원클릭으로 Manus에서 모든 스킬 실행

$pwd:

capture-output-via-sidechannel

Name: Capture Output Via Sidechannel
Author: Innei

// Use when a runner, CI step, container, or orchestrator executes a task whose stdout/stderr you cannot retrieve afterwards — no log API, no shell access, output stream not captured, or logs evicted before you can read them. The pattern: have the task itself write its captured output into a data store you CAN read (SQL row, Redis key, mounted file, public webhook).

Manus에서 실행

$ git log --oneline --stat

stars:50

forks:1

updated:2026년 5월 4일 18:21

SKILL.md

readonly

name	capture-output-via-sidechannel
description	Use when a runner, CI step, container, or orchestrator executes a task whose stdout/stderr you cannot retrieve afterwards — no log API, no shell access, output stream not captured, or logs evicted before you can read them. The pattern: have the task itself write its captured output into a data store you CAN read (SQL row, Redis key, mounted file, public webhook).

Sidechannel Output Capture

When the orchestrator's log retrieval is missing, broken, or asynchronous, don't fight it — make the task persist its own output to somewhere you can query.

When to use

Running a one-shot container in a system with no log-fetch API (managed PaaS, certain CI systems)
Job runner that streams logs to a UI but offers no programmatic export
Long-running batch job where logs roll over before you can grep them
Headless agent contexts where shell access to the runtime host is unavailable

When NOT to use

You can just run docker logs <id> or kubectl logs <pod> — do that
The runtime emits a structured exit signal you actually trust (HTTP webhook, exit code only)
Output contains secrets you must NOT persist beyond the run

The Pattern

Capture stdout+stderr inside the runner with tee, preserving the real exit code.
Encode the captured file (base64) to dodge SQL-quoting hell.
Insert as a single row/key in a data store you already have credentials for.
Exit with the original exit code (preserves up-stream pass/fail signaling).
Read from the data store afterwards.

Reference: bash + PostgreSQL

#!/bin/bash
set -e

# 1. Run the actual work, capture, preserve exit code
set +e
your_real_command 2>&1 | tee /tmp/run.log
EXITCODE=${PIPESTATUS[0]}
set -e

# 2. Ensure target table exists (idempotent)
export PGPASSWORD="$DB_PASSWORD"
psql -h "$DB_HOST" -U "$DB_USER" -d "$DB_NAME" -v ON_ERROR_STOP=1 <<'SQL'
CREATE TABLE IF NOT EXISTS _run_log (
  id SERIAL PRIMARY KEY,
  job TEXT,
  exit_code INT,
  output TEXT,
  created_at TIMESTAMPTZ DEFAULT NOW()
);
SQL

# 3. Encode + insert (base64 dodges quoting)
B64=$(base64 -w0 /tmp/run.log)
psql -h "$DB_HOST" -U "$DB_USER" -d "$DB_NAME" -v ON_ERROR_STOP=1 \
  -c "INSERT INTO _run_log(job, exit_code, output)
      VALUES ('$JOB_NAME', $EXITCODE,
              convert_from(decode('$B64', 'base64'), 'UTF8'))"

# 4. Exit with the real code
exit $EXITCODE

Read it back later with SELECT output FROM _run_log ORDER BY id DESC LIMIT 1.

Reference: Redis variant (when you don't have SQL)

B64=$(base64 -w0 /tmp/run.log)
redis-cli -h "$REDIS_HOST" -a "$REDIS_PASSWORD" \
  SET "run-log:$JOB_NAME:$(date +%s)" "exit=$EXITCODE;$B64" EX 86400

Reference: Public webhook (when you have neither)

curl -sS -X POST "https://ntfy.sh/<your-unique-topic>" \
  -H "Title: $JOB_NAME exit=$EXITCODE" \
  --data-binary @/tmp/run.log

Then curl "https://ntfy.sh/<topic>/json?poll=1" to retrieve. Warning: ntfy/webhook.site are public — never send secrets, tokens, or PII.

Why base64 instead of dollar-quoting

-- Naive: breaks if output contains '$$', single quotes, backticks, etc.
INSERT INTO log VALUES ($$REPORT_PLACEHOLDER$$);

Output from real programs contains arbitrary bytes — terminal escape codes, JSON with quotes, stack traces with $. Base64 makes the payload opaque to the SQL parser. The convert_from(decode(..., 'base64'), 'UTF8') decodes back to text on the server side.

