anombyte93/stepback
skills/stepback/SKILL.md
Use when hitting the same error after 2+ fix attempts, when multiple symptoms share a common system, or when fixes feel like whack-a-mole. Forces architectural reassessment over symptom-patching. Also use proactively when a fix touches infrastructure-level config.
$ install --global
skillsauthnpx skillsauth add anombyte93/atlas-session-lifecycle stepbackInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 27, 2026, 3:59 AM65.2s1 file scanned
SKILL.md
- name:
- stepback
- description:
- Use when hitting the same error after 2+ fix attempts, when multiple symptoms share a common system, or when fixes feel like whack-a-mole. Forces architectural reassessment over symptom-patching. Also use proactively when a fix touches infrastructure-level config.
- user-invocable:
- true
Stepback - Strategic Reassessment
Core principle: If you've tried 2+ fixes for the same class of problem, you're probably patching symptoms. Stop. Zoom out. Research the architecture.
When to Trigger
digraph stepback {
"Fix attempt failed?" [shape=diamond];
"Is this the 2nd+ attempt?" [shape=diamond];
"Same root system?" [shape=diamond];
"Keep debugging" [shape=box];
"STOP — Run /stepback" [shape=box, style=bold];
"Fix attempt failed?" -> "Is this the 2nd+ attempt?" [label="yes"];
"Fix attempt failed?" -> "Keep debugging" [label="no, first try"];
"Is this the 2nd+ attempt?" -> "Same root system?" [label="yes"];
"Is this the 2nd+ attempt?" -> "Keep debugging" [label="no"];
"Same root system?" -> "STOP — Run /stepback" [label="yes"];
"Same root system?" -> "Keep debugging" [label="different systems"];
}
Symptoms that demand /stepback:
- Same error returns after a "fix"
- Fix A reveals error B reveals error C (cascade)
- Locally it works, deployed it doesn't
- Multiple components broken by the same underlying cause
- Fixes feel like whack-a-mole
Proactive triggers (don't wait for failure):
- Touching deployment config, build pipeline, or infrastructure
- Changing middleware, routing, or auth at the platform level
- Modifying
next.config.js,vercel.json, Dockerfile, CI/CD
Execution
STEP 1 — Stop and Inventory
List every fix attempt so far in this session. For each:
- What symptom it addressed
- Whether it worked or revealed a new symptom
- What assumption it was based on
Present this to the user as a table:
| # | Fix | Symptom | Result | Assumption |
|---|-----|---------|--------|------------|
| 1 | Added route to middleware whitelist | 405 on webhook | Still 405 | Middleware was blocking |
| 2 | Replaced parseBody with manual HMAC | 500 crash | Still 500 | parseBody incompatible |
| 3 | ... | ... | ... | ... |
STEP 2 — Find the Common Thread
Ask: "What system do ALL of these symptoms share?"
Don't look at each symptom individually. Look for:
- Shared infrastructure (build system, deployment platform, DNS)
- Shared config (one file that affects everything)
- Shared assumption (e.g., "the code is running" when it isn't)
STEP 3 — Research the Architecture
Spawn a research agent (Perplexity) with THREE queries:
- "Common causes of [shared symptom pattern] in [platform/framework]"
- "[Platform] [framework] deployment issues [year]"
- "[Specific error pattern] works locally fails in production [platform]"
This is mandatory. No skipping research because "I think I know."
STEP 4 — Test the Broadest Hypothesis First
Instead of testing your specific broken feature, test whether the ENTIRE CLASS of features works:
Before: "Does /api/revalidate work?"
After: "Does ANY API route work on production?"
If the broader test fails, you've found a systemic issue — fix THAT, not the individual symptom.
STEP 5 — Present the Choice
Show the user:
**Symptom-level fix:** [what you've been doing]
**Architecture-level fix:** [what research suggests]
**Effort comparison:** [patch N symptoms vs fix 1 root cause]
**Recommendation:** [which approach and why]
Let the user decide. Don't assume redesign is always better — sometimes patching IS correct.
Red Flags — You're Symptom-Patching If:
| Signal | What It Means | |--------|---------------| | "Let me just try one more thing" | You're guessing, not diagnosing | | "This fix should definitely work" | You said that last time | | "It works locally" | Local ≠ production. Check the deployment pipeline | | "I'll add this to the whitelist/allowlist" | You're growing a list instead of questioning the filter | | "The code is correct, something else is wrong" | Check if the code is even RUNNING | | 3+ commits with "fix:" in a row | Pattern detected — step back |
The Outsider Test
When running /stepback, pretend you're a new consultant reviewing this system for the first time. Ask:
- "What is different about this setup compared to a standard one?"
- "What would a fresh install look like?"
- "What was added/customized that might be causing this?"
The answer is almost always in the DELTA between standard and custom.
Real-World Example
Session 2026-02-13 — Atlas Website webhook
5 fix attempts over 2 hours: middleware whitelist, parseBody replacement, CSP headers, dead component cleanup, deployment protection check. All were real issues but none were THE issue.
The outsider test revealed: outputFileTracingRoot in next.config.js was set to a hardcoded local path (/home/anombyte/Atlas/Atlas_Website). On Vercel's build server, this path doesn't exist, so Next.js silently generated ZERO serverless functions. No API routes worked — not just the webhook.
One line removed. Everything worked.
The 5 "fixes" were real improvements (cleaner middleware, better CSP, removed dead code) — but they would have taken 10 minutes as planned cleanup, not 2 hours of confused debugging.
Related Skills
anombyte93/start
tools
VerifiedTrustedCommunity
Session initialization and lifecycle management: bootstraps session context, organizes files, generates CLAUDE.md, manages soul purpose lifecycle with completion protocol and active context harvesting. Use when user says /start, /init, bootstrap session, initialize session, or organize project.
86SKILL.mdUpdated Apr 27, 2026
anombyte93/sync
tools
VerifiedTrustedCommunity
Fast save-point: sync all session-context files and MEMORY.md with current progress. Zero questions, zero delay. Use when user says /sync, save progress, save state, sync context, or /sync --full for capability inventory.
86SKILL.mdUpdated Apr 27, 2026
anombyte93/stop
testing
VerifiedTrustedCommunity
Gracefully close, pause, or verify a session: harvest promotable content, save progress, archive soul purpose, settle AtlasCoin bounty. Use when user says /stop, wrap up, done for the day, finishing up, close session, pause, verify, or end session.
86SKILL.mdUpdated Apr 27, 2026
anombyte93/start
tools
VerifiedTrustedCommunity
Session initialization and lifecycle management: bootstraps session context, organizes files, generates CLAUDE.md, manages soul purpose lifecycle with completion protocol and active context harvesting. Use when user says /start, /init, bootstrap session, initialize session, or organize project.
86SKILL.mdUpdated Apr 27, 2026