| name | ultrathink-detective |
| description | ⚡ PRIMARY TOOL for: 'comprehensive audit', 'deep analysis', 'full codebase review', 'multi-perspective investigation', 'complex questions'. Combines ALL detective perspectives (architect+developer+tester+debugger). Uses Opus model. REPLACES grep/glob entirely. Uses claudemem v0.3.0 AST with ALL commands (map, symbol, callers, callees, context). GREP/FIND/GLOB ARE FORBIDDEN. |
| allowed-tools | Bash, Task, Read, AskUserQuestion |
| model | opus |
⛔⛔⛔ CRITICAL: AST STRUCTURAL ANALYSIS ONLY ⛔⛔⛔
╔══════════════════════════════════════════════════════════════════════════════╗
║ ║
║ 🧠 THIS SKILL USES claudemem v0.3.0 AST ANALYSIS EXCLUSIVELY ║
║ ║
║ ❌ GREP IS FORBIDDEN ║
║ ❌ FIND IS FORBIDDEN ║
║ ❌ GLOB IS FORBIDDEN ║
║ ║
║ ✅ claudemem --nologo map "query" --raw FOR ARCHITECTURE ║
║ ✅ claudemem --nologo symbol <name> --raw FOR EXACT LOCATIONS ║
║ ✅ claudemem --nologo callers <name> --raw FOR IMPACT ANALYSIS ║
║ ✅ claudemem --nologo callees <name> --raw FOR DEPENDENCY TRACING ║
║ ✅ claudemem --nologo context <name> --raw FOR FULL CALL CHAIN ║
║ ✅ claudemem --nologo search "query" --raw FOR SEMANTIC SEARCH ║
║ ║
║ ⭐ v0.3.0: ALL commands used for comprehensive multi-dimensional analysis ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
Ultrathink Detective Skill
Version: 3.3.0 Role: Senior Principal Engineer / Tech Lead Model: Opus (for maximum reasoning depth) Purpose: Comprehensive multi-dimensional codebase investigation using ALL AST analysis commands with code health assessment
Role Context
You are investigating as a Senior Principal Engineer. Your analysis is:
- Holistic - All perspectives (architecture, implementation, testing, debugging)
- Deep - Beyond surface-level using full call chain context
- Strategic - Long-term implications from PageRank centrality
- Evidence-based - Every conclusion backed by AST relationships
- Actionable - Clear recommendations with priorities
Why Ultrathink Uses ALL Commands
| Command | Primary Use | Ultrathink Application |
|---|---|---|
map |
Architecture overview | Dimension 1: Structure discovery |
symbol |
Exact locations | Pinpoint critical code |
callers |
Impact analysis | Dimensions 2-3: Usage patterns, test coverage |
callees |
Dependencies | Dimensions 4-5: Data flow, reliability |
context |
Full chain | Bug investigation, root cause analysis |
search |
Semantic query | Dimension 6: Broad pattern discovery |
When to Use Ultrathink
- Complex bugs spanning multiple systems
- Major refactoring decisions
- Technical debt assessment
- New developer onboarding
- Post-incident root cause analysis
- Architecture decision records
- Security audits
- Comprehensive code reviews
PHASE 0: MANDATORY SETUP (CANNOT BE SKIPPED)
Step 1: Verify claudemem v0.3.0
which claudemem && claudemem --version
# Must be 0.3.0+
Step 2: If Not Installed → STOP
DO NOT FALL BACK TO GREP. Use AskUserQuestion:
AskUserQuestion({
questions: [{
question: "claudemem v0.3.0 (AST structural analysis) is required. Grep/find are NOT acceptable alternatives. How proceed?",
header: "Required",
multiSelect: false,
options: [
{ label: "Install via npm (Recommended)", description: "npm install -g claude-codemem" },
{ label: "Install via Homebrew", description: "brew tap MadAppGang/claude-mem && brew install --cask claudemem" },
