src/bmm-skills/4-implementation/bmad-investigate/SKILL.md
Reconstruct what's happening, or what an unfamiliar area does, from the available evidence. Produce a structured case file another engineer can pick up cold. Calibrate continuously between defect-chasing (symptom-driven) and area-exploration (no symptom); the same discipline applies on both ends.
Args: A ticket ID, log file path, diagnostic archive, error message, code area name, problem description, or a path to an existing case file. The last form resumes a prior investigation; everything else opens a new case.
Output: {implementation_artifacts}/{workflow.case_file_subdir}/{workflow.case_file_filename}. Reference inputs
are recorded; raw content is not read into the parent context until an outcome calls for it.
{slug} is the ticket ID when one is provided, otherwise a short descriptive name agreed with the user, sanitized to
lowercase alphanumeric with hyphens. On collision with an existing case file at the resolved path, ask whether to
rename to slug-YYYY-MM-DD.md or resume the existing file (resuming routes to Outcome 0).
After every outcome, present what was learned and pause for the user before continuing.
path:line, log timestamp, or commit hash./, so they're clickable in IDE-embedded terminals.path:line from the result; don't re-read in the parent.Run: python3 {project-root}/_bmad/scripts/resolve_customization.py --skill {skill-root} --key workflow
If the script fails, stop and surface the error.
Run each entry in {workflow.activation_steps_prepend} in order.
Treat each entry in {workflow.persistent_facts} as foundational context. file: prefixes are paths or globs under
{project-root} (load contents); other entries are facts verbatim.
Load {project-root}/_bmad/bmm/config.yaml and resolve {user_name}, {communication_language},
{document_output_language}, {implementation_artifacts}, {project_knowledge}. If {implementation_artifacts} is
unresolved, fall back to ./investigations/ and surface the fallback before initializing.
Greet {user_name} in {communication_language}.
Run each entry in {workflow.activation_steps_append} in order.
Acknowledge the input as a reference (record paths and IDs; don't read raw content). Path to an existing case file → Outcome 0. Otherwise → Outcome 1.
Read the case file. Surface, in order: open hypotheses (Status = Open) with their confirm/refute criteria; open
backlog (Status ≠ Done); missing-evidence rows; last Conclusion with confidence. Ask which thread to pull. New
evidence opens a new ## Follow-up: {YYYY-MM-DD} block (append #2, #3 on same-day reentry). Pause for user with the recap above; wait for direction.
Acknowledge each input shape — record location, scope, time window only; bulk reads happen in Outcome 2.
If the user arrived with a hypothesis, register it as Hypothesis #1. Find the stronghold independently; the user's hypothesis is one of the things the stronghold validates or refutes.
Find a stronghold: a Confirmed piece of evidence (error message, function name, HTTP route, config parameter, test case). Anchor here.
Initialize {case_file} before branching. The path is
{implementation_artifacts}/{workflow.case_file_subdir}/{workflow.case_file_filename} with {slug} substituted (slug
and collision rules in Overview). Create the file from {workflow.case_file_template} and fill Hand-off Brief
(rough), Case Info, Problem Statement, initial Evidence Inventory.
Evidence-light branch. When no Confirmed evidence is reachable: mark the case evidence-light in the Hand-off Brief; populate the Investigation Backlog with prioritized data-collection items; record "to make progress, I need one of: …"; pause for the user to provide evidence or authorize Outcome 2 to scan more broadly.
Otherwise present scope, stronghold, file path, proposed approach. Pause for user with the recap above; wait for direction.
Survey the scene: inventory available evidence in parallel across these independent categories: diagnostic archives;
issue tracker; version control; test results; static analysis; source code. For any category exceeding ~10K tokens,
delegate to a subagent that returns a JSON manifest (paths, sizes, time windows, key fragments cited as path:line).
Classify each Available, Partial, or Missing — Missing is itself a finding. Update Evidence Inventory and Investigation Backlog. Pause for user with the recap above; wait for direction.
Update Confirmed Findings, Deduced Conclusions, Hypothesized Paths, Backlog, Timeline. Highlight contradictions to the original premise. Pause for user with the recap above; wait for direction.
Issue these first-pass scans as parallel tool calls in one message: grep for exact error strings; glob the affected
directory for parallel implementations; git log for recent changes.
Then sequentially: read the surrounding code; follow the caller chain; watch for language and process boundary crossings (compiled→scripts, IPC, host→device, configuration flow).
Lean by case type:
Investigation stops at the diagnosis; implementation is out of scope. Update Source Code Trace (Error origin, Trigger, Condition, Related files; area model when broader). Pause for user with the recap above; wait for direction.
Update {case_file}:
Present the conclusion, then a concrete next-steps menu: trivial fix → bmad-quick-dev; scope/plan adjustment →
bmad-correct-course; tracked story → bmad-create-story; fresh review → bmad-code-review. Recommend the
highest-value action. Mitigations and workarounds are generated only on explicit request — investigation stops at the
diagnosis. Execute {workflow.on_complete} if non-empty. Pause for user with the recap above; wait for direction.
Continue work by appending to {case_file} under a new ## Follow-up: {YYYY-MM-DD} block (#2, #3 on same-day
reentry). The investigation is complete when: