deep-analysis

• Code audits requiring systematic review
• Security assessments and threat modeling
• Performance analysis and optimization planning
• Architecture reviews and technical debt assessment
• Incident post-mortems and root cause analysis
• Compliance audits and risk assessments

Code Audit Template

```markdown

Repository: [repo-name]

Scope: [files/modules audited]

Date: [YYYY-MM-DD]

Auditor: Claude + [Human reviewer]

Executive Summary

[2-3 sentence overview of findings]

Audit Criteria

• [ ] Code quality and maintainability
• [ ] Security vulnerabilities
• [ ] Performance concerns
• [ ] Test coverage
• [ ] Documentation completeness
• [ ] Dependency health

Critical Findings

| ID | Severity | Location | Issue | Recommendation |

|----|----------|----------|-------|----------------|

| C1 | Critical | file:line | [Issue] | [Fix] |

| C2 | Critical | file:line | [Issue] | [Fix] |

High Priority Findings

| ID | Severity | Location | Issue | Recommendation |

|----|----------|----------|-------|----------------|

| H1 | High | file:line | [Issue] | [Fix] |

Medium Priority Findings

[...]

Low Priority / Suggestions

[...]

Metrics

| Metric | Value | Target | Status |

|--------|-------|--------|--------|

| Test Coverage | 75% | 80% | ⚠️ |

| Cyclomatic Complexity | 12 | <10 | ⚠️ |

| Technical Debt | 4.2d | <3d | ❌ |

| Security Score | 8/10 | 9/10 | ⚠️ |

Recommendations

1. Immediate: [Critical fixes]
2. Short-term: [Within sprint]
3. Long-term: [Tech debt reduction]

Sign-off

• [ ] All critical issues addressed
• [ ] High priority issues have timeline
• [ ] Audit findings documented in backlog

```

Security Threat Model Template

```markdown

Version: [1.0]

Last Updated: [YYYY-MM-DD]

Classification: [Internal/Confidential]

System Overview

[Brief description of the system being modeled]

Assets

| Asset | Description | Sensitivity | Owner |

|-------|-------------|-------------|-------|

| User Data | PII, credentials | Critical | Auth Team |

| API Keys | Service credentials | High | DevOps |

| Business Data | Transactions | High | Product |

Trust Boundaries

```

┌─────────────────────────────────────────┐

│ External (Untrusted) │

│ [Internet Users] [Third-party APIs] │

└──────────────────┬──────────────────────┘

│ WAF/Load Balancer

┌──────────────────┴──────────────────────┐

│ DMZ (Semi-trusted) │

│ [API Gateway] [CDN] [Public Services] │

└──────────────────┬──────────────────────┘

│ Internal Firewall

┌──────────────────┴──────────────────────┐

│ Internal (Trusted) │

│ [App Servers] [Databases] [Queues] │

└─────────────────────────────────────────┘

```

Threat Categories (STRIDE)

#### Spoofing

| Threat | Likelihood | Impact | Mitigation |

|--------|------------|--------|------------|

| Credential theft | Medium | High | MFA, rate limiting |

| Session hijacking | Low | High | Secure cookies, HTTPS |

#### Tampering

| Threat | Likelihood | Impact | Mitigation |

|--------|------------|--------|------------|

| SQL injection | Medium | Critical | Parameterized queries |

| Data modification | Low | High | Integrity checks |

#### Repudiation

[...]

#### Information Disclosure

[...]

#### Denial of Service

[...]

#### Elevation of Privilege

[...]

Attack Vectors

1. Vector 1: [Description]

- Entry point: [Where]

- Technique: [How]

- Mitigation: [Defense]

Risk Matrix

| Threat | Likelihood | Impact | Risk Score | Priority |

|--------|------------|--------|------------|----------|

| T1 | High | Critical | 9 | P1 |

| T2 | Medium | High | 6 | P2 |

| T3 | Low | Medium | 3 | P3 |

Security Controls

| Control | Type | Status | Coverage |

|---------|------|--------|----------|

| WAF | Preventive | ✅ Active | External |

| SAST | Detective | ✅ CI/CD | Code |

| DAST | Detective | ⚠️ Partial | Runtime |

| Encryption | Preventive | ✅ Active | Data |

Recommendations

1. [Priority 1 recommendations]
2. [Priority 2 recommendations]
3. [Priority 3 recommendations]