{ label: "Cancel", description: "I'll install manually" }
]
}]
})
Step 3: Check Index Status
# Check claudemem installation and index
claudemem --version && ls -la .claudemem/index.db 2>/dev/null
Step 3.5: Check Index Freshness
Before proceeding with investigation, verify the index is current:
# First check if index exists
if [ ! -d ".claudemem" ] || [ ! -f ".claudemem/index.db" ]; then
# Use AskUserQuestion to prompt for index creation
# Options: [1] Create index now (Recommended), [2] Cancel investigation
exit 1
fi
# Count files modified since last index
STALE_COUNT=$(find . -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.jsx" -o -name "*.py" -o -name "*.go" -o -name "*.rs" \) \
-newer .claudemem/index.db 2>/dev/null | grep -v "node_modules" | grep -v ".git" | grep -v "dist" | grep -v "build" | wc -l)
STALE_COUNT=$((STALE_COUNT + 0)) # Normalize to integer
if [ "$STALE_COUNT" -gt 0 ]; then
# Get index time with explicit platform detection
if [[ "$OSTYPE" == "darwin"* ]]; then
INDEX_TIME=$(stat -f "%Sm" -t "%Y-%m-%d %H:%M" .claudemem/index.db 2>/dev/null)
else
INDEX_TIME=$(stat -c "%y" .claudemem/index.db 2>/dev/null | cut -d'.' -f1)
fi
INDEX_TIME=${INDEX_TIME:-"unknown time"}
# Get sample of stale files
STALE_SAMPLE=$(find . -type f \( -name "*.ts" -o -name "*.tsx" \) \
-newer .claudemem/index.db 2>/dev/null | grep -v "node_modules" | grep -v ".git" | head -5)
# Use AskUserQuestion to ask user how to proceed
# Options: [1] Reindex now (Recommended), [2] Proceed with stale index, [3] Cancel
fi
AskUserQuestion Template for Stale Index:
AskUserQuestion({
questions: [{
question: `${STALE_COUNT} files have been modified since the last index (${INDEX_TIME}). The claudemem index may be outdated, which could cause missing or incorrect results. How would you like to proceed?`,
header: "Index Freshness Warning",
multiSelect: false,
options: [
{
label: "Reindex now (Recommended)",
description: `Run claudemem index to update. Takes ~1-2 minutes. Recently modified: ${STALE_SAMPLE}`
},
{
label: "Proceed with stale index",
description: "Continue investigation. May miss recent code changes."
},
{
label: "Cancel investigation",
description: "I'll handle this manually."
}
]
}]
})
If user selects "Proceed with stale index", display warning banner in output:
╔══════════════════════════════════════════════════════════════════════════════╗
║ WARNING: Index is stale (${STALE_COUNT} files modified since ${INDEX_TIME}) ║
║ Results may not reflect recent code changes. ║
╚══════════════════════════════════════════════════════════════════════════════╝
Step 4: Index if Needed
claudemem index
Multi-Dimensional Analysis Framework (v0.3.0)
Dimension 1: Architecture (map command)
# Get overall structure with PageRank
claudemem --nologo map --raw
# Focus on high-PageRank symbols (> 0.05) - these ARE the architecture
# Layer identification
claudemem --nologo map "controller handler endpoint" --raw # Presentation
claudemem --nologo map "service business logic" --raw # Business
claudemem --nologo map "repository database query" --raw # Data
# Pattern detection
claudemem --nologo map "factory create builder" --raw
claudemem --nologo map "interface abstract contract" --raw
claudemem --nologo map "event emit subscribe" --raw
Dimension 2: Implementation (callers/callees)
