clawdie/layered-soul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
layered-soul/skills/systematic-debugging/SKILL.md
Sam & Claude d73cd403c3 docs: convert negative patterns to positive actionable instructions 
Applied positive-language documentation rewrites across key docs and skills:
- AGENTS.md: converted must-not/never/cannot to positive guidance
- docs/HOST-MATRIX.md: converted never/do-not patterns; preserved probe discipline
- docs/HIVE-ONBOARDING.md: converted cannot/never/avoid to actionable instructions
- skills/systematic-debugging/SKILL.md: converted non-safety negatives; preserved core debugging rules (NO FIXES WITHOUT ROOT CAUSE)
- skills/bootable-usb-images/SKILL.md: converted non-safety negatives; preserved safety-critical rules (never a partition, never silently skip target identification)

Changed negative patterns: never→stay/reference/always, do not→use/prefer/send only, cannot→lacks/leaves intact/requires
2026-06-21 13:57:11 +02:00

18 KiB
Raw Blame History

name description version author license platforms metadata
systematic-debugging 4-phase root cause debugging: understand bugs before fixing. 1.1.0 Hermes Agent (adapted from obra/superpowers) MIT
linux
macos
windows
hermes
tags related_skills
debugging
troubleshooting
problem-solving
root-cause
investigation
test-driven-development
writing-plans
subagent-driven-development

Systematic Debugging

Overview

Random fixes waste time and create new bugs. Quick patches mask underlying issues.

Core principle: ALWAYS find root cause before attempting fixes. Symptom fixes are failure.

Violating the letter of this process is violating the spirit of debugging.

The Iron Law

NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST

Complete Phase 1 (root cause investigation) first before proposing any fix.

When to Use

Use for ANY technical issue:

  • Test failures
  • Bugs in production
  • Unexpected behavior
  • Performance problems
  • Build failures
  • Integration issues

Use this ESPECIALLY when:

  • Under time pressure (emergencies make guessing tempting)
  • "Just one quick fix" seems obvious
  • You've already tried multiple fixes
  • Previous fix didn't work
  • You don't fully understand the issue

Apply the full process when:

  • Issue seems simple (simple bugs have root causes too)
  • You're in a hurry (rushing guarantees rework)
  • Someone wants it fixed NOW (systematic is faster than thrashing)

The Four Phases

You MUST complete each phase before proceeding to the next.

Phase 1: Root Cause Investigation

BEFORE attempting ANY fix:

1. Read Error Messages Carefully

  • Don't skip past errors or warnings
  • They often contain the exact solution
  • Read stack traces completely
  • Note line numbers, file paths, error codes

Action: Use read_file on the relevant source files. Use search_files to find the error string in the codebase.

2. Reproduce Consistently

  • Can you trigger it reliably?
  • What are the exact steps?
  • Does it happen every time?
  • If not reproducible → gather more data and trace evidence instead of guessing.

Action: Use the terminal tool to run the failing test or trigger the bug:

# Run specific failing test
pytest tests/test_module.py::test_name -v

# Run with verbose output
pytest tests/test_module.py -v --tb=long

3. Check Recent Changes

  • What changed that could cause this?
  • Git diff, recent commits
  • New dependencies, config changes

Action:

# Recent commits
git log --oneline -10

# Uncommitted changes
git diff

# Changes in specific file
git log -p --follow src/problematic_file.py | head -100

4. Gather Evidence in Multi-Component Systems

WHEN system has multiple components (API → service → database, CI → build → deploy):

BEFORE proposing fixes, add diagnostic instrumentation:

For EACH component boundary:

  • Log what data enters the component
  • Log what data exits the component
  • Verify environment/config propagation
  • Check state at each layer

Run once to gather evidence showing WHERE it breaks. THEN analyze evidence to identify the failing component. THEN investigate that specific component.

5. Trace Data Flow

WHEN error is deep in the call stack:

  • Where does the bad value originate?
  • What called this function with the bad value?
  • Keep tracing upstream until you find the source
  • Fix at the source, not at the symptom

Action: Use search_files to trace references:

# Find where the function is called
search_files("function_name(", path="src/", file_glob="*.py")

# Find where the variable is set
search_files("variable_name\\s*=", path="src/", file_glob="*.py")

Phase 1 Completion Checklist

  • Error messages fully read and understood
  • Issue reproduced consistently
  • Recent changes identified and reviewed
  • Evidence gathered (logs, state, data flow)
  • Problem isolated to specific component/code
  • Root cause hypothesis formed

STOP: Do not proceed to Phase 2 until you understand WHY it's happening.

