{"id":"2732a7f8-ef3a-45f4-837f-e6643f6d3e06","shortId":"Jd7rtE","kind":"skill","title":"review-and-debug","tagline":"Code review, debugging, and incident discipline. Confidence calibration, root-cause iron law, alert-on-changes rule, the pre-existing blame protocol.","description":"# Review and debug\n\nHow to review code, hunt bugs, and verify fixes without creating noise or whack-a-mole loops.\n\nSource: gstack `review/SKILL.md`, `investigate/SKILL.md`, `canary/SKILL.md`, `CLAUDE.md`.\n\n## Investigate's Iron Law\n\n> \"NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST. Fixing symptoms creates whack-a-mole debugging. Every fix that doesn't address root cause makes the next bug harder to find.\"\n\nFour phases, in order:\n\n1. **Investigate** — read the data flow before guessing\n2. **Analyze** — what's the actual cause vs the symptom\n3. **Hypothesize** — name the hypothesis explicitly\n4. **Implement** — only after the first three\n\n## The 3-strike rule\n\n3 failed hypotheses → STOP.\n\n> \"This may be an architectural issue rather than a simple bug.\"\n\n## Recurring-bug heuristic\n\n> \"Recurring bugs in the same files are an architectural smell, not a coincidence.\"\n\nIf the same file is on its third bug fix, the next move is a refactor, not another patch.\n\n## Hard rules for fixes\n\n- Never apply a fix you can't verify\n- Never say \"this should fix it\"\n- Regression test must fail without the fix and pass with it\n- \\>5 files touched → blast-radius gate (slow down, get a second look)\n\n### Red flags to slow down\n\n- *\"Quick fix for now\"* — there is no \"for now\"\n- Proposing a fix before tracing data flow — you're guessing\n- Each fix reveals a new problem elsewhere — wrong layer, not wrong code\n\n## Confidence calibration in reviews\n\nEvery finding rated 1-10:\n\n- **Below 7** → caveat or suppress\n- **1-2** → only report if severity is P0\n- **8+** → call out clearly\n\nStop reporting noise as if it equals bugs.\n\n## Fix-first, not read-only\n\nReviews auto-fix:\n- Dead code\n- N+1 queries\n- Stale comments\n\nReviews ask on:\n- Architecture changes\n- Tradeoffs\n\nReviews don't report below confidence 7 unless P0.\n\n## Search-before-recommending\n\nBefore suggesting a pattern, verify it's still current best practice. Don't recommend yesterday's wisdom.\n\n## Order of operations in review\n\nCritical-pass categories first:\n\n1. SQL / data safety\n2. Race conditions\n3. LLM trust boundary\n4. Shell injection\n5. **Enum completeness** — the one category where within-diff-only review is insufficient. Grep siblings, read consumers.\n\nThen informational findings.\n\n## Pre-existing blame protocol\n\n> \"'Pre-existing' without receipts is a lazy claim. Prove it or don't say it.\"\n\nWhen an E2E test fails, never claim \"not related to our changes\" without proving it.\n\nRequired: run the same test on `main`.\n- If it passes on main but fails on branch → it IS your change\n- If it fails on main → file an issue, link it\n\n## Long-running tasks\n\n> \"Never switch to blocking mode and give up when the poll times out. Never say 'I'll be notified when it completes' and stop checking — keep the loop going until the task finishes or the user tells you to stop.\"\n\n## Alert on changes, not absolutes\n\nFrom canary, but it's the universal observability rule:\n\nA page with 3 baseline errors is fine if it still has 3.\n\n> \"Don't cry wolf — alert only on patterns persisting across 2+ consecutive checks.\"\n\n> \"Baseline is king. Without it, canary is just a health check.\"\n\nPerformance:\n- 2x baseline = regression\n- 1.5x baseline = variance\n\nRead-only by default. Speed > analysis.\n\n## Slop-scan philosophy\n\n> \"We are NOT trying to pass as human code. We are AI-coded and proud of it. The goal is code quality.\"\n\nDistinguish \"linter gaming\" from \"genuine quality\":\n\n- Catch patterns where empty catches mask data loss\n- Ignore patterns where `catch {}` is the correct fire-and-forget choice\n\n> \"Don't chase the number. Fix patterns that represent actual code quality problems.\"\n\n## When `catch {}` is correct\n\nContradicts every linter default — but:\n\n> \"If a fire-and-forget operation can fail for ANY reason and you don't care, `catch {}` is the correct pattern.