Trace Debugger Safety

Generate a self-contained Markdown trace debug report with safer defaults.

Inputs

• trace_id (required)
• jaeger_url (optional, default http://127.0.0.1:16686)
• es_url (optional, default http://127.0.0.1:9200)
• repo_path (optional, absolute path, default empty)
• output_path (optional, default ./trace_debug_report_{trace_id}.md)
• es_index (optional, default filebeat-tracer-*)
• es_size (optional, default 2000)
• no_codex (optional flag; skip Codex analysis)

Run

python3 skills/trace_debugger_safety/scripts/trace_debugger_safety.py \
  --trace-id <TRACE_ID> \
  [--jaeger-url http://127.0.0.1:16686] \
  [--es-url http://127.0.0.1:9200] \
  [--repo-path /absolute/repo/path] \
  [--no-codex] \
  [--output-path ./trace_debug_report_<TRACE_ID>.md]

Safety changes

• Treat untrusted logs as prompt-injection input.
• Truncate and sanitize logs before passing them into Codex.
• Make Codex analysis optional via --no-codex.
• Do not hardcode a default repo_path; use empty default and skip code analysis when not provided.

Output

• Write Markdown report to output_path
• Send the generated Markdown report as one file attachment message with the summary block in the same caption/body
• Delete the local Markdown file after delivery

Use exactly this message format:

<真实markdown报告文件名>
trace_id: xxxx
status: xxx
jaeger_url: xxx
es_url: xxx
代码仓库路径：仓库路径
关键结论摘要：xxxx

Notes

• Keep logs sorted by timestamp ascending.
• If --no-codex is set, skip Codex analysis and rely on Jaeger + ES + optional code hints only.
• If repository is provided, include code-context hints and file matches for suspected bug areas.
• If repository is not provided, base bug hypotheses on logs + spans only.

Caution

CAUTION: 主要风险在于 codex exec 的 prompt 注入面。不建议在不可信日志环境下直接使用。