Bug Hunt技能：4阶段系统化Bug调查与修复工作流

bug-hunt by boshu2/agentops

301 周安装量

220 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/boshu2/agentops --skill bug-hunt

自动化代码质量测试

🇨🇳中文介绍

Bug Hunt Skill

快速参考： 4阶段调查（根因 → 模式 → 假设 → 修复）。输出：.agents/research/YYYY-MM-DD-bug-*.md

你必须执行此工作流。不要仅仅描述它。

系统化调查以找出根本原因并设计完整修复方案——或者主动审计以在隐藏的 bug 造成影响之前发现它们。

要求：

session-start.sh 已执行（为输出创建 .agents/ 目录）
bd CLI (beads) 用于创建后续问题时进行问题跟踪

模式

模式	调用方式	适用场景
调查	`/bug-hunt <症状描述>`	你已知一个 bug 或故障
审计

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

4 阶段结构（调查模式）

阶段	重点	输出
1. 根因	找到实际的 bug 位置	文件:行号，提交
2. 模式	与工作示例进行比较	识别出的差异
3. 假设	形成并测试单一假设	每个假设的通过/失败
4. 实施	在根源处修复，而非症状	已验证的修复

关于故障分类法和 3 次失败规则，请阅读 skills/bug-hunt/references/failure-categories.md。

给定 /bug-hunt <症状描述>：

阶段 1：根因调查

步骤 1.1：确认 Bug

首先，复现问题：

预期行为是什么？
实际行为是什么？
你能稳定复现它吗？

仔细阅读错误信息。 不要跳过或略读。

如果无法复现 bug，请先收集更多信息再继续。

步骤 1.2：定位症状

找到 bug 显现的位置：

# 搜索错误信息
grep -r "<错误文本>" . --include="*.py" --include="*.ts" --include="*.go" 2>/dev/null | head -10

# 搜索函数/变量名
grep -r "<相关名称>" . --include="*.py" --include="*.ts" --include="*.go" 2>/dev/null | head -10

步骤 1.3：Git 考古

查找 bug 是何时/如何被引入的：

# 文件最后一次更改是什么时候？
git log --oneline -10 -- <文件>

# 最近有什么变化？
git diff HEAD~10 -- <文件>

# 谁更改了它？为什么？
git blame <文件> | grep -A2 -B2 "<可疑行>"

# 搜索相关提交
git log --oneline --grep="<关键词>" | head -10

步骤 1.4：追踪执行路径

使用 TASK 工具 (subagent_type: "Explore") 来追踪执行路径：

找到 bug 显现的入口点
向后追踪以找到错误数据/状态的起源
识别路径中的所有函数及其最近的变化
返回：执行路径、可能的根因位置、相关的更改

步骤 1.5：识别根因

基于追踪结果，识别：

什么出了问题（实际的 bug）
在哪里（文件:行号）
何时被引入（提交）
为什么 会发生（逻辑错误）

阶段 2：模式分析

步骤 2.1：查找工作示例

在代码库中搜索功能相似但正常工作的代码：

# 查找相似模式
grep -r "<工作模式>" . --include="*.py" --include="*.ts" --include="*.go" 2>/dev/null | head -10

步骤 2.2：与参考示例比较

识别以下两者之间的所有差异：

出错的代码
工作的参考代码

记录每个差异。

阶段 3：假设与测试

步骤 3.1：形成单一假设

清晰地陈述你的假设：

"我认为 X 是错的，因为 Y"

一次只测试一个假设。 不要合并多个猜测。

步骤 3.2：用最小改动进行测试

进行最小可能的改动来测试假设：

如果有效 → 进入阶段 4
如果失败 → 记录失败，形成新的假设

步骤 3.3：检查失败计数器

根据 skills/bug-hunt/references/failure-categories.md 检查失败次数。在 3 次可计数的失败后，升级到架构评审。

步骤 4.1：设计修复方案

在编写代码之前，先设计修复方案：

需要改变什么？
有哪些边界情况？
这个修复会破坏其他东西吗？
有需要更新的测试吗？

步骤 4.2：创建失败测试（如果可能）

在修复 bug 之前，编写一个能演示该 bug 的测试。

步骤 4.3：实施单一修复

在根因处修复，而不是在症状处。

步骤 4.4：验证修复

运行失败的测试——它现在应该通过。

当使用 --audit 调用时，bug-hunt 切换到主动扫描模式。不需要症状描述——你正在寻找尚未被报告的 bug。

/bug-hunt --audit cli/internal/goals/     # 审计一个包
/bug-hunt --audit src/auth/               # 审计一个目录
/bug-hunt --audit .                        # 审计仓库中的近期更改