Phase 2: Pattern Analysis

Find the pattern before fixing:

1. Find Working Examples

  • Locate similar working code in the same codebase
  • What works that's similar to what's broken?

Action: Use search_files to find comparable patterns:

search_files("similar_pattern", path="src/", file_glob="*.py")

2. Compare Against References

  • If implementing a pattern, read the reference implementation COMPLETELY
  • Don't skim — read every line
  • Understand the pattern fully before applying

3. Identify Differences

  • What's different between working and broken?
  • List every difference, however small
  • Don't assume "that can't matter"

4. Understand Dependencies

  • What other components does this need?
  • What settings, config, environment?
  • What assumptions does it make?

Phase 3: Hypothesis and Testing

Scientific method:

1. Form a Single Hypothesis

  • State clearly: "I think X is the root cause because Y"
  • Write it down
  • Be specific, not vague

2. Test Minimally

  • Make the SMALLEST possible change to test the hypothesis
  • One variable at a time
  • Don't fix multiple things at once

3. Verify Before Continuing

  • Did it work? → Phase 4
  • Didn't work? → Form NEW hypothesis
  • DON'T add more fixes on top

4. When You Don't Know

  • Say "I don't understand X"
  • Acknowledge gaps openly — ask the user or research more.
  • Ask the user for help
  • Research more

Phase 4: Implementation

Fix the root cause, not the symptom:

1. Create Failing Test Case

  • Simplest possible reproduction
  • Automated test if possible
  • MUST have before fixing
  • Use the test-driven-development skill

2. Implement Single Fix

  • Address the root cause identified
  • ONE change at a time
  • No "while I'm here" improvements
  • No bundled refactoring

3. Verify Fix

# Run the specific regression test
pytest tests/test_module.py::test_regression -v

# Run full suite — no regressions
pytest tests/ -q

4. If Fix Doesn't Work — The Rule of Three

  • STOP.
  • Count: How many fixes have you tried?
  • If < 3: Return to Phase 1, re-analyze with new information
  • If ≥ 3: STOP and question the architecture (step 5 below)
  • DON'T attempt Fix #4 without architectural discussion

5. If 3+ Fixes Failed: Question Architecture

Pattern indicating an architectural problem:

  • Each fix reveals new shared state/coupling in a different place
  • Fixes require "massive refactoring" to implement
  • Each fix creates new symptoms elsewhere

STOP and question fundamentals:

  • Is this pattern fundamentally sound?
  • Are we "sticking with it through sheer inertia"?
  • Should we refactor the architecture vs. continue fixing symptoms?

Discuss with the user before attempting more fixes.

This is NOT a failed hypothesis — this is a wrong architecture.

Multi-Module Configuration Pitfall

When a system bootstraps configuration through multiple sequential modules (e.g., firstboot scripts, installers), check execution order before blaming individual modules. A later module that uses cat > file (overwrite) will silently destroy configuration written by an earlier module.

Pattern this happened on: Clawdie ISO firstboot — shell-system.sh (step 6) runs after shell-ssh.sh (step 4). Both generate ~/.profile and ~/.bashrc. Step 6's cat > overwrites step 4's work. The fix was to consolidate dotfile generation into the LAST module that runs.

Investigation checklist:

  1. Identify all modules that touch the same output file.
  2. Map their execution order (grep for run_step_if or equivalent).
  3. Check whether each write is cat > (overwrite) or cat >> (append).
  4. If a later module overwrites, move the content to the later module, or change to append with idempotency guards.

Red Flags — STOP and Follow Process

If you catch yourself thinking:

  • "Quick fix for now, investigate later"
  • "Just try changing X and see if it works"
  • "Add multiple changes, run tests"
  • "Skip the test, I'll manually verify"
  • "It's probably X, let me fix that"
  • "I don't fully understand but this might work"
  • "Pattern says X but I'll adapt it differently"
  • "Here are the main problems: [lists fixes without investigation]"
  • Proposing solutions before tracing data flow
  • "One more fix attempt" (when already tried 2+)
  • Each fix reveals a new problem in a different place

ALL of these mean: STOP. Return to Phase 1.

