| name | production-patterns |
| description | Reference catalogue of 35 documented production-AI failure patterns. Each pattern has a P-number, name, indicators, root cause, severity, and which Aufgaard MCP catches it. Auto-loaded when discussing reliability, audit, deployment health, specific failure modes, agent safety, or any phrase from the catalogue. Use this skill's content to ground recommendations in named patterns rather than ad-hoc advice. |
| when_to_use | Anytime the user discusses production-AI reliability, asks "what could go wrong", reports a failure that needs categorization, requests an audit, or names any of the failure modes below. Cite P-numbers in your responses for traceability. |
| user-invocable | false |
Production AI Failure Pattern Catalogue (35 patterns)
This is reference content. When the conversation touches reliability / audit / deployment / agent failures, ground your responses in these P-numbered patterns rather than generic advice. Each pattern is mapped to the Aufgaard MCP that catches it.
1. Gateway / Runtime (P1.x)
- P1.1 — Gateway crash-loop on unrecognized config keys. Indicators: 377+ crashes in 4 weeks, no exponential backoff. Root cause: gateway treats unknown keys as fatal. Catches: health-mcp (symptom only). Severity: Critical.
- P1.2 — Single plugin failure causes complete gateway outage. Indicators: one plugin's bug brings down the whole gateway. Root cause: no plugin sandboxing. Catches: health-mcp component checks (post-hoc). Severity: High.
- P1.3 — Onboard command overwrites gateway tokens. Indicators: re-running setup clobbers existing auth. Root cause: no idempotency check. Catches: uncovered (next-MCP candidate). Severity: High.
2. Memory / CPU (P2.x)
- P2.1 — OOM on small VMs from cron. Indicators: OOM-killer activates during cron-heavy hours, swap 99%+. Root cause: parallel agent invocations without memory budgeting. Catches: silentwatch + health-mcp (combined). Severity: High.
- P2.2 — CPU spikes (>140%) after upgrade. Indicators: sustained high CPU after minor version bump. Root cause: regression in newer version. Catches: upgrade-orch + health-mcp. Severity: High.
- P2.3 — JavaScript heap OOM in agent harness. Indicators: Node-based harness crashes under load. Root cause: session state accumulates without GC. Catches: health-mcp (crash detection). Severity: High.
3. Connection / Networking (P3.x)
- P3.1 — WebSocket disconnects every 10–35 minutes. Indicators: regular disconnects, queued messages. Root cause: missing heartbeat, proxy timeouts. Catches: uncovered (next-MCP candidate). Severity: High.
- P3.2 — 30–90s latency on Docker VPS. Indicators: API calls slow only inside Docker. Root cause: DNS resolution / network mode. Catches: health-mcp + upgrade-orch fingerprint. Severity: Medium-High.
- P3.3 — Discord/Telegram inbound silent drop. Indicators: outbound works, inbound silently dropped. Root cause: webhook signature failing silently. Catches: upgrade-orch catalog (if listed). Severity: High.
- P3.4 — HERMES.md silent billing-routing. Indicators: API bill jumps overnight without usage spike. Root cause: vendor harness-detection bug routing Pro/Max users to API rates. Catches: cost-tracker
predict_429_in_window (precursor). Severity: Critical. Real case: $6k overnight, vendor-acknowledged.
4. Configuration / Upgrade (P4.x)
- P4.1 — Cron CLI doc/syntax mismatch. Indicators: jobs fail silently or run on wrong schedule. Catches: bash-vet (destructive only). Severity: Medium.
- P4.2 — Web search silent fail in --session cron. Indicators: works interactively, fails in cron mode. Root cause: cron context lacks env vars. Catches: silentwatch (canonical fit). Severity: High.
- P4.3 — Post-upgrade regression cascade. Indicators: version bump introduces 3+ new bugs. Catches: upgrade-orch (catalog + fingerprint). Severity: High.
5. Skill / Plugin / Supply Chain (P5.x)
- P5.1 — Malicious skill payloads. Indicators: prompt injection, encoded payloads, HTTP exfil in community skills. Catches: skill-vetter
vet_skill (41 rules). Severity: Critical.
- P5.2 — Plugin dependency rot. Indicators: plugin worked at install, broke 3 months later. Catches: skill-vetter dependencies scanner (partial). Severity: Medium.
- P5.y — LLM-emitted destructive bash (chain-buried). Indicators: agent proposes
cd X && Y && rm -rf $VAR/* && Z; operator approves on quick read. Catches: bash-vet vet_command_chain (30 rules). Severity: Critical. Verbatim source: chiefofautism (158↑/11.5K views), xornullvoid apt remove '*nvidia*' wipeout.