审计步骤 1：确定范围

根据范围参数识别目标文件：

# 查找范围内的源文件
find <范围> -name "*.go" -o -name "*.py" -o -name "*.ts" -o -name "*.rs" | head -50

如果范围是 . 或范围过广（>50 个文件），则缩小到最近更改的文件：

git log --since="2 weeks ago" --name-only --pretty=format: -- <范围> | sort -u | head -30

审计步骤 2：系统化阅读

逐行阅读范围内的每个文件。对于每个文件，检查：

类别	需要寻找的内容
资源泄漏	未关闭的句柄、孤儿进程、缺少清理/defer
字符串安全	UTF-8 的字节级截断、未净化的输入
死代码	不可达的分支、未使用的常量、被遮蔽的变量
硬编码值	路径、URL、特定仓库的假设（在其他地方无法工作）
边界情况	空输入、nil/零值、边界条件
并发问题	未受保护的共享状态、goroutine 泄漏、缺少信号处理器
错误处理	被吞掉的错误、缺少上下文、错误的错误类型

关键纪律： 逐行阅读。不要略读。已验证的方法论（发现 5 个 bug，0 次假设失败）来自于仔细阅读，而非启发式扫描。

对于大范围——使用 TASK 工具 (subagent_type: "Explore") 将文件拆分给并行代理处理。

审计步骤 3：分类发现

对于每个发现，分配严重性：

严重性	标准	示例
高	数据丢失、安全漏洞、资源泄漏、进程孤儿化	僵尸进程、SQL 注入、文件句柄泄漏
中	错误输出、不正确的默认值、静默数据损坏	UTF-8 截断、硬编码路径、错误的错误代码
低	死代码、外观问题、轻微不一致	不可达分支、未使用的导入、风格违规

审计步骤 4：编写审计报告

关于审计报告格式，请阅读 skills/bug-hunt/references/audit-report-template.md。

写入 .agents/research/YYYY-MM-DD-bug-<范围-标识>.md。

向用户报告，并附带摘要表格：

| # | Bug | 严重性 | 文件 | 修复建议 |
|---|-----|----------|------|-----|
| 1 | <描述> | 高 | <文件:行号> | <建议的修复> |

包含失败计数（未得到确认的假设测试）。零失败 = 干净的审计。

步骤 5：编写 Bug 报告

关于 bug 报告模板，请阅读 skills/bug-hunt/references/bug-report-template.md。

步骤 6：向用户报告

已识别（或尚未识别）的根因
bug 的位置（文件:行号）
建议的修复方案
bug 报告的位置
遇到的失败次数和类型
下一步：实施修复或收集更多信息

先复现 - 确认 bug 存在
使用 Git 考古 - 理解历史
系统化追踪 - 跟随执行路径
识别根因 - 不仅仅是症状
先设计后修复 - 仔细思考解决方案
记录发现 - 编写 bug 报告

常见的 bug 模式检查：

差一错误
Null/undefined 处理
竞态条件
类型不匹配
缺少错误处理
状态未重置
缓存问题

用户说： /bug-hunt "CI 上测试失败但本地通过"

代理通过检查 CI 日志与本地测试输出确认 bug
代理使用 Git 考古查找测试文件的近期更改
代理追踪执行路径以识别环境特定的差异
代理形成关于缺少环境变量的假设
代理通过取消设置变量在本地创建失败测试
代理通过添加默认值实施修复
Bug 报告写入 .agents/research/2026-02-13-bug-test-failure.md

结果： 根因识别为 CI 配置中缺少 ENV 变量。修复已应用并验证。

用户说： /bug-hunt "功能 X 在昨天的部署后失效"

代理在当前状态下复现问题
代理使用 git log --since="2 days ago" 查找最近的提交
代理使用 git bisect 识别确切的破坏性提交
代理将出错的代码与代码库中的工作示例进行比较
代理形成关于引入的类型不匹配的假设
代理实施最小修复并使用现有测试验证
Bug 报告记录了提交 sha、根因和修复

结果： 回归问题追溯到提交 abc1234，验证逻辑中的类型转换错误在根因处修复。

用户说： /bug-hunt --audit cli/internal/goals/

代理将范围限定为 goals 包中的所有 .go 文件
代理逐行阅读每个文件，检查资源泄漏、字符串安全、死代码等
代理发现 5 个 bug：僵尸进程组（高）、UTF-8 截断（中）、硬编码路径（中）、丢失的段落换行（低）、死分支（低）
所有发现均在第一次通过时确认——0 次假设失败
审计报告写入 .agents/research/2026-02-24-bug-goals-go.md

