investigate-ticket
$
npx mdskill add ClipboardHealth/core-utils/investigate-ticketDiagnose bugs by tracing code paths and querying Datadog.
- Gathers context from tickets, alerts, or verbal descriptions.
- Integrates with Datadog, Linear, and LaunchDarkly.
- Validates execution branches using exact log queries.
- Delivers structured summaries with handoff options.
SKILL.md
.github/skills/investigate-ticketView on GitHub ↗
---
name: investigate-ticket
description: Use when investigating a bug, incident, or issue before implementation. Researches codebase, queries Datadog, and presents structured findings with handoff options. Also use when asked to "look into" or "investigate" something.
---
# Investigate Ticket
Research-only workflow — no code changes, no fixes, no PRs. Produces a structured summary with evidence, then hands off to ticket creation or the user.
## Process
1. **Gather context** — accept a ticket ID/URL, Slack thread, Datadog alert, or verbal description. If a Linear ticket exists, fetch it.
2. **Initial Datadog scan** — quick, broad search for obvious signals. The goal is orientation, not root cause. **Do not form a hypothesis yet.**
3. **Trace the full execution path** — from the entry point (controller, webhook handler, cron job), trace through **every branch, early return, and conditional** to the expected outcome. For each branch, note:
- What condition triggers it
- What log message it produces (exact string and structured attributes)
- Whether a feature flag gates it (note the flag key)
Do NOT skip branches that seem unlikely — those are where non-obvious bugs hide.
4. **Check feature flags** — if you found flags in step 3, look up each flag's current state in LaunchDarkly (see reference.md for details).
5. **Validate each branch in Datadog** — search for the exact log messages and structured attributes from the code using `@field:value` queries, not free-text. This tells you which code path was actually taken (see reference.md for search strategy).
6. **Check data state in Snowflake** — if the issue involves unexpected data or "works for some users but not others," query Snowflake to verify actual data state (see reference.md). Skip if purely code/config.
7. **Cross-reference** — check git history for recent changes. Look for related Linear tickets. Check if the issue correlates with a deploy or flag change.
8. **Summarize findings** — present a structured summary (see Findings Format in reference.md).
9. **Hand off** — ask the user what to do next:
- Update an existing Linear ticket with findings
- Create a new ticket (redirect to appropriate ticket skill, carrying context forward)
- Keep findings, no ticket action
## Hard Rules
1. **Always search Datadog** before concluding. Not optional.
2. **Always include file paths and line numbers.** "The booking service" is not acceptable.
3. **NEVER implement fixes.** This is research only. If you're writing production code, STOP.
4. **Present findings before any ticket action.** The user decides next steps, not you.
5. **Don't invent root causes.** If you can't determine it from evidence, say so.
6. **Carry context forward.** When handing off to a ticket skill, pass all findings.
7. **Trace the full path before forming a hypothesis.** Walk every branch from entry point to outcome.
8. **Use structured Datadog queries, not free-text guesses.** Read the code's logger calls first.
## Red Flags — STOP If You Notice These
| You're about to... | STOP and... |
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- |
| Write a fix for the bug you found | This is investigation only — present findings first |
| Skip Datadog because "I already understand the issue" | Search Datadog anyway — you might find something unexpected |
| Form a root cause theory before tracing the full code path | Trace entry point → every branch → expected output first. Hypotheses from partial code reads miss early-return bugs |
| Search Datadog with free-text keywords only | Read the code's logger calls first, then search using structured attributes (`@field:value`) |
| Assume the code is wrong without checking data | Query Snowflake to verify actual data state before blaming code logic |
| Ignore a feature flag in the code path | Look up the flag state in LaunchDarkly — it may be gating the behavior you're investigating |
## Cross-Referenced Skills
- `write-bug-ticket`, `write-tech-debt-ticket`, `write-feature-ticket` — for creating tickets from findings
- `datadog-investigate` — API reference for Datadog queries when no Datadog MCP is available
More from ClipboardHealth/core-utils
- adversarial-reviewPerform an adversarial review of proposed work. Use ONLY when the user explicitly types /adversarial-review. Never auto-trigger, even if the user mentions reviewing, questioning, or challenging their approach.
- clipboard-testingEnd-to-end testing playbook for Clipboard Health changes. Use when the user wants to verify, exercise, or set up test data for a backend or frontend change against a live environment — "test my change end-to-end", "verify this works in dev", "create a test workplace / worker / shift", "get a shift through to paid / invoiced", "prove the API change works". Defaults to the `development` AWS environment, API-first (cbh CLI tokens + curl). The skill knows enough to run the core happy-path flow (workplace → worker → shift → clock in/out → pay → invoice) autonomously; for anything else, it orients around the codebase and asks the user for missing directories.
- cognito-user-analysisUse when looking up Cognito user details by sub UUID, finding duplicate accounts sharing phone or email, analyzing which duplicates to keep vs delete, or fixing orphaned UNCONFIRMED signups. Symptoms include 403 Forbidden on login, multiple accounts for same phone, backend sync issues.
- datadog-investigateInvestigate production issues by querying Datadog logs, metrics, and APM traces, then correlating findings with the codebase. Use this skill whenever the user mentions production errors, Datadog, observability, log investigation, latency spikes, error rate increases, 500s, trace IDs, monitor alerts, or wants to debug any service issue in a deployed environment.
- flaky-test-debuggerDebug and fix flaky tests including Playwright E2E, NestJS service/integration, React component, and unit tests. Use this skill when investigating intermittent test failures, triaging flaky tests, or fixing test instability.
- interview-featureUse when clarifying requirements for a feature ticket. Iteratively researches and interviews the user until the problem is well-understood, then produces a structured problem brief. Dispatched by write-feature-ticket when context is insufficient.
- local-packageUse Clipboard's internal CLI to link and unlink @clipboard-health packages across repositories for local development. Use when testing local package changes, linking @clipboard-health packages between repos, or using the cbh CLI local-package command.
- seed-dataTrigger seed data generation for test environments via GitHub Actions. Use when asked to seed, create test data, or set up HCPs/facilities/shifts.
- write-bug-ticketUse when creating a Linear bug report ticket from conversation context, investigation findings, or user-provided evidence. Focuses on structuring and writing — not investigating.
- write-feature-ticketUse when creating a Linear feature request ticket from conversation context, a brief description, or code/PR analysis. Interviews the user for clarity when context is insufficient.