [Production/Staging]

### Executive Summary
[Key findings and recommendations]

### Performance Metrics

#### Response Times
| Endpoint | P50 | P95 | P99 | Target | Status |
|----------|-----|-----|-----|--------|--------|
| /api/users | 45ms | 120ms | 350ms | <200ms | ✅ |
| /api/search | 230ms | 890ms | 2.1s | <500ms | ❌ |
| /api/reports | 1.2s | 3.4s | 8.2s | <2s | ❌ |

#### Throughput
| Service | Current RPS | Peak RPS | Capacity | Utilization |
|---------|-------------|----------|----------|-------------|
| API | 1,200 | 2,400 | 5,000 | 48% |
| Worker | 500 | 800 | 1,000 | 80% |

#### Resource Utilization
| Resource | Average | Peak | Threshold | Status |
|----------|---------|------|-----------|--------|
| CPU | 45% | 78% | 80% | ⚠️ |
| Memory | 62% | 85% | 85% | ⚠️ |
| Disk I/O | 30% | 55% | 70% | ✅ |
| Network | 25% | 40% | 60% | ✅ |

### Bottleneck Analysis

#### Identified Bottlenecks
1. **Database Queries** (High Impact)
   - Location: `/api/search` endpoint
   - Cause: Missing index on `created_at` column
   - Impact: 890ms P95 latency
   - Fix: Add composite index

2. **Memory Pressure** (Medium Impact)
   - Location: Report generation service
   - Cause: Large dataset loading into memory
   - Impact: GC pauses, OOM risks
   - Fix: Implement streaming/pagination

### Load Test Results
| Scenario | Users | Duration | Errors | Avg Response |
|----------|-------|----------|--------|--------------|
| Baseline | 100 | 10min | 0% | 120ms |
| Normal | 500 | 30min | 0.1% | 180ms |
| Peak | 1000 | 15min | 2.3% | 450ms |
| Stress | 2000 | 5min | 15% | 2.1s |

### Optimization Recommendations

#### Quick Wins (This Sprint)
1. Add database indexes - Expected: 40% improvement
2. Enable query caching - Expected: 25% improvement
3. Optimize N+1 queries - Expected: 30% improvement

#### Medium Term (Next Quarter)
1. Implement read replicas
2. Add CDN for static assets
3. Optimize serialization

#### Long Term (6+ Months)
1. Service decomposition
2. Event-driven architecture
3. Edge computing deployment

### Capacity Planning
| Timeframe | Expected Load | Current Capacity | Gap | Action |
|-----------|---------------|------------------|-----|--------|
| 3 months | +25% | 5,000 RPS | ✅ | Monitor |
| 6 months | +50% | 5,000 RPS | ⚠️ | Scale |
| 12 months | +100% | 5,000 RPS | ❌ | Redesign |

Architecture Review Template

## Architecture Review

**System**: [System name]
**Version**: [Current architecture version]
**Review Date**: [YYYY-MM-DD]
**Participants**: [Team members]

### Current Architecture

#### System Diagram

[Include architecture diagram or ASCII representation]

#### Components
| Component | Purpose | Technology | Owner |
|-----------|---------|------------|-------|
| API Gateway | Request routing | Kong | Platform |
| Auth Service | Authentication | Keycloak | Security |
| Core API | Business logic | Python/FastAPI | Backend |
| Database | Data persistence | PostgreSQL | Data |

#### Data Flow
1. User request → API Gateway
2. API Gateway → Auth validation
3. Auth → Core API
4. Core API → Database
5. Response → User

### Evaluation Criteria

#### Scalability
| Aspect | Current | Target | Gap | Score |
|--------|---------|--------|-----|-------|
| Horizontal scaling | Manual | Auto | Yes | 6/10 |
| Database scaling | Single | Sharded | Yes | 5/10 |
| Caching | Redis | Distributed | No | 8/10 |

#### Reliability
| Aspect | Current | Target | Gap | Score |
|--------|---------|--------|-----|-------|
| Availability | 99.5% | 99.9% | Yes | 7/10 |
| Disaster recovery | Manual | Auto | Yes | 5/10 |
| Data backup | Daily | Real-time | Yes | 6/10 |

#### Maintainability
| Aspect | Current | Target | Gap | Score |
|--------|---------|--------|-----|-------|
| Code modularity | Medium | High | Yes | 6/10 |
| Documentation | Partial | Complete | Yes | 5/10 |
| Test coverage | 70% | 85% | Yes | 7/10 |

### Technical Debt Assessment
| Item | Impact | Effort | Priority | Age |
|------|--------|--------|----------|-----|
| Legacy auth system | High | High | P1 | 2y |
| Monolithic API | Medium | High | P2 | 1.5y |
| Missing monitoring | Medium | Low | P1 | 1y |

### Recommendations

#### Immediate (0-3 months)
1. [Recommendation 1]
2. [Recommendation 2]

#### Short-term (3-6 months)
1. [Recommendation 1]
2. [Recommendation 2]

#### Long-term (6-12 months)
1. [Recommendation 1]
2. [Recommendation 2]

### Decision Log
| Decision | Rationale | Alternatives Considered | Date |
|----------|-----------|------------------------|------|
| [Decision 1] | [Why] | [Options] | [Date] |

Integration with Extended Thinking

For deep analysis tasks, use maximum thinking budget:

response = client.messages.create(
    model="claude-opus-4-5-20250514",
    max_tokens=32000,
    thinking={
        "type": "enabled",
        "budget_tokens": 25000  # Maximum budget for deep analysis
    },
    system="""You are a senior technical analyst performing a
    comprehensive review. Use structured analysis templates and
    document all findings systematically.""",
    messages=[{
        "role": "user",
        "content": "Perform a security threat model for..."
    }]
)

Best Practices

1. Use appropriate templates: Match template to analysis type
2. Be systematic: Follow the template structure completely
3. Quantify findings: Use metrics and severity ratings
4. Prioritize actionable: Focus on findings that can be fixed
5. Document evidence: Link to specific code/logs/data
6. Track progress: Update findings as they're addressed

See Also

• [[extended-thinking]] - Enable deep reasoning capabilities
• [[complex-reasoning]] - Reasoning frameworks
• [[testing]] - Validation strategies
• [[debugging]] - Issue investigation