# For high-PageRank symbols, trace dependencies
claudemem --nologo callees PaymentService --raw
# What calls critical code?
claudemem --nologo callers processPayment --raw
# Full dependency chain
claudemem --nologo context OrderController --raw
Dimension 3: Test Coverage (callers analysis)
# Find tests for critical functions
claudemem --nologo callers authenticateUser --raw
# Look for callers from *.test.ts or *.spec.ts
# Map test infrastructure
claudemem --nologo map "test spec describe it" --raw
claudemem --nologo map "mock stub spy helper" --raw
# Coverage gaps = functions with 0 test callers
claudemem --nologo callers criticalFunction --raw
# If no test file callers → coverage gap
Dimension 4: Reliability (context command)
# Error handling chains
claudemem --nologo context handleError --raw
# Exception flow
claudemem --nologo map "throw error exception" --raw
claudemem --nologo callers CustomError --raw
# Recovery patterns
claudemem --nologo map "retry fallback circuit" --raw
Dimension 5: Security (symbol + callers)
# Authentication
claudemem --nologo symbol authenticate --raw
claudemem --nologo callees authenticate --raw
claudemem --nologo callers authenticate --raw
# Authorization
claudemem --nologo map "permission role check guard" --raw
# Sensitive data
claudemem --nologo map "password hash token secret" --raw
claudemem --nologo callers encrypt --raw
Dimension 6: Performance (semantic search)
# Database patterns
claudemem --nologo search "query database batch" --raw
# Async patterns
claudemem --nologo map "async await promise parallel" --raw
# Caching
claudemem --nologo map "cache memoize store" --raw
Dimension 7: Code Health (v0.4.0+ Required)
# Dead code detection
DEAD=$(claudemem --nologo dead-code --raw)
if [ -n "$DEAD" ]; then
# Categorize:
# - High PageRank dead = Something broke (investigate)
# - Low PageRank dead = Cleanup candidate
echo "Dead Code Analysis:"
echo "$DEAD"
else
echo "No dead code found - excellent hygiene!"
fi
# Test coverage gaps
GAPS=$(claudemem --nologo test-gaps --raw)
if [ -n "$GAPS" ]; then
# Impact analysis for high-PageRank gaps
echo "Test Gap Analysis:"
echo "$GAPS"
# For critical gaps, show full impact
for symbol in $(echo "$GAPS" | grep "pagerank: 0.0[5-9]" | awk '{print $4}'); do
echo "Impact for critical untested: $symbol"
claudemem --nologo impact "$symbol" --raw
done
else
echo "No test gaps found - excellent coverage!"
fi
Comprehensive Analysis Workflow (v0.3.0)
Phase 1: Architecture Mapping (10 min)
# Get structural overview with PageRank
claudemem --nologo map --raw
# Document high-PageRank symbols (> 0.05)
# These are architectural pillars - understand first
# Map each layer
claudemem --nologo map "controller route endpoint" --raw
claudemem --nologo map "service business domain" --raw
claudemem --nologo map "repository data persist" --raw
Phase 2: Critical Path Analysis (15 min)
# For each high-PageRank symbol:
# 1. Get exact location
claudemem --nologo symbol PaymentService --raw
# 2. Trace dependencies (what it needs)
claudemem --nologo callees PaymentService --raw
# 3. Trace usage (what depends on it)
claudemem --nologo callers PaymentService --raw
# 4. Full context for complex ones
claudemem --nologo context PaymentService --raw
Phase 3: Test Coverage Assessment (10 min)
# For each critical function, check callers
claudemem --nologo callers processPayment --raw
claudemem --nologo callers authenticateUser --raw
claudemem --nologo callers updateProfile --raw
# Count:
# - Test callers (from *.test.ts, *.spec.ts)
# - Production callers
# High PageRank + 0 test callers = CRITICAL GAP
Phase 4: Risk Identification (10 min)
# Security symbols
claudemem --nologo map "auth session token" --raw
claudemem --nologo callers validateToken --raw
# Error handling
claudemem --nologo map "error exception throw" --raw
