clawdie/layered-soul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
layered-soul/skills/systematic-debugging/SKILL.md
Sam & Claude 4d8ce07fa7 docs: apply Prettier to current markdown (Sam & Codex) 
Normalize markdown formatting after the latest main updates.\n\nChecks: python3 scripts/layered_soul.py validate .; npx --yes prettier@3 --check '**/*.md'; git diff --check.
2026-06-14 01:48:32 +02:00

443 lines
17 KiB
Markdown
Raw Blame History

---
name: systematic-debugging
description: "4-phase root cause debugging: understand bugs before fixing."
version: 1.1.0
author: Hermes Agent (adapted from obra/superpowers)
license: MIT
platforms: [linux, macos, windows]
metadata:
hermes:
tags:
[debugging, troubleshooting, problem-solving, root-cause, investigation]
related_skills:
[test-driven-development, writing-plans, subagent-driven-development]
---
# Systematic Debugging
## Overview
Random fixes waste time and create new bugs. Quick patches mask underlying issues.
**Core principle:** ALWAYS find root cause before attempting fixes. Symptom fixes are failure.
**Violating the letter of this process is violating the spirit of debugging.**
## The Iron Law
```
NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST
```
If you haven't completed Phase 1, you cannot propose fixes.
## When to Use
Use for ANY technical issue:
- Test failures
- Bugs in production
- Unexpected behavior
- Performance problems
- Build failures
- Integration issues
**Use this ESPECIALLY when:**
- Under time pressure (emergencies make guessing tempting)
- "Just one quick fix" seems obvious
- You've already tried multiple fixes
- Previous fix didn't work
- You don't fully understand the issue
**Don't skip when:**
- Issue seems simple (simple bugs have root causes too)
- You're in a hurry (rushing guarantees rework)
- Someone wants it fixed NOW (systematic is faster than thrashing)
## The Four Phases
You MUST complete each phase before proceeding to the next.
---
## Phase 1: Root Cause Investigation
**BEFORE attempting ANY fix:**
### 1. Read Error Messages Carefully
- Don't skip past errors or warnings
- They often contain the exact solution
- Read stack traces completely
- Note line numbers, file paths, error codes
**Action:** Use `read_file` on the relevant source files. Use `search_files` to find the error string in the codebase.
### 2. Reproduce Consistently
- Can you trigger it reliably?
- What are the exact steps?
- Does it happen every time?
- If not reproducible → gather more data, don't guess
**Action:** Use the `terminal` tool to run the failing test or trigger the bug:
```bash
# Run specific failing test
pytest tests/test_module.py::test_name -v
# Run with verbose output
pytest tests/test_module.py -v --tb=long
```
### 3. Check Recent Changes
- What changed that could cause this?
- Git diff, recent commits
- New dependencies, config changes
**Action:**
```bash
# Recent commits
git log --oneline -10
# Uncommitted changes
git diff
# Changes in specific file
git log -p --follow src/problematic_file.py | head -100
```
### 4. Gather Evidence in Multi-Component Systems
**WHEN system has multiple components (API → service → database, CI → build → deploy):**
**BEFORE proposing fixes, add diagnostic instrumentation:**
For EACH component boundary:
- Log what data enters the component
- Log what data exits the component
- Verify environment/config propagation
- Check state at each layer
Run once to gather evidence showing WHERE it breaks.
THEN analyze evidence to identify the failing component.
THEN investigate that specific component.
### 5. Trace Data Flow
**WHEN error is deep in the call stack:**
- Where does the bad value originate?
- What called this function with the bad value?
- Keep tracing upstream until you find the source
- Fix at the source, not at the symptom
**Action:** Use `search_files` to trace references:
```python
# Find where the function is called
search_files("function_name(", path="src/", file_glob="*.py")
# Find where the variable is set
search_files("variable_name\\s*=", path="src/", file_glob="*.py")
```
### Phase 1 Completion Checklist
- [ ] Error messages fully read and understood
- [ ] Issue reproduced consistently
- [ ] Recent changes identified and reviewed
- [ ] Evidence gathered (logs, state, data flow)
- [ ] Problem isolated to specific component/code
- [ ] Root cause hypothesis formed
**STOP:** Do not proceed to Phase 2 until you understand WHY it's happening.
---
## Phase 2: Pattern Analysis
**Find the pattern before fixing:**
### 1. Find Working Examples
- Locate similar working code in the same codebase
- What works that's similar to what's broken?