If 3+ fixes failed: Question the architecture (Phase 4 step 5).

Common Rationalizations

Excuse Reality
"Issue is simple, don't need process" Simple issues have root causes too. Process is fast for simple bugs.
"Emergency, no time for process" Systematic debugging is FASTER than guess-and-check thrashing.
"Just try this first, then investigate" First fix sets the pattern. Do it right from the start.
"I'll write test after confirming fix works" Untested fixes don't stick. Test first proves it.
"Multiple fixes at once saves time" Can't isolate what worked. Causes new bugs.
"Reference too long, I'll adapt the pattern" Partial understanding guarantees bugs. Read it completely.
"I see the problem, let me fix it" Seeing symptoms ≠ understanding root cause.
"One more fix attempt" (after 2+ failures) 3+ failures = architectural problem. Step back and question the pattern — adding yet another fix will not resolve the underlying issue.

Quick Reference

Phase Key Activities Success Criteria
1. Root Cause Read errors, reproduce, check changes, gather evidence, trace data flow Understand WHAT and WHY
2. Pattern Find working examples, compare, identify differences Know what's different
3. Hypothesis Form theory, test minimally, one variable at a time Confirmed or new hypothesis
4. Implementation Create regression test, fix root cause, verify Bug resolved, all tests pass

Hermes Agent Integration

Investigation Tools

Use these Hermes tools during Phase 1:

  • search_files — Find error strings, trace function calls, locate patterns
  • read_file — Read source code with line numbers for precise analysis
  • terminal — Run tests, check git history, reproduce bugs
  • web_search/web_extract — Research error messages, library docs

Network / SSH / tmux lag investigations

For reports like "remote tmux feels laggy," separate noisy log symptoms from the actual interactive path. Keep diagnostics tidy: prefer single bounded logs under ~/.local/state/hermes/net-tests/ and generated dashboards under ~/.local/share/hermes/net-dashboard/; keep all output in designated directories unless the user explicitly requests Desktop files.

Detailed patterns and examples live in references/network-live-diagnostics.md; projector/dashboard-specific guidance lives in references/wifi-projector-dashboard-diagnostics.md. Reusable helpers include scripts/live_download_monitor.py for bounded JSONL monitoring and scripts/periodic-pcap-sampler.sh for low-disk, periodic short pcaps.

  1. Classify kernel/firewall messages before blaming them. UFW BLOCK ... SRC=<router> SPT=53 ACK RST is usually a blocked DNS TCP reset from the router; LAN discovery noise often appears as UDP 1900/5353/5355/3702 or TCP probes from another local device. Treat these as evidence to classify, not proof of the lag cause.

  2. Classify kernel/firewall messages before blaming them. UFW BLOCK ... SRC=<router> SPT=53 ACK RST is usually a blocked DNS TCP reset from the router; LAN discovery noise often appears as UDP 1900/5353/5355/3702 or TCP probes from another local device. Treat these as evidence to classify, not proof of the lag cause.

  3. Inspect the live SSH sockets:

    ss -nti '( sport = :22 or dport = :22 )'

    Useful fields: rtt:<avg>/<variance>, bytes_retrans, retrans:<active>/<total>, cwnd, rcv_ooopack, and reord_seen. High RTT variance, retransmits, or very low cwnd are strong evidence for packet loss/reordering/congestion on the actual SSH stream.

  4. Compare layers with short ping samples:

    ping -c 50 -i 0.1 <router-ip>
ping -c 50 -i 0.1 1.1.1.1
ping -c 50 -i 0.1 <remote-public-ip-or-tailscale-ip>

    Router clean + internet jitter points upstream/ISP/Wi-Fi interference rather than local host load.