Critical: preserve the exit code

The whole point of running a task is the pass/fail signal. Naive piping breaks it:

# WRONG: exit code is from `tee`, always 0
your_command 2>&1 | tee log.txt
# upstream sees success even when your_command failed

# RIGHT: capture exit before tee mangles it
set +e
your_command 2>&1 | tee log.txt
EXITCODE=${PIPESTATUS[0]}
set -e

Then exit $EXITCODE at the end so the orchestrator can still see failure.

Common Mistakes

Mistake	Fix
`cmd	tee log`and then`exit $?`
Embedding `cat /tmp/log` directly into SQL via heredoc	Output containing `$$` or `'` corrupts the statement. Use base64.
Forgetting `convert_from(..., 'UTF8')` on read side	Get bytea instead of text; decoding becomes the reader's problem.
Running on a PaaS without first verifying the data store is reachable from the runner's network	Sidechannel write fails silently, exit code preserved but report unrecoverable. Smoke-test connectivity first.
Posting full logs to a public webhook	Logs often contain auth tokens, hostnames, IDs. Strip or skip the public path.
Using `set -e` around the work	Aborts before you capture exit code. Use `set +e` for the work block, restore `set -e` after.

related-skills.json

같은 저장소

chibi-sticker-sheet.md

from "Innei/SKILL"

Use when generating a LINE/WeChat-style chibi sticker sheet (4x8 grid, 32 expressions) from an anime character reference image via Gemini, including transparent PNG output and individual cell slicing.

2026-05-2950

session-to-skill-and-blog.md

from "Innei/SKILL"

Turn a completed non-trivial engineering session into a paired durable artifact: (1) a reusable skill under Innei's personal SKILL repo, and (2) a published blog post that narrates the journey and embeds the skill URL. Triggers on "把这个过程写成 skill 再写一篇 blog"、"沉淀一下这次的折腾"、 "productize this session"、"publish this as a skill and a writeup".

2026-05-2450

vless-reality-aws-lightsail.md

from "Innei/SKILL"

Use when deploying VLESS+Reality+Vision on AWS Lightsail and bridging it to Surge (or similar TUN clients) with an Alpine LXC SOCKS5 bridge on the LAN plus a brew sing-box on the laptop for off-LAN use. Triggers on "set up vless reality on aws", "tokyo lightsail proxy", "surge doesn't support vless", "vless when away from home lan", "alpine lxc client for vless".

2026-05-1650

mx-space-remote-db-access.md

from "Innei/SKILL"

Access the remote mx-space PostgreSQL through ssh to the swarm host, then docker exec into the Postgres container and run psql inside the container. Use for inspecting tables, sampling rows, validating topic assignments, and performing guarded updates in the specific mx-space deployment pattern where direct host-level Postgres access is unreliable.

2026-05-1550

mx-space-remote-translation-audit.md

from "Innei/SKILL"

Audit remote mx-space translation data through ssh to the swarm host, then docker exec into the Postgres container and run psql inside the container. Use for checking translation_entries coverage, ai_translations gaps, strict computeContentHash mismatches, and runtime freshness semantics in deployments where direct Postgres access is unreliable.

2026-05-1550

dokploy-traefik-traffic-split.md

from "Innei/SKILL"

Use when you need to canary-deploy two HTTP backends on the same Dokploy-managed domain with a percentage split (e.g. migrating an SPA from one framework to another). Covers the critical SPA-asset trap that breaks naive sticky-cookie splits, a path-aware Traefik config that solves it, and a four-phase workflow (backup → dry-run on a canary host → roll to prod → quick rollback).

2026-05-1550

package.json

"author": "Innei"

"repository": "Innei/SKILL"

GitHub 저장소 열기 Creator 저장소 보기

$ install --global

$ download --local

Manus에서 실행

$ useful --forSOC

네트워크·컴퓨터 시스템 관리자컴퓨터 및 수학직15-1244L4

name	capture-output-via-sidechannel
description	Use when a runner, CI step, container, or orchestrator executes a task whose stdout/stderr you cannot retrieve afterwards — no log API, no shell access, output stream not captured, or logs evicted before you can read them. The pattern: have the task itself write its captured output into a data store you CAN read (SQL row, Redis key, mounted file, public webhook).

Sidechannel Output Capture

When the orchestrator's log retrieval is missing, broken, or asynchronous, don't fight it — make the task persist its own output to somewhere you can query.

