// Systematically explore and test any software project (CLI, API, Backend, Library, etc.) to find bugs, usability issues, and edge cases. Produces a structured report with full reproduction evidence (exact commands, inputs, logs, and tracebacks) for every issue.
Install and run the pace personal dashboard. Covers cloning, dependency install via Bun, Docker and Docker Compose deployment, CLI flags (--config, --port), environment variable overrides (PACE_CONFIG, PORT), themed starter configs, and troubleshooting common startup errors. Use when asked to set up, install, deploy, or run a pace dashboard.
Generate a config.yaml for the pace personal dashboard from a user's natural-language description of interests. Maps topics to content adapters (RSS, Hacker News, Reddit, GitHub, arXiv, YouTube, Mastodon, etc.), composes transform pipelines, designs flexbox layouts, and optionally wires up LLM-powered summarization and ranking. Use when asked to configure, set up feeds for, or customize a pace dashboard.
| name | bugbash |
| description | Systematically explore and test any software project (CLI, API, Backend, Library, etc.) to find bugs, usability issues, and edge cases. Produces a structured report with full reproduction evidence (exact commands, inputs, logs, and tracebacks) for every issue. |
Systematically explore a software project, find issues, and produce a report with full reproduction evidence for every finding. This skill applies to CLIs, APIs, Backends, Libraries, and other non-web interfaces.
Identify the Target (e.g., a CLI binary, an API base URL, a Python package).
| Parameter | Default | Example override |
|---|---|---|
| Target | (required) | ./my-cli, http://localhost:8080, import mylib |
| Output directory | /tmp/dogfood-output/ (illustrative only) | Output directory: ./qa-reports |
| Scope | Full project | Focus on the auth middleware |
Note on fresh directories: Every bugbash invocation must create and use a unique fresh output directory (e.g. /tmp/bugbash-<target>-<YYYYMMDD-HHMMSS>/ following the observed timestamped convention from usage). The static /tmp/dogfood-output/ default is an example only and must never be used literally, as it risks report.md/evidence collisions on concurrent runs, re-invocations, or multi-agent sessions. Always generate a timestamped dir in Initialize and use it for all artifacts.
1. Initialize Set up output dirs, report file, build/start the software
2. Orient Discover surface area (help menus, API schemas, exported functions)
3. Explore Systematically test features, inputs, and edge cases
4. Document Record exact inputs, outputs, and logs for each issue
5. Wrap up Update summary counts, finalize report
mkdir -p {OUTPUT_DIR}/logs {OUTPUT_DIR}/evidence
Create a report.md in the output directory and fill in the header fields. Include:
If the software needs to be built or started (e.g., npm run build, docker-compose up, cargo build), do that now. Keep track of the startup logs and run servers in the background if necessary.
Agent/tool harness note (for executions inside this project's subagents, timeboxed runners, etc.): The literal shell & may not be usable inside the run_terminal_command tool (commands containing & are rejected with "Remove the '&' ... and set background: true"). Instead, use run_terminal_command "<cmd>" background:true (returns task_id), monitor with get_command_or_subagent_output --task_id <id>, and stop via kill_command_or_subagent --task_id <id> in Wrap up. Always redirect long-running output to files under logs/ or evidence/. The SKILL.md shell & examples are for direct human shell use; the harness model must be supported for systematic testing in agent contexts.
Map out the surface area of the software before testing.
{TARGET} --help, list subcommands, check environment variable configurations.Save this initial mapping to {OUTPUT_DIR}/surface-area.txt.
Work through the surface area systematically.
At each step: Capture standard output, standard error, exit codes, and HTTP status codes.
Document issues as you find them. Do not wait until the end. Every issue must be reproducible by a human reading the report.
For each issue, capture:
curl commands), or code executed.Save verbose evidence (like full crash dumps or multi-megabyte log files) to {OUTPUT_DIR}/evidence/issue-{NNN}.txt and reference it in the report. For short errors, embed them directly in the report using markdown code blocks.
Aim to find 5-10 well-documented issues. Depth of evidence matters more than total count — 5 issues with full repros beat 20 with vague descriptions.
After exploring:
curl command, CLI invocation, or script used to trigger the bug. A reader should be able to copy-paste the commands to see the exact same failure.pwd, env vars, or local files if they are part of the repro.0 on failure, or an API returning 200 OK for an error payload, is a bug. echo $? or curl -w "%{http_code}" are your friends.This skill is used inside a fact-driven project (see AGENTS.md and the ## facts section).
When bugbash findings identify gaps or bugs that require changes to any file (including this SKILL.md during self-dogfood):
facts list --search "..." --light (or --section relevant) to orient.facts add "precise testable claim about the required behavior" --section "bugbash" --tags "spec,bugbash-iterX" --command "grep -q 'phrase' .agents/skills/bugbash/SKILL.md || test cmd that proves it"facts check --tags "bugbash-iterX" (never run bare facts check).facts edit <id1> <id2> ... --remove-tag spec --add-tag implemented? facts (if any appear in check) must be verified one-by-one by reading the relevant code/doc and reporting PASS/FAIL + 1-line reason.facts skills show bugbash will not list this skill (only facts-* skills are registered that way); use direct read of SKILL.md + README.md instead.This ensures all bugbash-driven work is verifiable and flows through the fact sheet as source of truth. The 3 facts in this section (and their @implemented state after verification) are the spec for these integration requirements.