AgentSkillsCN

systematic-debugging

在提出修复方案之前,若遇到任何 Bug、测试失败、意外行为,或第三方库问题时使用。强制执行四阶段系统化流程(根本原因调查、模式分析、假设检验、实施),以避免随意尝试修复,确保彻底解决根本问题。同时,借助 Context7、WebSearch 和 WebFetch 进行第三方调研,深入研究依赖项。

SKILL.md
--- frontmatter
name: systematic-debugging
description: Use when encountering any bug, test failure, unexpected behavior, or 3rd-party library issue, before proposing fixes. Enforces a 4-phase systematic process (Root Cause Investigation, Pattern Analysis, Hypothesis Testing, Implementation) to prevent random fix attempts and ensure root cause resolution. Includes 3rd-party investigation using Context7, WebSearch, and WebFetch for dependency research.

Systematic Debugging

Overview

Random fixes waste time and create new bugs. Quick patches mask underlying issues.

Core principle: ALWAYS find root cause before attempting fixes. Symptom fixes are failure.

Violating the letter of this process is violating the spirit of debugging.

The Iron Law

code
NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST

If you haven't completed Phase 1, you cannot propose fixes.

When to Use

Use for ANY technical issue:

  • Test failures
  • Bugs in production
  • Unexpected behavior
  • Performance problems
  • Build failures
  • Integration issues
  • 3rd-party library bugs or misuse
  • Dependency version conflicts

Use this ESPECIALLY when:

  • Under time pressure (emergencies make guessing tempting)
  • "Just one quick fix" seems obvious
  • You've already tried multiple fixes
  • Previous fix didn't work
  • You don't fully understand the issue

Don't skip when:

  • Issue seems simple (simple bugs have root causes too)
  • You're in a hurry (rushing guarantees rework)
  • Manager wants it fixed NOW (systematic is faster than thrashing)

The Four Phases

You MUST complete each phase before proceeding to the next.

Phase 1: Root Cause Investigation

BEFORE attempting ANY fix:

  1. Read Error Messages Carefully

    • Don't skip past errors or warnings
    • They often contain the exact solution
    • Read stack traces completely
    • Note line numbers, file paths, error codes
  2. Reproduce Consistently

    • Can you trigger it reliably?
    • What are the exact steps?
    • Does it happen every time?
    • If not reproducible -> gather more data, don't guess
  3. Check Recent Changes

    • What changed that could cause this?
    • Git diff, recent commits
    • New dependencies, config changes
    • Environmental differences
  4. Gather Evidence in Multi-Component Systems

    WHEN system has multiple components (CI -> build -> signing, API -> service -> database):

    BEFORE proposing fixes, add diagnostic instrumentation:

    code
    For EACH component boundary:
      - Log what data enters component
      - Log what data exits component
      - Verify environment/config propagation
      - Check state at each layer
    
    Run once to gather evidence showing WHERE it breaks
    THEN analyze evidence to identify failing component
    THEN investigate that specific component
    

    Example (multi-layer system):

    bash
    # Layer 1: Workflow
    echo "=== Secrets available in workflow: ==="
    echo "IDENTITY: ${IDENTITY:+SET}${IDENTITY:-UNSET}"
    
    # Layer 2: Build script
    echo "=== Env vars in build script: ==="
    env | grep IDENTITY || echo "IDENTITY not in environment"
    
    # Layer 3: Signing script
    echo "=== Keychain state: ==="
    security list-keychains
    security find-identity -v
    
    # Layer 4: Actual signing
    codesign --sign "$IDENTITY" --verbose=4 "$APP"
    

    This reveals: Which layer fails (secrets -> workflow OK, workflow -> build FAIL)

  5. Trace Data Flow

    WHEN error is deep in call stack:

    See references/root-cause-tracing.md for the complete backward tracing technique.

    Quick version:

    • Where does bad value originate?
    • What called this with bad value?
    • Keep tracing up until you find the source
    • Fix at source, not at symptom
  6. Check Dependencies (3rd-Party Investigation)

    WHEN root cause tracing leads to a dependency boundary:

    See references/third-party-investigation.md for the complete process and research tools (Context7, WebSearch, WebFetch).