结果： 5 个具体的 bug，附带严重性、文件:行号和建议的修复——无需调试即可准备实施。

问题	原因	解决方案
无法复现 bug	环境上下文不足或间歇性问题	向用户询问具体步骤、环境变量、输入数据。检查竞态条件或时序问题。
Git 考古返回过多提交	搜索范围过广或文件变更频繁	使用 `--since` 标志缩小时间范围，使用 `git blame` 聚焦特定函数，在提交信息中搜索相关关键词。
假设测试期间达到 3 次失败限制	多个错误假设或复杂的根因	升级到架构评审。阅读 `failure-categories.md` 以确定失败是否可计数。考虑请求领域专家输入。
Bug 报告缺少关键信息	调查不完整或跳过了步骤	验证所有 4 个阶段均已完成。确保已识别根因并附带文件:行号。检查是否运行了 git blame 以找到责任提交。

🇺🇸English

Bug Hunt Skill

Quick Ref: 4-phase investigation (Root Cause → Pattern → Hypothesis → Fix). Output: .agents/research/YYYY-MM-DD-bug-*.md

YOU MUST EXECUTE THIS WORKFLOW. Do not just describe it.

Systematic investigation to find root cause and design a complete fix — or proactive audit to find hidden bugs before they bite.

Requires:

session-start.sh has executed (creates .agents/ directories for output)
bd CLI (beads) for issue tracking if creating follow-up issues

Modes

Mode	Invocation	When
Investigation	`/bug-hunt <symptom>`	You have a known bug or failure
Audit	`/bug-hunt --audit <scope>`	Proactive sweep for hidden bugs

Investigation mode uses the 4-phase structure below. Audit mode uses systematic read-and-classify — see Audit Mode.

The 4-Phase Structure (Investigation Mode)

Phase	Focus	Output
1. Root Cause	Find the actual bug location	file:line, commit
2. Pattern	Compare against working examples	Differences identified
3. Hypothesis	Form and test single hypothesis	Pass/fail for each
4. Implementation	Fix at root, not symptoms	Verified fix

For failure category taxonomy and the 3-failure rule, readskills/bug-hunt/references/failure-categories.md.

Execution Steps

Given /bug-hunt <symptom>:

Phase 1: Root Cause Investigation

Step 1.1: Confirm the Bug

First, reproduce the issue:

What's the expected behavior?
What's the actual behavior?
Can you reproduce it consistently?

Read error messages carefully. Do not skip or skim them.

If the bug can't be reproduced, gather more information before proceeding.

Step 1.2: Locate the Symptom

Find where the bug manifests:

# Search for error messages
grep -r "<error-text>" . --include="*.py" --include="*.ts" --include="*.go" 2>/dev/null | head -10

# Search for function/variable names
grep -r "<relevant-name>" . --include="*.py" --include="*.ts" --include="*.go" 2>/dev/null | head -10

Step 1.3: Git Archaeology

Find when/how the bug was introduced:

# When was the file last changed?
git log --oneline -10 -- <file>

# What changed recently?
git diff HEAD~10 -- <file>

# Who changed it and why?
git blame <file> | grep -A2 -B2 "<suspicious-line>"

# Search for related commits
git log --oneline --grep="<keyword>" | head -10

Step 1.4: Trace the Execution Path

USE THE TASK TOOL (subagent_type: "Explore") to trace the execution path:

Find the entry point where the bug manifests
Trace backward to find where bad data/state originates
Identify all functions in the path and recent changes to them
Return: execution path, likely root cause location, responsible changes

Step 1.5: Identify Root Cause

Based on tracing, identify:

What is wrong (the actual bug)
Where it is (file:line)
When it was introduced (commit)
Why it happens (the logic error)

Phase 2: Pattern Analysis

Step 2.1: Find Working Examples

Search the codebase for similar functionality that WORKS:

# Find similar patterns
grep -r "<working-pattern>" . --include="*.py" --include="*.ts" --include="*.go" 2>/dev/null | head -10

Step 2.2: Compare Against Reference

Identify ALL differences between:

The broken code
The working reference

Document each difference.

Phase 3: Hypothesis and Testing

Step 3.1: Form Single Hypothesis

State your hypothesis clearly:

"I think X is wrong because Y"

One hypothesis at a time. Do not combine multiple guesses.

