بنقرة واحدة
pipeline-investigate
Investigate a pipeline run - timeline, Docker logs, decision events, root cause analysis
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Investigate a pipeline run - timeline, Docker logs, decision events, root cause analysis
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Reference for correctly querying GitHub issue state - board status, parent/child links, sub-issues. Use these patterns instead of `gh issue view --json projectItems` which does not reliably return status field values.
Analyze recommendations from pipeline run analyses — filter by priority, target (orchestrator/project), pipeline run ID, or project
Deep-dive into agent execution - Docker logs, Claude stream events, tool calls, errors
Search and analyze Claude Code live execution logs captured in Elasticsearch - tool calls, tool results, API usage, and errors for a specific task or pipeline run
Quick reference for Elasticsearch indices, event types, Docker patterns, and pipeline flows
Comprehensive system health check - all components, queue, circuit breakers, active work, errors
| name | pipeline-investigate |
| description | Investigate a pipeline run - timeline, Docker logs, decision events, root cause analysis |
| user_invocable | true |
| args | <pipeline_run_id> |
You are investigating a pipeline run. Follow these steps systematically, using the Bash tool to execute commands against the running orchestrator stack. The user has provided a pipeline run ID as the argument: $ARGUMENTS.
If no run ID was provided, find recent pipeline runs first:
curl -s "http://localhost:9200/pipeline-runs-*/_search" -H 'Content-Type: application/json' -d '{"query":{"match_all":{}},"sort":[{"started_at":"desc"}],"size":10}' | jq '.hits.hits[]._source | {id, project, board, status, issue_number, issue_title, started_at, ended_at}'
Then ask the user which run to investigate.
curl -s "http://localhost:9200/pipeline-runs-*/_search" -H 'Content-Type: application/json' -d '{
"query": {"term": {"id": "<RUN_ID>"}},
"size": 1
}' | jq '.hits.hits[]._source'
Extract: project, board, status, issue_number, issue_title, started_at, ended_at, duration_ms.
docker-compose exec orchestrator python scripts/inspect_pipeline_timeline.py <RUN_ID> --json
This gives the pre-built timeline view. If the script fails or the container isn't running, proceed with manual queries.
curl -s "http://localhost:9200/decision-events-*/_search" -H 'Content-Type: application/json' -d '{
"query": {"term": {"pipeline_run_id": "<RUN_ID>"}},
"sort": [{"timestamp": "asc"}],
"size": 500
}' | jq '.hits.hits[]._source | {timestamp, event_type, agent, project, data}'
Look for the overall flow: pipeline_run_started → stage transitions → review/repair cycles → completion or failure.
curl -s "http://localhost:9200/agent-events-*/_search" -H 'Content-Type: application/json' -d '{
"query": {"term": {"pipeline_run_id": "<RUN_ID>"}},
"sort": [{"timestamp": "asc"}],
"size": 100
}' | jq '.hits.hits[]._source | {timestamp, agent_name, event_type, task_id, duration_ms, success, error_message}'
From agent_initialized events, extract container names (pattern: claude-agent-{project}-{task_id}).
For each container found in step 4:
docker logs claude-agent-<project>-<task_id> 2>&1 | tail -500
If the container no longer exists, note it and move on.
curl -s "http://localhost:9200/logs-claude.otel-default/_search" -H 'Content-Type: application/json' -d '{
"query": {
"bool": {
"must": [
{"term": {"resource.attributes.pipeline_run_id.keyword": "<RUN_ID>"}},
{"term": {"event_name.keyword": "claude_code.tool_result"}}
]
}
},
"sort": [{"@timestamp": "asc"}],
"size": 200
}' | jq '.hits.hits[]._source | {"@timestamp", "agent": .resource.attributes.agent, event_name, "tool_name": .attributes.tool_name, "success": .attributes.success, "error": .attributes.error}'
Build a markdown timeline table:
| Time | Event | Agent | Details |
|---|---|---|---|
| ... | ... | ... | ... |
Then provide root cause analysis and recommendations.
When analyzing events, apply these patterns:
review_cycle_escalated: Max review iterations hit (blocking threshold exceeded). Check iteration count and reviewer feedback.empty_output_detected: Claude produced no output. Check for API errors, token limit issues, or prompt too large.circuit_breaker_opened: Repeated failures triggered circuit breaker. Check preceding error_encountered events.result_persistence_failed: Container output couldn't be saved. Check for filesystem issues or container crash.docker ps), or if the orchestrator was blocked.status_progression_failed: GitHub API issue or board state mismatch. Check error_message in event data.branch_conflict_detected: Git merge conflict. Check which files conflict and whether auto-resolution was attempted.retry_attempted events: Transient failures. Check if the retries eventually succeeded or exhausted.