**Action:** Use `search_files` to find comparable patterns:
```python
search_files("similar_pattern", path="src/", file_glob="*.py")
```
### 2. Compare Against References
- If implementing a pattern, read the reference implementation COMPLETELY
- Don't skim — read every line
- Understand the pattern fully before applying
### 3. Identify Differences
- What's different between working and broken?
- List every difference, however small
- Don't assume "that can't matter"
### 4. Understand Dependencies
- What other components does this need?
- What settings, config, environment?
- What assumptions does it make?
---
## Phase 3: Hypothesis and Testing
**Scientific method:**
### 1. Form a Single Hypothesis
- State clearly: "I think X is the root cause because Y"
- Write it down
- Be specific, not vague
### 2. Test Minimally
- Make the SMALLEST possible change to test the hypothesis
- One variable at a time
- Don't fix multiple things at once
### 3. Verify Before Continuing
- Did it work? → Phase 4
- Didn't work? → Form NEW hypothesis
- DON'T add more fixes on top
### 4. When You Don't Know
- Say "I don't understand X"
- Don't pretend to know
- Ask the user for help
- Research more
---
## Phase 4: Implementation
**Fix the root cause, not the symptom:**
### 1. Create Failing Test Case
- Simplest possible reproduction
- Automated test if possible
- MUST have before fixing
- Use the `test-driven-development` skill
### 2. Implement Single Fix
- Address the root cause identified
- ONE change at a time
- No "while I'm here" improvements
- No bundled refactoring
### 3. Verify Fix
```bash
# Run the specific regression test
pytest tests/test_module.py::test_regression -v
# Run full suite — no regressions
pytest tests/ -q
```
### 4. If Fix Doesn't Work — The Rule of Three
- **STOP.**
- Count: How many fixes have you tried?
- If < 3: Return to Phase 1, re-analyze with new information
- **If 3: STOP and question the architecture (step 5 below)**
- DON'T attempt Fix #4 without architectural discussion
### 5. If 3+ Fixes Failed: Question Architecture
**Pattern indicating an architectural problem:**
- Each fix reveals new shared state/coupling in a different place
- Fixes require "massive refactoring" to implement
- Each fix creates new symptoms elsewhere
**STOP and question fundamentals:**
- Is this pattern fundamentally sound?
- Are we "sticking with it through sheer inertia"?
- Should we refactor the architecture vs. continue fixing symptoms?
**Discuss with the user before attempting more fixes.**
This is NOT a failed hypothesis this is a wrong architecture.
---
## Multi-Module Configuration Pitfall
When a system bootstraps configuration through multiple sequential modules
(e.g., firstboot scripts, installers), **check execution order before
blaming individual modules**. A later module that uses `cat > file` (overwrite)
will silently destroy configuration written by an earlier module.
**Pattern this happened on:** Clawdie ISO firstboot `shell-system.sh`
(step 6) runs after `shell-ssh.sh` (step 4). Both generate `~/.profile`
and `~/.bashrc`. Step 6's `cat >` overwrites step 4's work. The fix was
to consolidate dotfile generation into the LAST module that runs.
**Investigation checklist:**
1. Identify all modules that touch the same output file.
2. Map their execution order (grep for `run_step_if` or equivalent).
3. Check whether each write is `cat >` (overwrite) or `cat >>` (append).
4. If a later module overwrites, move the content to the later module,
or change to append with idempotency guards.
## Red Flags — STOP and Follow Process
If you catch yourself thinking:
- "Quick fix for now, investigate later"
- "Just try changing X and see if it works"
- "Add multiple changes, run tests"
- "Skip the test, I'll manually verify"
- "It's probably X, let me fix that"
- "I don't fully understand but this might work"
- "Pattern says X but I'll adapt it differently"
- "Here are the main problems: [lists fixes without investigation]"