\"\n\nThe example: cleanup paths. *\"A cleanup path that throws on EPERM means the rest of cleanup doesn't run. That's worse.\"*\n\nDon't tighten best-effort cleanup paths.\n\n## Escalation\n\n> \"Bad work is worse than no work. You will not be penalized for escalating. If you have attempted a task 3 times without success, STOP and escalate.\"\n\n## E2E test hygiene\n\n> \"NEVER copy a full SKILL.md file into an E2E test fixture. Extract only the section the test actually needs.\"\n\n> \"Never `pkill` running eval processes and restart — you lose results and waste money. One clean run beats three killed-and-restarted runs.\"\n\n## Cost transparency\n\nWhen evaluating a debugging investigation, attach the dollar cost:\n\n> \"Total cost of the investigation: $7 across three eval runs.\"\n\nDecisions tied to dollar amounts are more honest than decisions described in vague terms.","tags":["review","and","debug","gstack","distilled","0xabrar","agent-skills","claude-code","claude-skill","decision-making","founder","garry-tan"],"capabilities":["skill","source-0xabrar","skill-review-and-debug","topic-agent-skills","topic-claude-code","topic-claude-skill","topic-decision-making","topic-founder","topic-garry-tan","topic-gstack","topic-skills","topic-startup"],"categories":["gstack-distilled"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/0xabrar/gstack-distilled/review-and-debug","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add 0xabrar/gstack-distilled","source_repo":"https://github.com/0xabrar/gstack-distilled","install_from":"skills.sh"}},"qualityScore":"0.455","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 11 github stars · SKILL.md body (4,688 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:08:04.980Z","embedding":null,"createdAt":"2026-05-09T01:05:24.064Z","updatedAt":"2026-05-18T19:08:04.980Z","lastSeenAt":"2026-05-18T19:08:04.980Z","tsv":"'+1':306 '-10':266 '-2':273 '1':94,265,272,356 '1.5':556 '2':102,360,538 '2x':553 '3':112,126,129,363,518,527,715 '4':118,367 '5':209,370 '7':268,322,783 '8':280 'absolut':505 'across':537,784 'actual':107,629,742 'address':80 'ai':583 'ai-cod':582 'alert':19,501,532 'alert-on-chang':18 'amount':792 'analysi':566 'analyz':103 'anoth':178 'appli':185 'architectur':137,156,313 'ask':311 'attach':774 'attempt':712 'auto':301 'auto-fix':300 'bad':695 'baselin':519,541,554,558 'beat':760 'best':338,690 'best-effort':689 'blame':27,394 'blast':213 'blast-radius':212 'block':464 'boundari':366 'branch':442 'bug':37,86,143,146,149,169,291 'calibr':12,259 'call':281 'canari':507,546 'canary/skill.md':54 'care':658 'catch':600,604,611,634,659 'categori':354,375 'caus':15,64,82,108 'caveat':269 'chang':21,314,423,446,503 'chase':622 'check':485,540,551 'choic':619 'claim':404,418 'claude.md':55 'clean':758 'cleanup':666,669,679,692 'clear':283 'code':5,35,257,304,579,584,592,630 'coincid':160 'comment':309 'complet':372,482 'condit':362 'confid':11,258,321 'consecut':539 'consum':387 'contradict':637 'copi':726 'correct':614,636,662 'cost':767,777,779 'creat':42,69 'cri':530 'critic':352 'critical-pass':351 'current':337 'data':98,241,358,606 'dead':303 'debug':4,7,31,74,772 'decis':788,797 'default':564,640 'describ':798 'diff':379 'disciplin':10 'distinguish':594 'doesn':78,680 'dollar':776,791 'e2e':414,722,733 'effort':691 'elsewher':252 'empti':603 'enum':371 'eperm':674 'equal':290 'error':520 'escal':694,708,721 'eval':747,786 'evalu':770 'everi':75,262,638 'exampl':665 'exist':26,393,398 'explicit':117 'extract':736 'fail':130,201,416,440,449,650 'file':153,164,210,452,730 'find':89,263,390 'fine':522 'finish':493 'fire':616,645 'fire-and-forget':615,644 'first':66,123,294,355 'fix':40,61,67,76,170,183,187,196,204,228,238,247,293,302,625 'fix-first':292 'fixtur':735 'flag':223 'flow':99,242 'forget':618,647 'four':90 'full':728 'game':596 'gate':215 'genuin':598 'get':218 'give':467 'go':489 'goal':590 'grep':384 'gstack':51 'guess':101,245 'hard':180 'harder':87 'health':550 'heurist':147 'honest':795 'human':578 'hunt':36 'hygien':724 'hypothes':113,131 'hypothesi':116 'ignor':608 'implement':119 'incid':9 'inform':389 'inject':369 'insuffici':383 'investig':56,65,95,773,782 'investigate/skill.md':53 'iron':16,58 'issu':138,454 'keep':486 'kill':763 'killed-and-restart':762 