    Quick version:

    • Check lockfile diffs and npm ls for version changes or duplicates
    • WebSearch for known upstream issues matching your error
    • Context7 to verify your API usage matches library docs
    • Create minimal reproduction outside your project — reproduces = library bug, doesn't = your integration

Phase 2: Pattern Analysis

Find the pattern before fixing:

  1. Find Working Examples

    • Locate similar working code in same codebase
    • What works that's similar to what's broken?
  2. Compare Against References

    • If implementing pattern, read reference implementation COMPLETELY
    • Don't skim - read every line
    • Understand the pattern fully before applying
  3. Identify Differences

    • What's different between working and broken?
    • List every difference, however small
    • Don't assume "that can't matter"
  4. Understand Dependencies

    • What other components does this need?
    • What settings, config, environment?
    • What assumptions does it make?
  5. 3rd-Party Pattern Analysis (when dependency is involved)

    See references/third-party-investigation.md Phase 2 for detailed techniques.

    Quick version:

    • Version bisection — pin to previous versions to find which introduced the bug
    • Read library source via WebFetch when docs don't explain the behavior
    • Compare against library's own test suite for intended usage patterns

Phase 3: Hypothesis and Testing

Scientific method:

  1. Form Single Hypothesis

    • State clearly: "I think X is the root cause because Y"
    • Write it down
    • Be specific, not vague
  2. Test Minimally

    • Make the SMALLEST possible change to test hypothesis
    • One variable at a time
    • Don't fix multiple things at once
  3. Verify Before Continuing

    • Did it work? Yes -> Phase 4
    • Didn't work? Form NEW hypothesis
    • DON'T add more fixes on top
  4. When You Don't Know

    • Say "I don't understand X"
    • Don't pretend to know
    • Ask for help
    • Research more
  5. 3rd-Party Hypothesis Categories

    WHEN the bug involves a dependency, frame hypotheses as one of: wrong usage | version mismatch | environment | library interaction | upstream bug

    "Upstream bug" requires 2+ evidence sources (minimal repro, version test, or upstream issue confirmation). See references/third-party-investigation.md Phase 3 for details.

Phase 4: Implementation

Fix the root cause, not the symptom:

  1. Create Failing Test Case

    • Simplest possible reproduction
    • Automated test if possible
    • One-off test script if no framework
    • MUST have before fixing
  2. Implement Single Fix

    • Address the root cause identified
    • ONE change at a time
    • No "while I'm here" improvements
    • No bundled refactoring
  3. Verify Fix

    • Test passes now?
    • No other tests broken?
    • Issue actually resolved?
  4. If Fix Doesn't Work

    • STOP
    • Count: How many fixes have you tried?
    • If < 3: Return to Phase 1, re-analyze with new information
    • If >= 3: STOP and question the architecture (step 5 below)
    • DON'T attempt Fix #4 without architectural discussion
  5. If 3+ Fixes Failed: Question Architecture

    Pattern indicating architectural problem:

    • Each fix reveals new shared state/coupling/problem in different place
    • Fixes require "massive refactoring" to implement
    • Each fix creates new symptoms elsewhere

    STOP and question fundamentals:

    • Is this pattern fundamentally sound?
    • Are we "sticking with it through sheer inertia"?
    • Should we refactor architecture vs. continue fixing symptoms?

    Discuss with your human partner before attempting more fixes

    This is NOT a failed hypothesis - this is a wrong architecture.

  6. 3rd-Party Fix Strategy (when root cause is in a dependency)

    See references/third-party-investigation.md Phase 4 for fix patterns and workaround documentation requirements.

    Quick decision guide:

    code
    YOUR usage    → Fix your code (standard Phase 4)
    THE BOUNDARY  → Defensive adapter in one place
    THE LIBRARY   → Upgrade / file issue + workaround / evaluate alternatives
    VERSION ISSUE → Pin version + document why
    

    Never scatter workarounds. Isolate in a single adapter, link to upstream issue, document removal condition.