- P5.z — Agent-config trust-boundary attack. Indicators: PR adds AGENTS.md / .cursor/rules.md / .git/hooks with prompt-injection / hardcoded webhook / secret-ref. Catches: skill-vetter v1.1
vet_agent_config. Severity: Critical. Real CVEs: Cursor CVE-2026-26268, Gemini CLI CVSS 10.0.
6. LLM-Specific (P6.x)
- P6.1 — Keyword-list anti-pattern in scoring/classification. Indicators:
KEYWORDS = [...] lists used to gate LLM output. Root cause: semantic-as-lexical translation. Catches: uncovered (methodology / code-review concern). Severity: Critical for scoring code.
- P6.2 — Missing error handling around LLM calls. Indicators: no try/except, no retry, no timeout. Catches: output-vetter
find_swallowed_exceptions. Severity: High.
- P6.3 — Context-window overflow ungraceful. Indicators: sessions grow until model rejects. Catches: uncovered. Severity: Medium-High.
- P6.4 — Untracked prompt versions. Indicators: prompts shipped with no versioning. Catches: uncovered (next-MCP candidate). Severity: Medium.
- P6.5 — Missing eval harness. Catches: uncovered* (output-vetter is one, philosophical). Severity: High.
- P6.y — Output-action divergence. Indicators: agent reports "I did X" but state didn't change. Catches: output-vetter v1.1+
verify_action_outcome (8 ACTION_OUTCOME.* rules). Severity: Critical (when production data involved). Real cases: chiefofautism, Codex sandbox-escalation, 698 CLTR scheming incidents.
7. Observability / Audit (P7.x)
- P7.1 — No logs on critical paths. Catches: uncovered (next-MCP candidate). Severity: High.
- P7.2 — No cost monitoring per agent / per user. Catches: cost-tracker (full). Severity: Medium-High.
- P7.3 — Missing audit trail. Catches: uncovered (next-MCP candidate). Severity: Critical for regulated industries.
8. Security (P8.x)
- P8.1 — Gateway exposed on 0.0.0.0 by default. Catches: uncovered (next-MCP candidate: deploy-config-vetter). Severity: Critical.
- P8.2 — Secrets in plaintext config. Catches: skill-vetter v1.1 SECRET_REF rules (partial). Severity: Critical.
- P8.3 — Session transcript persistence missing redaction. Catches: uncovered. Severity: High.
- P8.4 — Prompt injection via untrusted input. Catches: skill-vetter (config) + output-vetter (response) (partial). Severity: High to Critical.
9. Cost / Resource (P9.x)
- P9.1 — Wrong model for task (over-paying). Catches: cost-tracker cost-attribution + cheaper-routing. Severity: Medium.
- P9.2 — No retry budget. Catches: cost-tracker
predict_429_in_window (precursor). Severity: Medium.
- P9.x — Cross-model deception (Pass 7 single-source). Indicators: one frontier model rewrites prompt to bypass another model's safety filter. Catches: uncovered. Severity: High to Critical. Source: Nav Toor / CLTR thread (~10K views).
10. Cron / Scheduled (P10.x)
- P10.1 — Cron silent failures. Indicators: cron job appears to run but didn't do work. Catches: silentwatch (canonical fit). Severity: High.
- P10.2 — Cron job concurrency conflict. Catches: uncovered (silentwatch extension candidate). Severity: Medium-High.
Aggregate coverage
12 ✅ FULL · 11 🟡 PARTIAL · 12 ❌ UNCOVERED. The Aufgaard suite addresses 23 of 35 patterns in MCP-native form. The uncovered 12 cluster into observability-completeness, deploy-config security, runtime monitoring extensions, and cross-model — these are the next-build frontier.
How to cite in conversations
When discussing a failure or making a recommendation:
- ✅ "This looks like P3.4 (HERMES.md silent billing-routing) — cost-tracker
predict_429_in_window catches the precursor."
- ❌ "There may be a billing issue. You could try monitoring tokens."
Specificity is the value. The buyer didn't pay for "monitor things"; they paid for "you have this exact pattern, here's the exact MCP that catches it, here's what to do."
Coverage caveats — when to disclose
If the user reports a failure that's UNCOVERED in the catalogue, say so plainly: "This looks like P3.1 (WebSocket disconnect lifecycle) — currently uncovered by Aufgaard's MCPs. Recommended manual mitigations: heartbeat ping, proxy-timeout config, idempotency keys on resume." Don't invent coverage we don't have.