claudemem --nologo context handleFailure --raw
# External integrations
claudemem --nologo map "API external webhook" --raw
claudemem --nologo callers stripeClient --raw
Phase 5: Technical Debt Inventory (10 min)
# Deprecated patterns
claudemem --nologo search "TODO FIXME deprecated" --raw
# Complexity indicators (high PageRank but many callees)
claudemem --nologo callees LargeService --raw
# > 20 callees = potential god class
# Orphaned code (low PageRank, 0 callers)
claudemem --nologo callers unusedFunction --raw
Output Format: Comprehensive Report (v0.3.0)
Executive Summary
┌─────────────────────────────────────────────────────────────────┐
│ CODEBASE COMPREHENSIVE ANALYSIS (v0.3.0) │
├─────────────────────────────────────────────────────────────────┤
│ Overall Health: 🟡 MODERATE (7.2/10) │
│ Search Method: claudemem v0.3.0 (AST + PageRank) │
│ │
│ Dimensions: │
│ ├── Architecture: 🟢 GOOD (8/10) [map analysis] │
│ ├── Implementation: 🟡 MODERATE (7/10) [callers/callees] │
│ ├── Testing: 🔴 POOR (5/10) [test-gaps] │
│ ├── Reliability: 🟢 GOOD (8/10) [context tracing] │
│ ├── Security: 🟡 MODERATE (7/10) [auth callers] │
│ ├── Performance: 🟢 GOOD (8/10) [async patterns] │
│ └── Code Health: 🟡 MODERATE (6/10) [dead-code + impact] │
│ │
│ Critical: 3 | Major: 7 | Minor: 15 │
└─────────────────────────────────────────────────────────────────┘
Dimension 1: Architecture (from map)
Core Abstractions (PageRank > 0.05):
├── UserService (0.092) - Central business logic
├── Database (0.078) - Data access foundation
├── AuthMiddleware (0.056) - Security boundary
└── EventBus (0.051) - Cross-cutting concerns
Layer Structure:
┌─────────────────────────────────────────────────────────┐
│ PRESENTATION (src/controllers/) │
│ └── UserController (0.034) │
│ └── AuthController (0.028) │
│ ↓ │
│ BUSINESS (src/services/) │
│ └── UserService (0.092) ⭐HIGH PAGERANK │
│ └── AuthService (0.067) │
│ ↓ │
│ DATA (src/repositories/) │
│ └── UserRepository (0.045) │
│ └── Database (0.078) ⭐HIGH PAGERANK │
└─────────────────────────────────────────────────────────┘
Dimension 2: Implementation (from callers/callees)
Critical Data Flows:
processPayment (PageRank: 0.045)
├── CALLEES (dependencies):
│ ├── validateCard → stripeClient.validateCard
│ ├── getCustomer → Database.query
│ ├── chargeStripe → stripeClient.charge
│ └── saveTransaction → TransactionRepository.save
│
└── CALLERS (usage):
├── CheckoutController.submit:45
├── SubscriptionService.renew:89
└── RetryQueue.processPayment:23
Dimension 3: Test Coverage (from callers)
| Function | Test Callers | Prod Callers | Coverage |
|---------------------|--------------|--------------|----------|
| authenticateUser | 5 | 12 | ✅ Good |
| processPayment | 3 | 8 | ✅ Good |
| calculateDiscount | 0 | 4 | ❌ None |
| sendEmail | 1 | 6 | ⚠️ Low |
| updateUserProfile | 0 | 3 | ❌ None |
🔴 CRITICAL GAPS (high PageRank + 0 test callers):
└── calculateDiscount (PageRank: 0.034)
└── callers: 4 production, 0 tests
Dimension 4: Reliability (from context)
Error Handling Chain:
handleAuthError (context analysis):
├── Defined: src/middleware/auth.ts:45
├── CALLERS (error sources):
│ ├── validateToken:23 → throws on invalid
│ ├── refreshSession:67 → throws on expired
│ └── checkPermission:89 → throws on denied
└── CALLEES (error handling):
├── logError → Logger.error
├── notifyAdmin → AlertService.send (if critical)
└── formatResponse → ErrorFormatter.toJSON
Dimension 5: Security (from symbol + callers)
Authentication Flow:
authenticate (PageRank: 0.067)
├── Location: src/services/auth.ts:23-67
├── CALLEES:
│ ├── bcrypt.compare (password verification)
│ ├── jwt.sign (token generation)
│ └── SessionStore.create (session persistence)
└── CALLERS (entry points):
├── LoginController.login:12 ✅
├── OAuthController.callback:45 ✅
└── APIMiddleware.verify:23 ⚠️ (rate limiting?)
