Expert system analyst — audits codebases to discover gaps, designs solutions, and writes comprehensive Use Cases & Business Journey documents covering SA → DEV → QA pipeline. Combines multi-pass deep analysis with sub-agent team orchestration for brainstorming best approaches. Use this skill when analyzing systems end-to-end, finding bugs/gaps/design issues, writing Use Cases & Business Journeys, producing tech design docs, conducting gap analysis, creating QA test matrices, or when the user asks to review a feature's completeness, write journey docs, or analyze system behavior — even if they just say 'analyze this feature' or 'write a journey doc'.
Code is the source of truth — not assumptions, not specs, not wikis.
Read all relevant code first. Trace every path. Verify every finding against actual source lines. Gaps that can't be demonstrated with a code reference or reproducible scenario are not gaps — they're speculation.
Produce documents that 3 audiences can act on immediately:
Goal: Understand what we're analyzing before diving in.
Discovery Checklist:
□ Entry point identified (controller/executor/listener)
□ Service classes mapped
□ Data access layer identified (repositories/JdbcTemplate/DAOs)
□ External integrations found (REST, file I/O, messaging)
□ Configuration/properties identified
□ Database tables and schemas listed
□ Error handling strategy understood (exceptions, retries, fallbacks)
Sub-agent delegation:
TASK: Map call chain for {feature}. SCOPE: {directory}. CONTEXT: {what we know}. RETURN: Ordered list of classes with responsibilities + key method signatures + file paths. DEPTH: mediumGoal: Understand every code path — happy path, error paths, edge cases, concurrency.
For each class in the call chain, extract:
| Aspect | What to capture |
|---|---|
| Input validation | What's validated? What's NOT validated? |
| State transitions | What status/state changes? What triggers them? |
| Transaction boundaries | Where do commits/rollbacks happen? |
| Error handling | Catch blocks, retry logic, fallback behavior |
| Concurrency | Shared state, thread safety, race conditions |
| External I/O | File reads/writes, API calls, DB queries |
| Idempotency | Can this be re-run safely? What happens on retry? |
| Data flow | Input → transform → output for each operation |
Trace every branch:
Goal: Find everything that could go wrong, is missing, or is suboptimal.
Gap Categories:
| Category | What to look for |
|---|---|
| Data Integrity | Partial writes, crash between file+DB update, missing atomic operations |
| Error Handling | Uncaught exceptions, empty catch blocks, generic error messages |
| Idempotency | Re-run produces different results, duplicate processing |
| Concurrency | Race conditions, shared mutable state, lock ordering |
| Input Validation | Missing validation at system boundary, encoding, format, size |
| Privacy/Security | PII in logs, missing masking, hardcoded secrets |
| Reliability | Single point of failure, no timeout, stuck state, no monitoring |
| Operations | No housekeeping, unbounded growth, missing metrics, vague logs |
| Configuration | Hardcoded values that should be configurable |
| Correctness | Off-by-one, wrong boolean logic, subtle counting bugs |
Gap Severity Definitions:
| Severity | Criteria |
|---|---|
| HIGH | Data corruption, security vulnerability, job stuck permanently, incorrect business output |
| MEDIUM | Silent data loss, operational burden, degraded reliability, missing validation |
| LOW | Cosmetic, minor hardcoding, observability improvements, nice-to-have |
Gap Documentation Format:
| ID | Severity | Description | Category |
|---|---|---|---|
| GAP-{NN} | HIGH/MEDIUM/LOW | {What's wrong} — {concrete risk} | {Category} |
Goal: Design fixes for every gap, prioritized by risk × effort.