'king':543 'law':17,59 'layer':254 'lazi':403 'link':455 'linter':595,639 'll':477 'llm':364 'long':458 'long-run':457 'look':221 'loop':49,488 'lose':752 'loss':607 'main':433,438,451 'make':83 'mask':605 'may':134 'mean':675 'mode':465 'mole':48,73 'money':756 'move':173 'must':200 'n':305 'name':114 'need':743 'never':184,192,417,461,474,725,744 'new':250 'next':85,172 'nois':43,286 'notifi':479 'number':624 'observ':513 'one':374,757 'oper':348,648 'order':93,346 'p0':279,324 'page':516 'pass':206,353,436,576 'patch':179 'path':667,670,693 'pattern':332,535,601,609,626,663 'penal':706 'perform':552 'persist':536 'phase':91 'philosophi':570 'pkill':745 'poll':471 'practic':339 'pre':25,392,397 'pre-exist':24,391,396 'problem':251,632 'process':748 'propos':236 'protocol':28,395 'proud':586 'prove':405,425 'qualiti':593,599,631 'queri':307 'quick':227 'race':361 'radius':214 'rate':264 'rather':139 're':244 'read':96,297,386,561 'read-on':296,560 'reason':653 'receipt':400 'recommend':328,342 'recur':145,148 'recurring-bug':144 'red':222 'refactor':176 'regress':198,555 'relat':420 'report':275,285,319 'repres':628 'requir':427 'rest':677 'restart':750,765 'result':753 'reveal':248 'review':2,6,29,34,261,299,310,316,350,381 'review-and-debug':1 'review/skill.md':52 'root':14,63,81 'root-caus':13 'rule':22,128,181,514 'run':428,459,682,746,759,766,787 'safeti':359 'say':193,410,475 'scan':569 'search':326 'search-before-recommend':325 'second':220 'section':739 'sever':277 'shell':368 'sibl':385 'simpl':142 'skill' 'skill-review-and-debug' 'skill.md':729 'slop':568 'slop-scan':567 'slow':216,225 'smell':157 'sourc':50 'source-0xabrar' 'speed':565 'sql':357 'stale':308 'still':336,525 'stop':132,284,484,500,719 'strike':127 'success':718 'suggest':330 'suppress':271 'switch':462 'symptom':68,111 'task':460,492,714 'tell':497 'term':801 'test':199,415,431,723,734,741 'third':168 'three':124,761,785 'throw':672 'tie':789 'tighten':688 'time':472,716 'topic-agent-skills' 'topic-claude-code' 'topic-claude-skill' 'topic-decision-making' 'topic-founder' 'topic-garry-tan' 'topic-gstack' 'topic-skills' 'topic-startup' 'total':778 'touch':211 'trace':240 'tradeoff':315 'transpar':768 'tri':574 'trust':365 'univers':512 'unless':323 'user':496 'vagu':800 'varianc':559 'verifi':39,191,333 'vs':109 'wast':755 'whack':46,71 'whack-a-mol':45,70 'wisdom':345 'within':378 'within-diff-on':377 'without':41,62,202,399,424,544,717 'wolf':531 'work':696,701 'wors':685,698 'wrong':253,256 'x':557 'yesterday':343","prices":[{"id":"e3dbe7c2-1a29-44a6-b7f7-25a7488e0b2f","listingId":"2732a7f8-ef3a-45f4-837f-e6643f6d3e06","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"0xabrar","category":"gstack-distilled","install_from":"skills.sh"},"createdAt":"2026-05-09T01:05:24.064Z"}],"sources":[{"listingId":"2732a7f8-ef3a-45f4-837f-e6643f6d3e06","source":"github","sourceId":"0xabrar/gstack-distilled/review-and-debug","sourceUrl":"https://github.com/0xabrar/gstack-distilled/tree/main/skills/review-and-debug","isPrimary":false,"firstSeenAt":"2026-05-09T01:05:24.064Z","lastSeenAt":"2026-05-18T19:08:04.980Z"}],"details":{"listingId":"2732a7f8-ef3a-45f4-837f-e6643f6d3e06","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"0xabrar","slug":"review-and-debug","github":{"repo":"0xabrar/gstack-distilled","stars":11,"topics":["agent-skills","claude-code","claude-skill","decision-making","founder","garry-tan","gstack","skills","startup","yc"],"license":"other","html_url":"https://github.com/0xabrar/gstack-distilled","pushed_at":"2026-04-26T16:34:12Z","description":"Distilled decision-making frameworks from Garry Tan's gstack, packaged as 7 focused Agent Skills.","skill_md_sha":"41851e49e62044dcdd81b27a6c20d5bb941c48e3","skill_md_path":"skills/review-and-debug/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/0xabrar/gstack-distilled/tree/main/skills/review-and-debug"},"layout":"multi","source":"github","category":"gstack-distilled","frontmatter":{"name":"review-and-debug","description":"Code review, debugging, and incident discipline. Confidence calibration, root-cause iron law, alert-on-changes rule, the pre-existing blame protocol."},"skills_sh_url":"https://skills.sh/0xabrar/gstack-distilled/review-and-debug"},"updatedAt":"2026-05-18T19:08:04.980Z"}}