Run any Skill in Manus with one click

$pwd:

auth-failure-log-triage

Name: Auth Failure Log Triage
Author: paradigmxyz

// Investigate reported auth, credential, permission, API proxy, 401, 403, 503, OAuth, token, or secret-resolution failures by querying VictoriaLogs first. Use when a user says an integration auth failed, a tool got unauthorized/forbidden/service unavailable, an api-proxy request failed, or asks why credentials/secrets are not working.

Run Skill in Manus

$ git log --oneline --stat

stars:674

forks:99

updated:May 25, 2026 at 02:18

SKILL.md

readonly

name	auth-failure-log-triage
description	Investigate reported auth, credential, permission, API proxy, 401, 403, 503, OAuth, token, or secret-resolution failures by querying VictoriaLogs first. Use when a user says an integration auth failed, a tool got unauthorized/forbidden/service unavailable, an api-proxy request failed, or asks why credentials/secrets are not working.

Auth Failure Log Triage

When a user reports an auth, permission, credential, API proxy, OAuth, token, secret, 401, 403, or 503 failure, inspect live runtime evidence before proposing secret or permission changes.

Workflow

Confirm the affected surface from the user message: tool/integration name, URL host, thread key, execution id, pod/service, and rough time window.
Discover vlogs if needed:

call discover vlogs

Query likely auth failures in the last 24h, narrowing when the user gave a host, pod, thread, or execution id.

For Centaur API proxy / Iron Proxy issues:

call vlogs query '{"query":"kubernetes.pod_name:centaur-api-proxy-* AND (audit.status_code:401 OR audit.status_code:403 OR audit.status_code:503 OR \"failed to fetch secret\" OR unauthorized OR forbidden OR auth OR oauth OR token OR secret)","start":"24h","limit":100}'

For a specific thread:

call vlogs thread_trace '{"thread_key":"THREAD_KEY","start":"24h","limit":500}'
call vlogs tool_usage_by_thread '{"thread_key":"THREAD_KEY","start":"24h","limit":200}'

For a specific execution:

call vlogs execution_timeline '{"execution_id":"EXECUTION_ID"}'

If the direct query is empty, find labels first:

call vlogs field_values '{"field":"service","query":"*proxy*","start":"24h","limit":200}'
call vlogs field_names '{"query":"service:iron-proxy","start":"24h"}'
call vlogs streams '{"query":"proxy","start":"24h"}'

Summarize only what the logs support:

Counts by status code: 401, 403, 503.
Secret-resolution errors and the secret reference name, without exposing secret values.
Timestamp, pod, service, host, method, path, and status for concrete failures.
Whether auth transforms injected credentials, if shown by proxy fields such as request_transforms.
Distinguish upstream denial (audit.status_code=403) from local proxy/secret resolution failure (failed to fetch secret).

Output Rules

Lead with whether log evidence was found.
Do not claim a secret or permission is wrong unless logs show that.
Do not recommend secret rewiring until you have checked live vlogs evidence and compared the relevant error shape.
If no logs are found, say which query/window was checked and ask for the missing discriminator: time, thread key, execution id, host, or integration name.

related-skills.json

same repository

creating-tools.md

from "paradigmxyz/centaur"

Scaffold and build new tool integrations in tools/. Use when asked to create a new tool, add an API integration, or build a new client for an external service.

2026-05-18674

improve-gap-task.md

from "paradigmxyz/centaur"

Researches, plans, implements, validates, and opens a focused PR for one selected self-improvement gap. Use when executing one chosen backlog item from the nightly self-improvement workflow.

2026-05-18674

learning-synthesis.md

from "paradigmxyz/centaur"

Analyzes a day of Slack-thread user sessions to discover opportunities for new skills, personas, tools, workflows, and system-level improvements. Use alongside gap-analysis for the nightly self-improvement workflow.

2026-05-18674

qa.md

from "paradigmxyz/centaur"

Run comprehensive QA and integration tests against the local Centaur stack. Use when asked to QA the stack, run integration tests, verify a deployment, or check stack health after a refactor.

2026-05-18674

package.json

"author": "paradigmxyz"

"repository": "paradigmxyz/centaur"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Software DevelopersComputer and Mathematical Occupations15-1252L4

name	auth-failure-log-triage
description	Investigate reported auth, credential, permission, API proxy, 401, 403, 503, OAuth, token, or secret-resolution failures by querying VictoriaLogs first. Use when a user says an integration auth failed, a tool got unauthorized/forbidden/service unavailable, an api-proxy request failed, or asks why credentials/secrets are not working.

Auth Failure Log Triage

When a user reports an auth, permission, credential, API proxy, OAuth, token, secret, 401, 403, or 503 failure, inspect live runtime evidence before proposing secret or permission changes.

Workflow

Confirm the affected surface from the user message: tool/integration name, URL host, thread key, execution id, pod/service, and rough time window.
Discover vlogs if needed:

call discover vlogs

Query likely auth failures in the last 24h, narrowing when the user gave a host, pod, thread, or execution id.

For Centaur API proxy / Iron Proxy issues:

call vlogs query '{"query":"kubernetes.pod_name:centaur-api-proxy-* AND (audit.status_code:401 OR audit.status_code:403 OR audit.status_code:503 OR \"failed to fetch secret\" OR unauthorized OR forbidden OR auth OR oauth OR token OR secret)","start":"24h","limit":100}'

For a specific thread:

call vlogs thread_trace '{"thread_key":"THREAD_KEY","start":"24h","limit":500}'
call vlogs tool_usage_by_thread '{"thread_key":"THREAD_KEY","start":"24h","limit":200}'

For a specific execution:

call vlogs execution_timeline '{"execution_id":"EXECUTION_ID"}'

If the direct query is empty, find labels first:

call vlogs field_values '{"field":"service","query":"*proxy*","start":"24h","limit":200}'
call vlogs field_names '{"query":"service:iron-proxy","start":"24h"}'
call vlogs streams '{"query":"proxy","start":"24h"}'

Summarize only what the logs support:

Counts by status code: 401, 403, 503.
Secret-resolution errors and the secret reference name, without exposing secret values.
Timestamp, pod, service, host, method, path, and status for concrete failures.
Whether auth transforms injected credentials, if shown by proxy fields such as request_transforms.
Distinguish upstream denial (audit.status_code=403) from local proxy/secret resolution failure (failed to fetch secret).

Output Rules

Lead with whether log evidence was found.
Do not claim a secret or permission is wrong unless logs show that.
Do not recommend secret rewiring until you have checked live vlogs evidence and compared the relevant error shape.
If no logs are found, say which query/window was checked and ask for the missing discriminator: time, thread key, execution id, host, or integration name.

auth-failure-log-triage

Auth Failure Log Triage

Workflow

Output Rules

More from this repository

More from this repository

Auth Failure Log Triage

Workflow

Output Rules