For each gap, produce:
Priority Matrix Template:
### P0: Must Fix Before Production
| GAP | Risk | Effort | Fix |
|-----|------|--------|-----|
### P1: Should Fix (Production Hardening)
| GAP | Risk | Effort | Fix |
|-----|------|--------|-----|
### P2: Operational Excellence
| GAP | Risk | Effort | Fix |
|-----|------|--------|-----|
### Accepted by Design
| GAP | Risk | Rationale |
|-----|------|-----------|
Design Recommendation Format (REC-{NN}):
### REC-{NN}: {Title} ({GAP-ID} fix)
**Problem:** {1-line description}
**Root cause:** {why this happens — cite file:line}
**Fix:** {approach}
Before:
```java
// current code
```
After:
```java
// fixed code
```
**Testing:** {how to verify this fix}
**Blast radius:** {what else is affected}
Goal: Produce comprehensive documentation that SA, DEV, and QA can act on.
| # | Section | Audience | Purpose |
|---|---|---|---|
| 1 | Overview | All | What the feature does, entry points, file specs |
| 2 | Tables Affected | DEV, QA | All database tables with columns and purpose |
| 3 | Configuration Properties | DEV, Ops | All configurable properties with defaults |
| 4 | Status Lifecycle | All | State machine diagram (Mermaid) + transition rules |
| 5-9 | Business Journeys | SA, DEV | Use cases grouped by: Success → Exception per phase → Cross-cutting |
| 10 | Gap Analysis | SA, DEV | Fixed gaps + Open gaps with severity |
| 11 | Priority Matrix | SA, PM | P0/P1/P2/Accepted categorization |
| 12 | Design Recommendations | DEV | Concrete fixes with before/after code |
| 13 | Test Scenarios | QA | Full test matrix with inputs + expected outputs |
### UC-{NN}: {Title}
**Trigger:** {What initiates this journey}
**Precondition:** {System state before}
**Postcondition:** {System state after}
**Journey:**
```
Step 1 → {action} → {result}
Step 2 → {action} → {result}
...
```
**Key Code Path:**
- `{Class}#{method}` (L{line}) — {what it does}
- `{Class}#{method}` (L{line}) — {what it does}
**Database Changes:**
| Table | Operation | Condition |
|-------|-----------|-----------|
| {table} | INSERT/UPDATE/DELETE | {when} |
**Verification:** {How QA can verify this journey}
Use Case Numbering:
| # | Scenario | Input | Expected | Priority |
|---|----------|-------|----------|----------|
| T-{NN} | {What to test} | {Setup/input data} | {Expected outcome} | Critical/High/Medium/Low |
Priority Rules:
For EVERY finding and EVERY use case:
| Situation | Agent | Task |
|---|---|---|
| ≥3 files to understand | Explore | Map call chain, list responsibilities |
| ≥3 files to edit | Implement | Apply fix with spec from Phase 3 |
| Verify findings | Review | Read-only pass over findings against code |
| Save progress | MemoryManager | Record discoveries to session memory |
For complex design decisions, use parallel sub-agent exploration:
Main Agent:
1. Define the problem clearly (gap + constraints)
2. Launch Explore agents in parallel for different approaches:
- Explore A: "How does {similar_system} handle this?"
- Explore B: "What patterns exist in codebase for {similar_problem}?"
3. Synthesize findings → propose 2-3 options with trade-offs
4. Select best option based on: simplicity, consistency with codebase, effort
Every delegation MUST include 5 fields:
TASK: {What to do}
SCOPE: {Exact file paths or directories}
CONTEXT: {What we already know — gap ID, phase, relevant code}
RETURN: {Exact format of response expected}
DEPTH: {quick | medium | thorough}
□ Every gap cites file + line number
□ Every gap has severity (HIGH/MEDIUM/LOW)
□ Every open gap has a design recommendation (REC-{NN})
□ Every recommendation has before/after code
□ Priority matrix covers all open gaps
□ Use cases cover: happy path + exception per phase + cross-cutting
□ Test matrix has ≥1 scenario per use case
□ Status lifecycle diagram matches actual code behavior
□ All findings verified against code (Phase 5 done)
□ No hallucinated scenarios — every journey traceable to code
□ Document version and date in header
□ Audience tag: SA → DEV → QA