Debug And Evidence Workflow
Goal
Give operators one short path from failure to evidence without forcing them to remember every artifact directory.
The current bootstrap goal is:
- every deploy or remote run writes deterministic debug artifacts
- the dashboard points to the newest failure
- CLI users can jump to the same failure with one command
Primary entrypoints
Use these first:
bin/ran-debug-latestbin/ran-debug-latest --failures-onlybin/ran-installbin/ran-ship-bundlebin/ran-remote-ranctlbin/ran-fetch-remote-artifactsbin/ran-dashboard
Operator triage path
For the fastest path:
- Run
bin/ran-debug-latest --failures-only. - Open the reported
debug-pack.txt. - Follow the
Inspect nextfile list in that debug pack. - If the failure happened on a remote host, inspect the matching
command.log,result.jsonl, and fetched evidence bundle. - If the failure happened before remote execution, inspect
deploy.readiness.jsonand the generated helper commands.
Artifact families
Quick install
bin/ran-install writes:
artifacts/deploy_preview/quick_install/<run_stamp>/summary.txtartifacts/deploy_preview/quick_install/<run_stamp>/INSTALL.mdartifacts/deploy_preview/quick_install/<run_stamp>/install.preview.shartifacts/deploy_preview/quick_install/<run_stamp>/install.apply.shartifacts/deploy_preview/quick_install/<run_stamp>/remote.precheck.shartifacts/deploy_preview/quick_install/<run_stamp>/debug-summary.txtartifacts/deploy_preview/quick_install/<run_stamp>/debug-pack.txt
Read these in order:
debug-pack.txtdebug-summary.txtINSTALL.mdwizard-result.jsonartifacts/deploy_preview/etc/deploy.readiness.json
Bundle handoff
bin/ran-ship-bundle writes:
artifacts/install_runs/<host>/<run_stamp>-ship/plan.txtartifacts/install_runs/<host>/<run_stamp>-ship/transcript.logartifacts/install_runs/<host>/<run_stamp>-ship/debug-summary.txtartifacts/install_runs/<host>/<run_stamp>-ship/debug-pack.txt
This is the right place when scp, ssh, remote install, or remote preflight fails.
Remote ranctl
bin/ran-remote-ranctl writes:
artifacts/remote_runs/<host>/<run_stamp>-<command>/plan.txtartifacts/remote_runs/<host>/<run_stamp>-<command>/command.logartifacts/remote_runs/<host>/<run_stamp>-<command>/result.jsonlartifacts/remote_runs/<host>/<run_stamp>-<command>/debug-summary.txtartifacts/remote_runs/<host>/<run_stamp>-<command>/debug-pack.txt
If automatic fetchback is enabled, it also writes:
artifacts/remote_runs/<host>/<run_stamp>-<command>/fetch/plan.txtartifacts/remote_runs/<host>/<run_stamp>-<command>/fetch/debug-summary.txtartifacts/remote_runs/<host>/<run_stamp>-<command>/fetch/debug-pack.txtartifacts/remote_runs/<host>/<run_stamp>-<command>/fetch/remote-evidence.tar.gzartifacts/remote_runs/<host>/<run_stamp>-<command>/fetch/extracted/*
Runtime evidence
Runtime-specific evidence remains under the existing artifact roots:
artifacts/plans/*artifacts/changes/*artifacts/verify/*artifacts/captures/*artifacts/runtime/<change_id>/*artifacts/probe_snapshots/*artifacts/config_snapshots/*artifacts/control_snapshots/*
Debug summary contract
Each debug-summary.txt is a compact key-value file meant for machine indexing and shell use.
Typical fields:
kindstatustarget_hostdeploy_profilecommandchange_idincident_idfailed_stepfailed_commandexit_codeplan_fileresult_filetranscript_fileorcommand_logdebug_pack_file
Debug pack contract
Each debug-pack.txt is a human-first incident brief.
It should answer:
- what failed
- where it failed
- what command failed
- what file to open next
The Inspect next section is intentionally short so operators do not have to scan the whole artifact tree.
Dashboard surfaces
Deploy Studio now exposes:
Install Debug IndexRemote Run IndexLatest Debug IncidentRecent Debug Failures
This is the UI equivalent of bin/ran-debug-latest.
Use the dashboard when:
- you want the newest failure without opening the filesystem first
- you want preview, readiness, handoff, and debug evidence in one place
- you want to compare multiple recent failures quickly
Use the CLI when:
- you are on a server without the dashboard running
- you are on SSH only
- you want a scriptable first-look workflow
Common failure classes
Readiness gate failure
Symptoms:
bin/ran-install --applyrefuses to continue- readiness status is not
ready_for_preflightorready_for_remote
Inspect:
artifacts/deploy_preview/etc/deploy.readiness.json- latest quick-install
debug-pack.txt
Remote handoff failure
Symptoms:
scporsshstep fails- bundle install does not complete remotely
Inspect:
artifacts/install_runs/<host>/<run_stamp>-ship/debug-pack.txtartifacts/install_runs/<host>/<run_stamp>-ship/transcript.log
Remote precheck or plan failure
Symptoms:
- remote
ranctl precheckorplanreturns non-ok status
Inspect:
artifacts/remote_runs/<host>/<run_stamp>-<command>/debug-pack.txtartifacts/remote_runs/<host>/<run_stamp>-<command>/result.jsonl- fetched
probe_snapshots,captures, and config snapshots underfetch/extracted
Native probe failure
Symptoms:
native_probe_host_readyornative_probe_activation_gate_clearfails- strict probe gate blocks activation
Inspect:
probe_snapshots/<change_or_incident_id>.jsonverify/<change_id>.json- fetched remote
config/deploy/deploy.readiness.json
Recommended operator loop
For day-to-day bring-up and rollback:
bin/ran-install --target-host <host>bin/ran-ship-bundle ... <host>RAN_REMOTE_APPLY=1 bin/ran-remote-ranctl <host> precheck <request-file>RAN_REMOTE_APPLY=1 bin/ran-remote-ranctl <host> plan <request-file>RAN_REMOTE_APPLY=1 bin/ran-remote-ranctl <host> apply <request-file>- if anything fails, immediately run
bin/ran-debug-latest --failures-only
Current limits
- the debug workflow is strong for staging, preflight, contract execution, and evidence fetchback
- it does not replace backend-specific runtime debuggers
- attach-plus-ping still requires real target-host validation
- real
local_du_lowandaerialruntime integrations remain outside this bootstrap debug surface