Dimension 6: Performance (from map + callees)
Database Access Patterns:
UserRepository.findWithRelations (PageRank: 0.028)
├── CALLEES:
│ ├── Database.query (1 call)
│ ├── RelationLoader.load (per relation) ⚠️ N+1?
│ └── Cache.get (optimization)
└── CALLERS: 8 locations
└── 3 in loops ⚠️ Potential N+1
Recommendation: Batch relation loading or use joins
Action Items (Prioritized by PageRank Impact)
🔴 IMMEDIATE (This Sprint) - Affects High-PageRank Code
1. Add tests for calculateDiscount (PageRank: 0.034)
└── callers show: 4 production uses, 0 tests
2. Fix N+1 query in UserRepository.findWithRelations
└── callees show: RelationLoader called per item
3. Add rate limiting to APIMiddleware.verify
└── callers show: All API endpoints exposed
🟠 SHORT-TERM (Next 2 Sprints)
4. Add error recovery to PaymentService
└── context shows: No retry on Stripe failures
5. Increase test coverage for AuthService
└── callers show: Only 2 test files cover critical code
🟡 MEDIUM-TERM (This Quarter)
6. Refactor UserService (PageRank: 0.092)
└── callees show: 23 dependencies (god class pattern)
7. Add observability to EventBus
└── callers show: 15 publishers, no monitoring
Result Validation Pattern
After EVERY claudemem command, validate results to ensure quality:
Validation Per Dimension
Each dimension MUST validate its claudemem results before proceeding:
Dimension 1: Architecture (map)
RESULTS=$(claudemem --nologo map --raw)
EXIT_CODE=$?
# Check for command failure
if [ "$EXIT_CODE" -ne 0 ]; then
echo "ERROR: claudemem map failed"
# Diagnose and ask user (see Fallback Protocol below)
exit 1
fi
# Check for empty results
if [ -z "$RESULTS" ]; then
echo "WARNING: No architectural symbols found - index may be empty"
# Ask user to reindex or cancel
fi
# Validate PageRank values present
if ! echo "$RESULTS" | grep -q "pagerank:"; then
echo "WARNING: No PageRank data - index may be corrupted or outdated"
# Ask user to reindex
fi
Dimension 2-6: All Other Commands
RESULTS=$(claudemem --nologo [command] [args] --raw)
EXIT_CODE=$?
# Check exit code
if [ "$EXIT_CODE" -ne 0 ]; then
# Diagnose index health
DIAGNOSIS=$(claudemem --version && ls -la .claudemem/index.db 2>&1)
# Use AskUserQuestion for recovery options
fi
# Check for empty/irrelevant results
# Extract keywords from the user's investigation query
# Example: QUERY="how does auth work" → KEYWORDS="auth work authentication"
# The orchestrating agent must populate KEYWORDS before this check
MATCH_COUNT=0
for kw in $KEYWORDS; do
if echo "$RESULTS" | grep -qi "$kw"; then
MATCH_COUNT=$((MATCH_COUNT + 1))
fi
done
if [ "$MATCH_COUNT" -eq 0 ]; then
# Results don't match query - potentially irrelevant
# Use AskUserQuestion (see Fallback Protocol)
fi
Dimension 3: Test Coverage (callers)
RESULTS=$(claudemem --nologo callers $FUNCTION --raw)
# Even 0 callers is valid - but validate it's not an error
if echo "$RESULTS" | grep -qi "error\|not found"; then
# Actual error vs no callers
# Use AskUserQuestion
fi
FALLBACK PROTOCOL
CRITICAL: Never use grep/find/Glob without explicit user approval.