- Proposing solutions before tracing data flow
- **"One more fix attempt" (when already tried 2+)**
- **Each fix reveals a new problem in a different place**
**ALL of these mean: STOP. Return to Phase 1.**
**If 3+ fixes failed:** Question the architecture (Phase 4 step 5).
## Common Rationalizations
| Excuse | Reality |
| -------------------------------------------- | --------------------------------------------------------------------------- |
| "Issue is simple, don't need process" | Simple issues have root causes too. Process is fast for simple bugs. |
| "Emergency, no time for process" | Systematic debugging is FASTER than guess-and-check thrashing. |
| "Just try this first, then investigate" | First fix sets the pattern. Do it right from the start. |
| "I'll write test after confirming fix works" | Untested fixes don't stick. Test first proves it. |
| "Multiple fixes at once saves time" | Can't isolate what worked. Causes new bugs. |
| "Reference too long, I'll adapt the pattern" | Partial understanding guarantees bugs. Read it completely. |
| "I see the problem, let me fix it" | Seeing symptoms understanding root cause. |
| "One more fix attempt" (after 2+ failures) | 3+ failures = architectural problem. Question the pattern, don't fix again. |
## Quick Reference
| Phase | Key Activities | Success Criteria |
| --------------------- | ----------------------------------------------------------------------- | ---------------------------- |
| **1. Root Cause** | Read errors, reproduce, check changes, gather evidence, trace data flow | Understand WHAT and WHY |
| **2. Pattern** | Find working examples, compare, identify differences | Know what's different |
| **3. Hypothesis** | Form theory, test minimally, one variable at a time | Confirmed or new hypothesis |
| **4. Implementation** | Create regression test, fix root cause, verify | Bug resolved, all tests pass |
## Hermes Agent Integration
### Investigation Tools
Use these Hermes tools during Phase 1:
- **`search_files`** Find error strings, trace function calls, locate patterns
- **`read_file`** Read source code with line numbers for precise analysis
- **`terminal`** Run tests, check git history, reproduce bugs
- **`web_search`/`web_extract`** Research error messages, library docs
### Network / SSH / tmux lag investigations
For reports like remote tmux feels laggy,” separate noisy log symptoms from the actual interactive path. Keep diagnostics tidy: prefer single bounded logs under `~/.local/state/hermes/net-tests/` and generated dashboards under `~/.local/share/hermes/net-dashboard/`; avoid writing multiple files to the user's Desktop unless explicitly requested.
Detailed patterns and examples live in `references/network-live-diagnostics.md`; projector/dashboard-specific guidance lives in `references/wifi-projector-dashboard-diagnostics.md`. Reusable helpers include `scripts/live_download_monitor.py` for bounded JSONL monitoring and `scripts/periodic-pcap-sampler.sh` for low-disk, periodic short pcaps.
1. Classify kernel/firewall messages before blaming them. `UFW BLOCK ... SRC=<router> SPT=53 ACK RST` is usually a blocked DNS TCP reset from the router; LAN discovery noise often appears as UDP 1900/5353/5355/3702 or TCP probes from another local device. Treat these as evidence to classify, not proof of the lag cause.
1. Classify kernel/firewall messages before blaming them. `UFW BLOCK ... SRC=<router> SPT=53 ACK RST` is usually a blocked DNS TCP reset from the router; LAN discovery noise often appears as UDP 1900/5353/5355/3702 or TCP probes from another local device. Treat these as evidence to classify, not proof of the lag cause.
1. Inspect the live SSH sockets:
```bash
ss -nti '( sport = :22 or dport = :22 )'
```
Useful fields: `rtt:<avg>/<variance>`, `bytes_retrans`, `retrans:<active>/<total>`, `cwnd`, `rcv_ooopack`, and `reord_seen`. High RTT variance, retransmits, or very low `cwnd` are strong evidence for packet loss/reordering/congestion on the actual SSH stream.
1. Compare layers with short ping samples:
```bash
ping -c 50 -i 0.1 <router-ip>
ping -c 50 -i 0.1 1.1.1.1
ping -c 50 -i 0.1 <remote-public-ip-or-tailscale-ip>
```
Router clean + internet jitter points upstream/ISP/Wi-Fi interference rather than local host load.