  5. Check Wi-Fi quality and band:

    nmcli -f ACTIVE,SSID,BSSID,CHAN,RATE,SIGNAL,BARS,SECURITY dev wifi
iw dev <wifi-iface> link
ip -s link show <wifi-iface>

    2.4 GHz, weak signal, or jitter can make SSH/tmux feel sticky even with no packet loss to the router.

  6. If Tailscale is involved, compare direct/public SSH vs Tailscale and inspect path state:

    tailscale status
tailscale netcheck

    Prefer the path with lower RTT variance and fewer retransmits; Tailscale direct is often better than public SSH, but verify with ss -nti and ping rather than assuming.

  7. Only propose changes after evidence: e.g. switch to 5 GHz/Ethernet, prefer Tailscale hostnames in ~/.ssh/config, or investigate router/ISP jitter.

  8. Avoid creating many ad-hoc report files on the user's Desktop. For this user's recurring network diagnostics, write a single timestamped logfile under ~/.local/state/hermes/net-tests/ unless they explicitly ask for Desktop files. See references/network-ssh-wifi-diagnostics.md for a reusable single-log skeleton and pitfalls.

  9. When comparing home Wi-Fi with a phone hotspot, derive the gateway dynamically (ip route show default) instead of hardcoding 192.168.1.1. Otherwise the hotspot test can falsely report gateway failure.

  10. After a network switch, distinguish stale public SSH sessions from surviving Tailscale sessions. Inspect ss -nti for old local addresses, FIN-WAIT states, Send-Q/notsent, retrans/backoff, and PMTU anomalies. Public DNS SSH can die across the switch while *.ts.net/MagicDNS SSH remains healthy.

  11. Only propose changes after evidence: e.g. switch to 5 GHz/Ethernet, prefer Tailscale hostnames in ~/.ssh/config, or investigate router/ISP jitter.

  12. When a large download is active, start with bounded, low-volume monitoring (disk, ss -tinp, short pings, Wi-Fi state) with runtime/log-size/free-space limits. If local gateway ping remains clean while internet/Tailscale ping jumps to hundreds or thousands of ms, suspect saturation/bufferbloat rather than Wi-Fi driver failure.

  13. Wireshark/tshark can be added as a second layer, but only with short filtered captures and summarized output. Keep raw pcaps under ~/.local/state/hermes/net-tests/ and summarize findings instead of dumping large packet logs into chat or Desktop.

  14. For projector/streaming/interference sessions, preserve real-world event markers (projector on, Ubuntu installer phase, Bluetooth off, download phase) in the active run directory and visualize them as spikes/filters for non-technical viewers. See references/wifi-projector-dashboard-diagnostics.md; use scripts/periodic-pcap-sampler.sh when the user wants wire-level evidence over time without continuous large pcaps.

  15. For user-facing network history, prefer a non-technical "story dashboard" over raw numbered tables: charts with visible spikes, line toggles, plain-language event cards, and technical details hidden behind disclosure widgets. For before/after interference tests (e.g. projector/Epson on), collect comparable bounded monitor windows and mark the event moment so a non-technical viewer can see whether spikes start or stop with the event. See references/network-live-diagnostics.md and scripts/network_story_dashboard.py.

  16. When embedding parsed log data into a static HTML dashboard, embed raw JSON inside <script type="application/json"> — do not HTML-escape it. textContent with escaped JSON (&quot;) will cause JSON.parse failures and blank charts. Use raw json.dumps(...).replace("</", "<\\/") instead.

With delegate_task

For complex multi-component debugging, dispatch investigation subagents:

delegate_task(
    goal="Investigate why [specific test/behavior] fails",
    context="""
    Follow systematic-debugging skill:
    1. Read the error message carefully
    2. Reproduce the issue
    3. Trace the data flow to find root cause
    4. Report findings — do NOT fix yet

    Error: [paste full error]
    File: [path to failing code]
    Test command: [exact command]
    """,
    toolsets=['terminal', 'file']
)

With test-driven-development

When fixing bugs:

  1. Write a test that reproduces the bug (RED)
  2. Debug systematically to find root cause
  3. Fix the root cause (GREEN)
  4. The test proves the fix and prevents regression

Real-World Impact

From debugging sessions:

  • Systematic approach: 15-30 minutes to fix
  • Random fixes approach: 2-3 hours of thrashing
  • First-time fix rate: 95% vs 40%
  • New bugs introduced: Near zero vs common

No shortcuts. No guessing. Systematic always wins.