Skip to main content

/bluespec.detect

🔬 Find out what your system really does and where the risks are.

Detect reads the code and records only what it actually finds, with the evidence the later phases need. Its governing instruction is detection, not invention.

Run it​

/bluespec.detect

What it maps​

Blue Spec reads the code and maps what it finds. Each finding carries what it is, why it matters, and the evidence. For example:

  • File uploads, the system accepts files from users:
    • Why it matters: a file disguised as an image can hide malicious code.
    • Evidence: the POST /upload handler trusts the MIME type the client sends, without checking the file's real type.
  • Login and sessions, users sign in to reach their account:
    • Why it matters: weak session handling lets one account be taken over by another.
    • Evidence: the session issuance logic, where sessions are issued with no expiry set.

From there, you have a clear map of what your system does and where the risks live, ready for the next steps to act on.

tip
  • Running it again updates the map: solved findings drop off, new ones come in.
  • The detect map lives in .bluespec/memory/detect.md.

Next​

Turn the map into a plan: /bluespec.plan.