1. Check Wi-Fi quality and band:
```bash
nmcli -f ACTIVE,SSID,BSSID,CHAN,RATE,SIGNAL,BARS,SECURITY dev wifi
iw dev <wifi-iface> link
ip -s link show <wifi-iface>
```
2.4 GHz, weak signal, or jitter can make SSH/tmux feel sticky even with no packet loss to the router.
1. If Tailscale is involved, compare direct/public SSH vs Tailscale and inspect path state:
```bash
tailscale status
tailscale netcheck
```
Prefer the path with lower RTT variance and fewer retransmits; Tailscale direct is often better than public SSH, but verify with `ss -nti` and ping rather than assuming.
1. Only propose changes after evidence: e.g. switch to 5 GHz/Ethernet, prefer Tailscale hostnames in `~/.ssh/config`, or investigate router/ISP jitter.
1. Avoid creating many ad-hoc report files on the user's Desktop. For this user's recurring network diagnostics, write a single timestamped logfile under `~/.local/state/hermes/net-tests/` unless they explicitly ask for Desktop files. See `references/network-ssh-wifi-diagnostics.md` for a reusable single-log skeleton and pitfalls.
1. When comparing home Wi-Fi with a phone hotspot, derive the gateway dynamically (`ip route show default`) instead of hardcoding `192.168.1.1`. Otherwise the hotspot test can falsely report gateway failure.
1. After a network switch, distinguish stale public SSH sessions from surviving Tailscale sessions. Inspect `ss -nti` for old local addresses, FIN-WAIT states, Send-Q/notsent, retrans/backoff, and PMTU anomalies. Public DNS SSH can die across the switch while `*.ts.net`/MagicDNS SSH remains healthy.
1. Only propose changes after evidence: e.g. switch to 5 GHz/Ethernet, prefer Tailscale hostnames in `~/.ssh/config`, or investigate router/ISP jitter.
1. When a large download is active, avoid unbounded packet capture. First run a bounded low-volume monitor (disk, `ss -tinp`, short pings, Wi-Fi state) with runtime/log-size/free-space limits. If local gateway ping remains clean while internet/Tailscale ping jumps to hundreds or thousands of ms, suspect saturation/bufferbloat rather than Wi-Fi driver failure.
1. Wireshark/tshark can be added as a second layer, but only with short filtered captures and summarized output. Keep raw pcaps under `~/.local/state/hermes/net-tests/` and avoid dumping large packet logs into chat or Desktop.
1. For projector/streaming/interference sessions, preserve real-world event markers (projector on, Ubuntu installer phase, Bluetooth off, download phase) in the active run directory and visualize them as spikes/filters for non-technical viewers. See `references/wifi-projector-dashboard-diagnostics.md`; use `scripts/periodic-pcap-sampler.sh` when the user wants wire-level evidence over time without continuous large pcaps.
1. For user-facing network history, prefer a non-technical "story dashboard" over raw numbered tables: charts with visible spikes, line toggles, plain-language event cards, and technical details hidden behind disclosure widgets. For before/after interference tests (e.g. projector/Epson on), collect comparable bounded monitor windows and mark the event moment so a non-technical viewer can see whether spikes start or stop with the event. See `references/network-live-diagnostics.md` and `scripts/network_story_dashboard.py`.
1. When embedding parsed log data into a static HTML dashboard, do not HTML-escape JSON inside `<script type="application/json">`; `textContent` will contain literal `&quot;` and `JSON.parse` will fail, causing blank charts. Use raw `json.dumps(...).replace("</", "<\\/")` instead.
### With delegate_task
For complex multi-component debugging, dispatch investigation subagents:
```python
delegate_task(
goal="Investigate why [specific test/behavior] fails",
context="""
Follow systematic-debugging skill:
1. Read the error message carefully
2. Reproduce the issue
3. Trace the data flow to find root cause
4. Report findings — do NOT fix yet
Error: [paste full error]
File: [path to failing code]
Test command: [exact command]
""",
toolsets=['terminal', 'file']
)
```
### With test-driven-development
When fixing bugs:
1. Write a test that reproduces the bug (RED)
2. Debug systematically to find root cause
3. Fix the root cause (GREEN)
4. The test proves the fix and prevents regression
## Real-World Impact
From debugging sessions:
- Systematic approach: 15-30 minutes to fix
- Random fixes approach: 2-3 hours of thrashing
- First-time fix rate: 95% vs 40%
- New bugs introduced: Near zero vs common
**No shortcuts. No guessing. Systematic always wins.**
Reference in a new issue View git blame Copy permalink