Skill

nw-investigation-techniques

From nw

Categorizes technical/operational problems, guides evidence collection from logs/metrics/config, validates data, analyzes incidents with quant/qual techniques, and outlines mitigation/fix patterns for debugging.

monitoring

code-quality

npx claudepluginhub nwave-ai/nwave --plugin nw

Tool Access

This skill uses the workspace's default tool permissions.

Preview

| Category | Sub-Category | Common Symptoms |

SKILL.md

Similar Skills

vigil-incident

Diagnoses production incidents by detecting environment, gathering symptoms, reading logs with Grep/Bash, checking metrics, tracing requests to find root causes and propose fixes with rollbacks.

11 tools

tonone

vigil-incident

Incident response — diagnose production issues, find root cause, propose fix with rollback. Use when asked about "something is broken", "production issue", "why is this down", "incident", or "debug production".

tonone-vigil

incident

Classifies incidents by severity (SEV1-4), constructs timelines, assesses impact, performs 5 Whys root cause analysis, and generates blameless post-mortems for production issues.

godmode

Stats

Parent Repo Stars484

Parent Repo Forks49

Last CommitMar 20, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Investigation Techniques

Problem Categorization

Technical Problems

Category	Sub-Category	Common Symptoms
System Failures	App crashes, memory leaks, deadlocks, data corruption	Service unavailability, resource exhaustion, integrity errors
System Failures	Hardware, network, database, security	Connectivity loss, capacity limits, access failures
Performance	Response time: slow queries, latency, algorithmic inefficiency	High p95/p99, user-reported slowness
Performance	Throughput: thread pool exhaustion, connection limits, queue backlog	Reduced capacity, growing queues
Integration	Internal: component comms, data format, version conflicts	Interface errors, serialization failures
Integration	External: third-party availability, API changes, auth failures	Timeouts, contract violations

Operational Problems

Category	Common Symptoms
Deployment: script failures, config drift, migration errors	Failed releases, environment inconsistencies
Monitoring: alerting gaps, backup failures, incident response	Missed incidents, slow recovery
Human factors: communication gaps, knowledge silos, skill gaps	Repeated mistakes, slow onboarding

Evidence Collection

Technical Evidence Sources

Logs: application (timestamp correlation) | system/infrastructure | database | network traces

Metrics: performance/resource utilization | error rates/response time trends | user behavior/transaction patterns | infrastructure health/capacity

Configuration: system/deployment settings | code changes/VCS history (git log, blame) | env vars/dependencies | security/access controls

Evidence Validation

Cross-reference: verify from multiple independent sources
Timestamp validation: confirm event sequence accuracy
Completeness check: identify data gaps/corruption
Correlation vs causation: distinguish co-occurrence from causation

Analysis Techniques

Quantitative

Trend: time series of metrics, error pattern frequency
Distribution: response time percentiles, error rate across components
Pattern recognition: log anomalies, behavior patterns, error clustering

Qualitative

Timeline reconstruction: detailed incident timeline, correlate changes with symptoms
Process analysis: workflow disruptions, communication flow, decision chains
Environmental: recent changes, system load, external factors, related incidents

Solution Design Patterns

Immediate Mitigations (restore service)

Quick fixes | workarounds to minimize impact | emergency procedures | monitoring enhancements

Permanent Fixes (prevent recurrence)

Architecture modifications | code quality/defensive programming | config management/environment consistency | testing/validation improvements

Early Detection (catch faster)

Leading indicators | anomaly detection/predictive alerting | automated quality gates | threshold tuning from learnings

Solution Prioritization Matrix

Priority	Criteria	Action
P0	Active incident, users impacted	Immediate mitigation, hours
P1	Root cause fix for recurring issue	Permanent fix, current sprint
P2	Prevention for potential issues	Next sprint
P3	Systemic improvement	Backlog with evidence