Skip to main content
GeneralClipboardHealth

investigate-ticket

Use when investigating a bug, incident, or issue before implementation. Researches codebase, queries Datadog, and presents structured findings with handoff options. Also use when asked to "look into" or "investigate" something.

Stars
66
Source
ClipboardHealth/core-utils
Updated
2026-05-31
Slug
ClipboardHealth--core-utils--investigate-ticket
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/ClipboardHealth/core-utils/HEAD/.agents/skills/investigate-ticket/SKILL.md -o .claude/skills/investigate-ticket.md

Drops the SKILL.md into .claude/skills/investigate-ticket.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

Investigate Ticket

Research-only workflow — no code changes, no fixes, no PRs. Produces a structured summary with evidence, then hands off to ticket creation or the user.

Process

  1. Gather context — accept a ticket ID/URL, Slack thread, Datadog alert, or verbal description. If a Linear ticket exists, fetch it.
  2. Initial Datadog scan — quick, broad search for obvious signals. The goal is orientation, not root cause. Do not form a hypothesis yet.
  3. Trace the full execution path — from the entry point (controller, webhook handler, cron job), trace through every branch, early return, and conditional to the expected outcome. For each branch, note:
    • What condition triggers it
    • What log message it produces (exact string and structured attributes)
    • Whether a feature flag gates it (note the flag key) Do NOT skip branches that seem unlikely — those are where non-obvious bugs hide.
  4. Check feature flags — if you found flags in step 3, look up each flag's current state in LaunchDarkly (see reference.md for details).
  5. Validate each branch in Datadog — search for the exact log messages and structured attributes from the code using @field:value queries, not free-text. This tells you which code path was actually taken (see reference.md for search strategy).
  6. Check data state in Snowflake — if the issue involves unexpected data or "works for some users but not others," query Snowflake to verify actual data state (see reference.md). Skip if purely code/config.
  7. Cross-reference — check git history for recent changes. Look for related Linear tickets. Check if the issue correlates with a deploy or flag change.
  8. Summarize findings — present a structured summary (see Findings Format in reference.md).
  9. Hand off — ask the user what to do next:
    • Update an existing Linear ticket with findings
    • Create a new ticket (redirect to appropriate ticket skill, carrying context forward)
    • Keep findings, no ticket action

Hard Rules

  1. Always search Datadog before concluding. Not optional.
  2. Always include file paths and line numbers. "The booking service" is not acceptable.
  3. NEVER implement fixes. This is research only. If you're writing production code, STOP.
  4. Present findings before any ticket action. The user decides next steps, not you.
  5. Don't invent root causes. If you can't determine it from evidence, say so.
  6. Carry context forward. When handing off to a ticket skill, pass all findings.
  7. Trace the full path before forming a hypothesis. Walk every branch from entry point to outcome.
  8. Use structured Datadog queries, not free-text guesses. Read the code's logger calls first.

Red Flags — STOP If You Notice These

You're about to... STOP and...
Write a fix for the bug you found This is investigation only — present findings first
Skip Datadog because "I already understand the issue" Search Datadog anyway — you might find something unexpected
Form a root cause theory before tracing the full code path Trace entry point → every branch → expected output first. Hypotheses from partial code reads miss early-return bugs
Search Datadog with free-text keywords only Read the code's logger calls first, then search using structured attributes (@field:value)
Assume the code is wrong without checking data Query Snowflake to verify actual data state before blaming code logic
Ignore a feature flag in the code path Look up the flag state in LaunchDarkly — it may be gating the behavior you're investigating

Cross-Referenced Skills

  • write-bug-ticket, write-tech-debt-ticket, write-feature-ticket — for creating tickets from findings
  • datadog-investigate — API reference for Datadog queries when no Datadog MCP is available