Menu
Audit serialization proxy correctness and round-trip safety
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
Audit the adaptive window hill-climber and region-resize logic for implementation defects (not algorithm quality)
JSR-107 (JCache) spec-conformance audit
Audit explicit state machines (drain status, node lifecycle, async-value lifecycle) for illegal or missed transitions
Heavyweight history-mining bug audit. Walks the caffeine module's git history chronologically (oldest to HEAD), maintains a forward-tracked issue database, and surfaces concerns introduced by past commits that were never resolved. Catches bugs that snapshot mining cannot — half-fixes invisible from current state, latent+trigger pairs across multi-commit interactions, and partial refactors. Slow (model/effort-dependent; ~24h on Opus + max effort) and rare-run (every several months or before a major release).
Differential audit comparing matched code paths that should behave identically. Spawns one auditor per sibling pair (sync/async, bounded/unbounded, view consistency, bulk vs single, generated node variants, read fast vs slow, adapter conformance) and requires a concrete witness scenario where the two paths diverge observably.
Find places where documented API contracts and the implementation diverge
| name | audit-serialization |
| description | Audit serialization proxy correctness and round-trip safety |
| context | fork |
| agent | auditor |
| disable-model-invocation | true |
Audit the serialization/deserialization behavior of the cache.
Proxy completeness: Does the proxy capture ALL configuration? Check: max size/weight, expiration, key/value strength, weigher, loader, removal/eviction listener, ticker, scheduler, executor, initial capacity.
State transfer: Are entries serialized or only configuration? If entries: are expired entries filtered? async values handled? weak/soft refs dereferenced? If not: is this documented?
Deserialized consistency: Correct initial state for frequency sketch, timer wheel, drain status, deques, weight counters? Correct node types?
Cross-version compatibility: serialVersionUID present? Can older proxies deserialize in newer versions? Default values correct for missing fields?
Security: Can crafted serialized form create inconsistent state? Are inputs validated? Is the proxy pattern correctly implemented?
Edge cases:
For each defect: state the field/behavior affected, before/after across round-trip, severity (data loss, incorrect behavior, security risk).
