name: diagnose-leaks description: Diagnose thinking trace leaks in Samara message output. Use when internal content appears in messages, session IDs leak to users, or thinking blocks become visible. Trigger words: leak, thinking trace, session ID, internal, sanitization, filtered. context: fork allowed-tools:
- Bash
- Read
- Grep
Diagnose Thinking Trace Leaks
Debug and verify the three-layer defense against internal content leaking into user-visible messages.
Background
Complex group chat scenarios with multiple concurrent requests (webcam + web fetch + conversation) can cause internal thinking traces and session IDs to leak. This skill helps diagnose such issues.
Quick Diagnostics
1. Check for Recent Filtered Content
# Look for sanitization activity in logs (DEBUG level)
grep -i "Filtered from response" ~/.claude-mind/system/logs/samara.log | tail -20
# Check if sanitization is actively filtering
grep -E "(THINKING|SESSION_ID|ANTML)" ~/.claude-mind/system/logs/samara.log | tail -10
2. Verify MessageBus Routing
# All sends should go through MessageBus - look for source tags
grep -E "\[(iMessage|Location|Wake|Alert|Queue|Webcam|WebFetch)\]" ~/.claude-mind/system/logs/samara.log | tail -20
# Check for any direct sender bypasses (should NOT appear after fix)
grep "sender\.send" ~/Developer/samara-main/Samara/Samara/*.swift | grep -v MessageBus
3. Check Recent Episode Logs for Leaked Content
# Look for session ID patterns in episode logs (SHOULD NOT be there)
grep -E "\d{10}-\d{5}" ~/.claude-mind/memory/episodes/$(date +%Y-%m-%d).md
# Look for thinking block markers that escaped
grep -i "<thinking>" ~/.claude-mind/memory/episodes/$(date +%Y-%m-%d).md
4. Run Sanitization Tests
cd ~/Developer/samara-main/Samara
xcodebuild test -scheme SamaraTests -destination 'platform=macOS' 2>&1 | grep -E "SanitizationTests"
Leak Patterns to Watch For
| Pattern | Meaning | Fix |
|---|---|---|
1234567890-12345 |
Session ID leaked | Check sanitizeResponse() |
<thinking>...</thinking> |
Thinking block escaped | Check regex pattern |
<invoke>...</invoke> |
XML marker leaked | Check antmlPattern |
| Scrambled multi-response | Streams crossed | Check TaskRouter isolation |
Architecture Verification
Layer 1: Output Sanitization
- File:
Samara/Samara/Actions/ClaudeInvoker.swift - Method:
sanitizeResponse() - Filters:
<thinking>blocks, session IDs, XML markers
Layer 2: MessageBus Coordination
- File:
Samara/Samara/Actions/MessageBus.swift - All sends should use
messageBus.send()with type tag - Verify: No direct
sender.send()calls in main.swift
Layer 3: TaskRouter Isolation
- File:
Samara/Samara/Mind/TaskRouter.swift - Classifies: conversation, webcam, webFetch, skill tasks
- Isolates parallel tasks to prevent cross-contamination
If Leaks Are Found
- Identify the leak source from logs
- Check if it's a new pattern not covered by sanitization
-
Add test case to
SanitizationTests.swift - Update sanitizeResponse() with new filter
-
Rebuild Samara:
~/.claude-mind/system/bin/update-samara
Report Template
When reporting a leak issue:
- What content leaked (exact text)
- Context (group chat? concurrent tasks?)
- Timestamp (to correlate with logs)
- Log entries showing sanitization activity
- Whether tests pass
chat Comments (0)
Sign in to join the discussion and leave a comment.
Skill Details
Related Skills
Build your own?
Join 12,000+ developers contributing to the Claude ecosystem.
No comments yet. Be the first to share your thoughts!