When to use

Running a one-shot container in a system with no log-fetch API (managed PaaS, certain CI systems)
Job runner that streams logs to a UI but offers no programmatic export
Long-running batch job where logs roll over before you can grep them
Headless agent contexts where shell access to the runtime host is unavailable

When NOT to use

You can just run docker logs <id> or kubectl logs <pod> — do that
The runtime emits a structured exit signal you actually trust (HTTP webhook, exit code only)
Output contains secrets you must NOT persist beyond the run

The Pattern

Capture stdout+stderr inside the runner with tee, preserving the real exit code.
Encode the captured file (base64) to dodge SQL-quoting hell.
Insert as a single row/key in a data store you already have credentials for.
Exit with the original exit code (preserves up-stream pass/fail signaling).
Read from the data store afterwards.

Reference: bash + PostgreSQL

#!/bin/bash
set -e

# 1. Run the actual work, capture, preserve exit code
set +e
your_real_command 2>&1 | tee /tmp/run.log
EXITCODE=${PIPESTATUS[0]}
set -e

# 2. Ensure target table exists (idempotent)
export PGPASSWORD="$DB_PASSWORD"
psql -h "$DB_HOST" -U "$DB_USER" -d "$DB_NAME" -v ON_ERROR_STOP=1 <<'SQL'
CREATE TABLE IF NOT EXISTS _run_log (
  id SERIAL PRIMARY KEY,
  job TEXT,
  exit_code INT,
  output TEXT,
  created_at TIMESTAMPTZ DEFAULT NOW()
);
SQL

# 3. Encode + insert (base64 dodges quoting)
B64=$(base64 -w0 /tmp/run.log)
psql -h "$DB_HOST" -U "$DB_USER" -d "$DB_NAME" -v ON_ERROR_STOP=1 \
  -c "INSERT INTO _run_log(job, exit_code, output)
      VALUES ('$JOB_NAME', $EXITCODE,
              convert_from(decode('$B64', 'base64'), 'UTF8'))"

# 4. Exit with the real code
exit $EXITCODE

Read it back later with SELECT output FROM _run_log ORDER BY id DESC LIMIT 1.

Reference: Redis variant (when you don't have SQL)

B64=$(base64 -w0 /tmp/run.log)
redis-cli -h "$REDIS_HOST" -a "$REDIS_PASSWORD" \
  SET "run-log:$JOB_NAME:$(date +%s)" "exit=$EXITCODE;$B64" EX 86400

Reference: Public webhook (when you have neither)

curl -sS -X POST "https://ntfy.sh/<your-unique-topic>" \
  -H "Title: $JOB_NAME exit=$EXITCODE" \
  --data-binary @/tmp/run.log

Then curl "https://ntfy.sh/<topic>/json?poll=1" to retrieve. Warning: ntfy/webhook.site are public — never send secrets, tokens, or PII.

Why base64 instead of dollar-quoting

-- Naive: breaks if output contains '$$', single quotes, backticks, etc.
INSERT INTO log VALUES ($$REPORT_PLACEHOLDER$$);

Critical: preserve the exit code

The whole point of running a task is the pass/fail signal. Naive piping breaks it:

# WRONG: exit code is from `tee`, always 0
your_command 2>&1 | tee log.txt
# upstream sees success even when your_command failed

# RIGHT: capture exit before tee mangles it
set +e
your_command 2>&1 | tee log.txt
EXITCODE=${PIPESTATUS[0]}
set -e

Then exit $EXITCODE at the end so the orchestrator can still see failure.

Common Mistakes

Mistake	Fix
`cmd	tee log`and then`exit $?`
Embedding `cat /tmp/log` directly into SQL via heredoc	Output containing `$$` or `'` corrupts the statement. Use base64.
Forgetting `convert_from(..., 'UTF8')` on read side	Get bytea instead of text; decoding becomes the reader's problem.
Running on a PaaS without first verifying the data store is reachable from the runner's network	Sidechannel write fails silently, exit code preserved but report unrecoverable. Smoke-test connectivity first.
Posting full logs to a public webhook	Logs often contain auth tokens, hostnames, IDs. Strip or skip the public path.
Using `set -e` around the work	Aborts before you capture exit code. Use `set +e` for the work block, restore `set -e` after.

capture-output-via-sidechannel

Sidechannel Output Capture

When to use

When NOT to use

The Pattern

Reference: bash + PostgreSQL

Reference: Redis variant (when you don't have SQL)

Reference: Public webhook (when you have neither)

Why base64 instead of dollar-quoting

Critical: preserve the exit code

Common Mistakes

이 저장소의 다른 Skills

이 저장소의 다른 Skills

Sidechannel Output Capture

When to use

When NOT to use

The Pattern

Reference: bash + PostgreSQL

Reference: Redis variant (when you don't have SQL)

Reference: Public webhook (when you have neither)

Why base64 instead of dollar-quoting

Critical: preserve the exit code

Common Mistakes