Skip to content

Commit 68d607b

Browse files
Require context-profiler for trace analysis
Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 525c6b9 commit 68d607b

1 file changed

Lines changed: 30 additions & 2 deletions

File tree

skills/analyze-agent-context/SKILL.md

Lines changed: 30 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,31 @@ Do not fetch traces unless the user asks you to. If the user provides a Langfuse
1313

1414
If another tool already fetched trace data, use that local file or recent JSON output. The source can be Langfuse public API JSON, Claude Code, Cursor, OpenTelemetry, raw OpenAI/Anthropic requests, or an academic trajectory dataset.
1515

16+
## Analysis Gate
17+
18+
The first analysis command must be `context-profiler validate`, `context-profiler diagnose`, or `context-profiler analyze`.
19+
20+
Do not write Python scripts, notebooks, `jq` summaries, or ad hoc JSON parsers to analyze the trace before running `context-profiler`. Python is allowed only for narrow operational tasks such as checking whether local settings contain credential keys, or after `context-profiler validate` fails and returns `errors[].agent_action` requiring conversion to `ContextTrace`. After any conversion, pipe the converted data back into `context-profiler`; do not present the conversion script's own findings as the analysis.
21+
22+
## Langfuse Credentials
23+
24+
Never ask the user to paste API keys or secrets into chat. It is acceptable for the user to provide credentials through local environment variables or a local settings file, but do not expose those values in model-visible output.
25+
26+
For Langfuse trace fetching, first use the current process environment:
27+
28+
- `LANGFUSE_HOST` or `LANGFUSE_BASE_URL`
29+
- `LANGFUSE_PUBLIC_KEY`
30+
- `LANGFUSE_SECRET_KEY`
31+
32+
If any value is missing, check whether local Claude settings files contain the needed keys without printing their contents or values:
33+
34+
- `.claude/settings.local.json`
35+
- `.claude/settings.json`
36+
- `~/.claude/settings.local.json`
37+
- `~/.claude/settings.json`
38+
39+
Only inspect the `env` object for key presence. Do not load, export, print, summarize, or copy secret values from settings files into chat, terminal output, reports, or generated commands. If credentials are present in a local settings file but not in the current process environment, ask the user to run the agent from that configured environment or explicitly approve using that local file as the credential source. If credentials still cannot be found, ask the user to export them in the current shell or point to a local settings file; do not ask them to paste values into chat.
40+
1641
Before analysis, verify the CLI is callable:
1742

1843
```bash
@@ -34,6 +59,8 @@ If `which -a context-profiler` shows a stale broken executable before the `pipx`
3459
OUT="/tmp/langfuse-trace-${TRACE_ID}"
3560
mkdir -p "$OUT"
3661

62+
export LANGFUSE_HOST="${LANGFUSE_HOST:-${LANGFUSE_BASE_URL:-}}"
63+
3764
for v in LANGFUSE_HOST LANGFUSE_PUBLIC_KEY LANGFUSE_SECRET_KEY; do
3865
if [ -n "${!v}" ]; then echo "$v=set"; else echo "$v=missing"; fi
3966
done
@@ -50,7 +77,7 @@ If `which -a context-profiler` shows a stale broken executable before the `pipx`
5077

5178
context-profiler diagnose "$OUT/trace.json" --format langfuse --json
5279
```
53-
Do not print or inline API keys. If any required environment variable is missing, ask the user to set it without pasting secrets into chat. For traces with more than 100 observations, paginate the observations endpoint before analysis.
80+
Do not print or inline API keys. Do not automatically export secrets from local Claude settings. If any required value is still missing from the current environment, ask the user to run from the configured environment, approve using the local settings file as a credential source, or export the values in the current shell. For traces with more than 100 observations, paginate the observations endpoint before analysis. Do not analyze `trace.json` or `observations-page-*.json` directly with Python before running `context-profiler`.
5481
- Current Cursor transcript under `~/.cursor/projects/**/agent-transcripts/**/*.jsonl`.
5582
- Current Claude Code transcript under `~/.claude/projects/**/*.jsonl`.
5683

@@ -69,8 +96,9 @@ If `which -a context-profiler` shows a stale broken executable before the `pipx`
6996
4. If validation fails:
7097
- Read `next_steps` and `errors[].agent_action`.
7198
- Use `context-profiler schema trace --json`.
72-
- Convert the data into `ContextTrace` yourself, then pipe it back into `context-profiler`.
99+
- Convert the data into `ContextTrace` only when validation says conversion is needed, then pipe it back into `context-profiler`.
73100
- Users should not manually reshape traces.
101+
- Do not summarize findings from raw JSON or conversion code; findings should come from `context-profiler` output.
74102

75103
5. Run machine-readable diagnosis:
76104
```bash

0 commit comments

Comments
 (0)