Step 3.2: Test with Smallest Change

Make the SMALLEST possible change to test the hypothesis:

If it works → proceed to Phase 4
If it fails → record failure, form NEW hypothesis

Step 3.3: Check Failure Counter

Check failure count per skills/bug-hunt/references/failure-categories.md. After 3 countable failures, escalate to architecture review.

Phase 4: Implementation

Step 4.1: Design the Fix

Before writing code, design the fix:

What needs to change?
What are the edge cases?
Will this fix break anything else?
Are there tests to update?

Step 4.2: Create Failing Test (if possible)

Write a test that demonstrates the bug BEFORE fixing it.

Step 4.3: Implement Single Fix

Fix at the ROOT CAUSE, not at symptoms.

Step 4.4: Verify Fix

Run the failing test - it should now pass.

Audit Mode

When invoked with --audit, bug-hunt switches to a proactive sweep. No symptom needed — you're hunting for bugs that haven't been reported yet.

/bug-hunt --audit cli/internal/goals/     # audit a package
/bug-hunt --audit src/auth/               # audit a directory
/bug-hunt --audit .                        # audit recent changes in repo

Audit Step 1: Scope

Identify target files from the scope argument:

# Find source files in scope
find <scope> -name "*.go" -o -name "*.py" -o -name "*.ts" -o -name "*.rs" | head -50

If scope is . or broad (>50 files), narrow to recently changed files:

git log --since="2 weeks ago" --name-only --pretty=format: -- <scope> | sort -u | head -30

Audit Step 2: Systematic Read

Read every file in scope line by line. For each file, check:

Category	What to Look For
Resource Leaks	Unclosed handles, orphaned processes, missing cleanup/defer
String Safety	Byte-level truncation of UTF-8, unsanitized input
Dead Code	Unreachable branches, unused constants, shadowed variables
Hardcoded Values	Paths, URLs, repo-specific assumptions that won't work elsewhere
Edge Cases	Empty input, nil/zero values, boundary conditions
Concurrency	Unprotected shared state, goroutine leaks, missing signal handlers
Error Handling	Swallowed errors, missing context, wrong error types

Key discipline: Read line by line. Do not skim. The proven methodology (5 bugs found, 0 hypothesis failures) came from careful reading, not heuristic scanning.

USE THE TASK TOOL (subagent_type: "Explore") for large scopes — split files across parallel agents.

Audit Step 3: Classify Findings

For each finding, assign severity:

Severity	Criteria	Examples
HIGH	Data loss, security, resource leak, process orphaning	Zombie processes, SQL injection, file handle leak
MEDIUM	Wrong output, incorrect defaults, silent data corruption	UTF-8 truncation, hardcoded paths, wrong error code
LOW	Dead code, cosmetic, minor inconsistency	Unreachable branch, unused import, style violation

Audit Step 4: Write Audit Report

For audit report format, readskills/bug-hunt/references/audit-report-template.md.

Write to .agents/research/YYYY-MM-DD-bug-<scope-slug>.md.

Report to user with a summary table:

| # | Bug | Severity | File | Fix |
|---|-----|----------|------|-----|
| 1 | <description> | HIGH | <file:line> | <proposed fix> |

Include failure count (hypothesis tests that didn't confirm). Zero failures = clean audit.

Step 5: Write Bug Report

For bug report template, readskills/bug-hunt/references/bug-report-template.md.

Step 6: Report to User

Tell the user:

Root cause identified (or not yet)
Location of the bug (file:line)
Proposed fix
Location of bug report
Failure count and types encountered
Next step: implement fix or gather more info

Key Rules

Reproduce first - confirm the bug exists
Use git archaeology - understand history
Trace systematically - follow the execution path
Identify root cause - not just symptoms
Design before fixing - think through the solution
Document findings - write the bug report

Quick Checks

Common bug patterns to check:

Off-by-one errors
Null/undefined handling
Race conditions
Type mismatches
Missing error handling
State not reset
Cache issues

Examples

Investigating a Test Failure

User says: /bug-hunt "tests failing on CI but pass locally"

What happens:

Agent confirms bug by checking CI logs vs local test output
Agent uses git archaeology to find recent changes to test files
Agent traces execution path to identify environment-specific differences
Agent forms hypothesis about missing environment variable
Agent creates failing test locally by unsetting the variable
Agent implements fix by adding default value
Bug report written to .agents/research/2026-02-13-bug-test-failure.md

Result: Root cause identified as missing ENV variable in CI configuration. Fix applied and verified.