```

Performance Analysis Template

```markdown

System: [System name]

Period: [Date range]

Environment: [Production/Staging]

Executive Summary

[Key findings and recommendations]

Performance Metrics

#### Response Times

| Endpoint | P50 | P95 | P99 | Target | Status |

|----------|-----|-----|-----|--------|--------|

| /api/users | 45ms | 120ms | 350ms | <200ms | ✅ |

| /api/search | 230ms | 890ms | 2.1s | <500ms | ❌ |

| /api/reports | 1.2s | 3.4s | 8.2s | <2s | ❌ |

#### Throughput

| Service | Current RPS | Peak RPS | Capacity | Utilization |

|---------|-------------|----------|----------|-------------|

| API | 1,200 | 2,400 | 5,000 | 48% |

| Worker | 500 | 800 | 1,000 | 80% |

#### Resource Utilization

| Resource | Average | Peak | Threshold | Status |

|----------|---------|------|-----------|--------|

| CPU | 45% | 78% | 80% | ⚠️ |

| Memory | 62% | 85% | 85% | ⚠️ |

| Disk I/O | 30% | 55% | 70% | ✅ |

| Network | 25% | 40% | 60% | ✅ |

Bottleneck Analysis

#### Identified Bottlenecks

1. Database Queries (High Impact)

- Location: /api/search endpoint

- Cause: Missing index on created_at column

- Impact: 890ms P95 latency

- Fix: Add composite index

1. Memory Pressure (Medium Impact)

- Location: Report generation service

- Cause: Large dataset loading into memory

- Impact: GC pauses, OOM risks

- Fix: Implement streaming/pagination

Load Test Results

| Scenario | Users | Duration | Errors | Avg Response |

|----------|-------|----------|--------|--------------|

| Baseline | 100 | 10min | 0% | 120ms |

| Normal | 500 | 30min | 0.1% | 180ms |

| Peak | 1000 | 15min | 2.3% | 450ms |

| Stress | 2000 | 5min | 15% | 2.1s |

Optimization Recommendations

#### Quick Wins (This Sprint)

1. Add database indexes - Expected: 40% improvement
2. Enable query caching - Expected: 25% improvement
3. Optimize N+1 queries - Expected: 30% improvement

#### Medium Term (Next Quarter)

1. Implement read replicas
2. Add CDN for static assets
3. Optimize serialization

#### Long Term (6+ Months)

1. Service decomposition
2. Event-driven architecture
3. Edge computing deployment

Capacity Planning

| Timeframe | Expected Load | Current Capacity | Gap | Action |

|-----------|---------------|------------------|-----|--------|

| 3 months | +25% | 5,000 RPS | ✅ | Monitor |

| 6 months | +50% | 5,000 RPS | ⚠️ | Scale |

| 12 months | +100% | 5,000 RPS | ❌ | Redesign |

```

Architecture Review Template

```markdown

System: [System name]

Version: [Current architecture version]

Review Date: [YYYY-MM-DD]

Participants: [Team members]

Current Architecture

#### System Diagram

```

[Include architecture diagram or ASCII representation]

```

#### Components

| Component | Purpose | Technology | Owner |

|-----------|---------|------------|-------|

| API Gateway | Request routing | Kong | Platform |

| Auth Service | Authentication | Keycloak | Security |

| Core API | Business logic | Python/FastAPI | Backend |

| Database | Data persistence | PostgreSQL | Data |

#### Data Flow

1. User request → API Gateway
2. API Gateway → Auth validation
3. Auth → Core API
4. Core API → Database
5. Response → User

Evaluation Criteria

#### Scalability

| Aspect | Current | Target | Gap | Score |

|--------|---------|--------|-----|-------|

| Horizontal scaling | Manual | Auto | Yes | 6/10 |

| Database scaling | Single | Sharded | Yes | 5/10 |

| Caching | Redis | Distributed | No | 8/10 |

#### Reliability

| Aspect | Current | Target | Gap | Score |

|--------|---------|--------|-----|-------|

| Availability | 99.5% | 99.9% | Yes | 7/10 |

| Disaster recovery | Manual | Auto | Yes | 5/10 |

| Data backup | Daily | Real-time | Yes | 6/10 |

#### Maintainability

| Aspect | Current | Target | Gap | Score |

|--------|---------|--------|-----|-------|

| Code modularity | Medium | High | Yes | 6/10 |

| Documentation | Partial | Complete | Yes | 5/10 |

| Test coverage | 70% | 85% | Yes | 7/10 |

Technical Debt Assessment

| Item | Impact | Effort | Priority | Age |

|------|--------|--------|----------|-----|

| Legacy auth system | High | High | P1 | 2y |

| Monolithic API | Medium | High | P2 | 1.5y |

| Missing monitoring | Medium | Low | P1 | 1y |

Recommendations

#### Immediate (0-3 months)

1. [Recommendation 1]
2. [Recommendation 2]

#### Short-term (3-6 months)

1. [Recommendation 1]
2. [Recommendation 2]

#### Long-term (6-12 months)

1. [Recommendation 1]
2. [Recommendation 2]

Decision Log

| Decision | Rationale | Alternatives Considered | Date |

|----------|-----------|------------------------|------|

| [Decision 1] | [Why] | [Options] | [Date] |

```

For deep analysis tasks, use maximum thinking budget:

```python

response = client.messages.create(

model="claude-opus-4-5-20250514",

max_tokens=32000,

thinking={

"type": "enabled",

"budget_tokens": 25000 # Maximum budget for deep analysis

},

system="""You are a senior technical analyst performing a

comprehensive review. Use structured analysis templates and

document all findings systematically.""",

messages=[{

"role": "user",

"content": "Perform a security threat model for..."

}]

)

```

1. Use appropriate templates: Match template to analysis type
2. Be systematic: Follow the template structure completely
3. Quantify findings: Use metrics and severity ratings
4. Prioritize actionable: Focus on findings that can be fixed
5. Document evidence: Link to specific code/logs/data
6. Track progress: Update findings as they're addressed

• [[extended-thinking]] - Enable deep reasoning capabilities
• [[complex-reasoning]] - Reasoning frameworks
• [[testing]] - Validation strategies
• [[debugging]] - Issue investigation