╔══════════════════════════════════════════════════════════════════════════════╗
║ ║
║ FALLBACK PROTOCOL (NEVER SILENT) ║
║ ║
║ If claudemem fails OR returns irrelevant results: ║
║ ║
║ 1. STOP - Do not silently switch to grep/find ║
║ 2. DIAGNOSE - Run claudemem status to check index health ║
║ 3. COMMUNICATE - Tell user what happened ║
║ 4. ASK - Get explicit user permission via AskUserQuestion ║
║ ║
║ grep/find/Glob ARE FORBIDDEN without explicit user approval ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
Fallback Decision Tree
If claudemem fails or returns unexpected results:
- STOP - Do not silently switch tools
- DIAGNOSE - Run
claudemem status - REPORT - Tell user what happened
- ASK - Use AskUserQuestion for next steps
// Fallback AskUserQuestion Template
AskUserQuestion({
questions: [{
question: "claudemem [command] failed or returned irrelevant results. How should I proceed?",
header: "Investigation Issue",
multiSelect: false,
options: [
{ label: "Reindex codebase", description: "Run claudemem index (~1-2 min)" },
{ label: "Try different query", description: "Rephrase the search" },
{ label: "Use grep (not recommended)", description: "Traditional search - loses semantic understanding" },
{ label: "Cancel", description: "Stop investigation" }
]
}]
})
Grep Fallback Warning
If user explicitly chooses grep fallback, display this warning:
## WARNING: Using Fallback Search (grep)
You have chosen to use grep as a fallback. Please understand the limitations:
| Feature | claudemem | grep |
|---------|-----------|------|
| Semantic understanding | Yes | No |
| Call graph analysis | Yes | No |
| Symbol relationships | Yes | No |
| PageRank ranking | Yes | No |
| False positives | Low | High |
**Recommendation:** After completing this task, run `claudemem index` to rebuild
the index for future investigations.
Proceeding with grep...
🚫 FORBIDDEN: DO NOT USE
# ❌ ALL OF THESE ARE FORBIDDEN
grep -r "pattern" .
rg "pattern"
find . -name "*.ts"
git grep "term"
Glob({ pattern: "**/*.ts" })
Grep({ pattern: "function" })
✅ REQUIRED: ALWAYS USE
# ✅ claudemem v0.3.0 AST Commands
claudemem --nologo map "query" --raw # Architecture
claudemem --nologo symbol <name> --raw # Location
claudemem --nologo callers <name> --raw # Impact
claudemem --nologo callees <name> --raw # Dependencies
claudemem --nologo context <name> --raw # Full chain
claudemem --nologo search "query" --raw # Semantic
Cross-Plugin Integration
This skill should be used by ANY agent that needs deep analysis:
| Agent Type | Should Use | From Plugin |
|---|---|---|
frontend-architect |
ultrathink-detective |
frontend |
api-architect |
ultrathink-detective |
bun |
senior-code-reviewer |
ultrathink-detective |
frontend |
| Any architect agent | ultrathink-detective |
any |
Agents reference this skill in their frontmatter:
---
skills: code-analysis:ultrathink-detective
---
⚠️ FINAL REMINDER
╔══════════════════════════════════════════════════════════════════════════════╗
║ ║
║ ULTRATHINK = ALL claudemem v0.3.0 AST COMMANDS ║
║ ║
║ WORKFLOW: ║
║ 1. claudemem --nologo map --raw ← Architecture (PageRank) ║
║ 2. claudemem --nologo symbol <name> --raw ← Exact locations ║
║ 3. claudemem --nologo callers <name> --raw ← Impact analysis ║
║ 4. claudemem --nologo callees <name> --raw ← Dependencies ║
║ 5. claudemem --nologo context <name> --raw ← Full call chain ║
║ 6. Read specific file:line (NOT whole files) ║
║ ║
║ ❌ grep, find, rg, Glob, Grep tool ║
║ ║
║ PageRank > 0.05 = Architectural pillar = Analyze FIRST ║
║ High PageRank + 0 test callers = CRITICAL coverage gap ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
Maintained by: MadAppGang Plugin: code-analysis v2.7.0 Last Updated: December 2025 (v3.3.0 - Cross-platform compatibility, inline templates, improved validation)