Tracking Down a Regression

User says: /bug-hunt "feature X broke after yesterday's deployment"

What happens:

Agent reproduces issue in current state
Agent uses git log --since="2 days ago" to find recent commits
Agent uses git bisect to identify exact breaking commit
Agent compares broken code against working examples in codebase
Agent forms hypothesis about introduced type mismatch
Agent implements minimal fix and verifies with existing tests
Bug report documents commit sha, root cause, and fix

Result: Regression traced to commit abc1234, type conversion error fixed at root cause in validation logic.

Proactive Code Audit

User says: /bug-hunt --audit cli/internal/goals/

What happens:

Agent scopes to all .go files in the goals package
Agent reads each file line by line, checking for resource leaks, string safety, dead code, etc.
Agent finds 5 bugs: zombie process groups (HIGH), UTF-8 truncation (MEDIUM), hardcoded paths (MEDIUM), lost paragraph breaks (LOW), dead branch (LOW)
All findings confirmed on first pass — 0 hypothesis failures
Audit report written to .agents/research/2026-02-24-bug-goals-go.md

Result: 5 concrete bugs with severity, file:line, and proposed fix — ready for implementation without debugging.

Troubleshooting

Problem	Cause	Solution
Can't reproduce bug	Insufficient environment context or intermittent issue	Ask user for specific steps, environment variables, input data. Check for race conditions or timing issues.
Git archaeology returns too many commits	Broad search or high-churn file	Narrow timeframe with `--since` flag, focus on specific function with `git blame`, search commit messages for related keywords.
Hit 3-failure limit during hypothesis testing	Multiple incorrect hypotheses or complex root cause	Escalate to architecture review. Read `failure-categories.md` to determine if failures are countable. Consider asking for domain expert input.
Bug report missing key information	Incomplete investigation or skipped steps	Verify all 4 phases completed. Ensure root cause identified with file:line. Check git blame ran for responsible commit.

Reference Documents

Weekly Installs

234

Repository

boshu2/agentops

GitHub Stars

197

First Seen

Feb 2, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode230

codex229

gemini-cli227

github-copilot226

amp222

kimi-cli222

xdrop 文件传输脚本：Bun 环境下安全上传下载工具，支持加密分享

20,700 周安装

Bug Hunt技能：4阶段系统化Bug调查与修复工作流

🇨🇳中文介绍

Bug Hunt Skill

模式

相关 Skills

4 阶段结构（调查模式）

执行步骤

阶段 1：根因调查

步骤 1.1：确认 Bug

步骤 1.2：定位症状

步骤 1.3：Git 考古

步骤 1.4：追踪执行路径

步骤 1.5：识别根因

阶段 2：模式分析

步骤 2.1：查找工作示例

步骤 2.2：与参考示例比较

阶段 3：假设与测试

步骤 3.1：形成单一假设

步骤 3.2：用最小改动进行测试

步骤 3.3：检查失败计数器

阶段 4：实施

步骤 4.1：设计修复方案

步骤 4.2：创建失败测试（如果可能）

步骤 4.3：实施单一修复

步骤 4.4：验证修复

审计模式

审计步骤 1：确定范围

审计步骤 2：系统化阅读

审计步骤 3：分类发现

审计步骤 4：编写审计报告

步骤 5：编写 Bug 报告

步骤 6：向用户报告

关键规则

快速检查

示例

调查测试失败

追踪回归问题

主动代码审计

故障排除

参考文档

🇺🇸English

Bug Hunt Skill

Modes

The 4-Phase Structure (Investigation Mode)

Execution Steps

Phase 1: Root Cause Investigation

Step 1.1: Confirm the Bug

Step 1.2: Locate the Symptom

Step 1.3: Git Archaeology

Step 1.4: Trace the Execution Path

Step 1.5: Identify Root Cause

Phase 2: Pattern Analysis

Step 2.1: Find Working Examples

Step 2.2: Compare Against Reference

Phase 3: Hypothesis and Testing

Step 3.1: Form Single Hypothesis

Step 3.2: Test with Smallest Change

Step 3.3: Check Failure Counter

Phase 4: Implementation

Step 4.1: Design the Fix

Step 4.2: Create Failing Test (if possible)

Step 4.3: Implement Single Fix

Step 4.4: Verify Fix

Audit Mode

Audit Step 1: Scope

Audit Step 2: Systematic Read

Audit Step 3: Classify Findings

Audit Step 4: Write Audit Report

Step 5: Write Bug Report

Step 6: Report to User

Key Rules

Quick Checks

Examples

Investigating a Test Failure

Tracking Down a Regression

Proactive Code Audit

Troubleshooting

Reference Documents

最新 Skills