Red Flags - STOP and Follow Process

If you catch yourself thinking:

  • "Quick fix for now, investigate later"
  • "Just try changing X and see if it works"
  • "Add multiple changes, run tests"
  • "Skip the test, I'll manually verify"
  • "It's probably X, let me fix that"
  • "I don't fully understand but this might work"
  • "Pattern says X but I'll adapt it differently"
  • "Here are the main problems: [lists fixes without investigation]"
  • Proposing solutions before tracing data flow
  • "One more fix attempt" (when already tried 2+)
  • Each fix reveals new problem in different place
  • "It's probably a library bug" (without creating minimal reproduction)
  • Blindly upgrading to latest version without testing
  • Copy-pasting a StackOverflow workaround without understanding WHY

ALL of these mean: STOP. Return to Phase 1.

If 3+ fixes failed: Question the architecture (see Phase 4.5)

Your Human Partner's Signals You're Doing It Wrong

Watch for these redirections:

  • "Is that not happening?" - You assumed without verifying
  • "Will it show us...?" - You should have added evidence gathering
  • "Stop guessing" - You're proposing fixes without understanding
  • "Ultrathink this" - Question fundamentals, not just symptoms
  • "We're stuck?" (frustrated) - Your approach isn't working

When you see these: STOP. Return to Phase 1.

Common Rationalizations

ExcuseReality
"Issue is simple, don't need process"Simple issues have root causes too. Process is fast for simple bugs.
"Emergency, no time for process"Systematic debugging is FASTER than guess-and-check thrashing.
"Just try this first, then investigate"First fix sets the pattern. Do it right from the start.
"I'll write test after confirming fix works"Untested fixes don't stick. Test first proves it.
"Multiple fixes at once saves time"Can't isolate what worked. Causes new bugs.
"Reference too long, I'll adapt the pattern"Partial understanding guarantees bugs. Read it completely.
"I see the problem, let me fix it"Seeing symptoms != understanding root cause.
"One more fix attempt" (after 2+ failures)3+ failures = architectural problem. Question pattern, don't fix again.
"It's a library bug, nothing we can do"Create minimal repro first. 80% of "library bugs" are wrong usage.
"Just upgrade to latest"Blind upgrades introduce new problems. Test in isolation first.
"This workaround from SO should fix it"Understand WHY it works before applying. Cargo-culted fixes break later.

Quick Reference

PhaseKey Activities+ 3rd-PartySuccess Criteria
1. Root CauseRead errors, reproduce, check changes, gather evidenceLockfile diffs, WebSearch issues, Context7 docs, minimal reproUnderstand WHAT and WHY
2. PatternFind working examples, compareVersion bisection, library source, library testsIdentify differences
3. HypothesisForm theory, test minimallyCategorize: usage / version / env / interaction / upstreamConfirmed or new hypothesis
4. ImplementationCreate test, fix, verifyFix strategy: usage / pin / adapter / upstream PR / replaceBug resolved, tests pass

When Process Reveals "No Root Cause"

If systematic investigation reveals issue is truly environmental, timing-dependent, or external:

  1. You've completed the process
  2. Document what you investigated
  3. Implement appropriate handling (retry, timeout, error message)
  4. Add monitoring/logging for future investigation

But: 95% of "no root cause" cases are incomplete investigation.

Note: A 3rd-party bug is NOT "no root cause." You found the root cause — it's in someone else's code. Follow Phase 4.6 for fix strategy.

Supporting Techniques

These techniques are part of systematic debugging and available in this skill's references/ directory:

  • references/root-cause-tracing.md - Trace bugs backward through call stack to find original trigger
  • references/defense-in-depth.md - Add validation at multiple layers after finding root cause
  • references/condition-based-waiting.md - Replace arbitrary timeouts with condition polling
  • references/third-party-investigation.md - Investigate 3rd-party bugs using Context7, WebSearch, and WebFetch; includes research tools guide, minimal reproduction, version bisection, and fix strategy decision tree

Real-World Impact

From debugging sessions:

  • Systematic approach: 15-30 minutes to fix
  • Random fixes approach: 2-3 hours of thrashing
  • First-time fix rate: 95% vs 40%
  • New bugs introduced: Near zero vs common