analyse-problem
3
总安装量
2
周安装量
#54776
全站排名
安装命令
npx skills add https://github.com/glennguilloux/context-engineering-kit --skill analyse-problem
Agent 安装分布
opencode
2
gemini-cli
2
command-code
2
claude-code
2
github-copilot
2
goose
2
Skill 文档
A3 Problem Analysis
Apply A3 problem-solving format for comprehensive, single-page problem documentation and resolution planning.
Description
Structured one-page analysis format covering: Background, Current Condition, Goal, Root Cause Analysis, Countermeasures, Implementation Plan, and Follow-up. Named after A3 paper size; emphasizes concise, complete documentation.
Usage
/analyse-problem [problem_description]
Variables
- PROBLEM: Issue to analyze (default: prompt for input)
- OUTPUT_FORMAT: markdown or text (default: markdown)
Steps
- Background: Why this problem matters (context, business impact)
- Current Condition: What’s happening now (data, metrics, examples)
- Goal/Target: What success looks like (specific, measurable)
- Root Cause Analysis: Why problem exists (use 5 Whys or Fishbone)
- Countermeasures: Proposed solutions addressing root causes
- Implementation Plan: Who, what, when, how
- Follow-up: How to verify success and prevent recurrence
A3 Template
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
A3 PROBLEM ANALYSIS
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
TITLE: [Concise problem statement]
OWNER: [Person responsible]
DATE: [YYYY-MM-DD]
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 1. BACKGROUND (Why this matters) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â [Context, impact, urgency, who's affected] â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 2. CURRENT CONDITION (What's happening) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â [Facts, data, metrics, examples - no opinions] â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 3. GOAL/TARGET (What success looks like) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â [Specific, measurable, time-bound targets] â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 4. ROOT CAUSE ANALYSIS (Why problem exists) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â [5 Whys, Fishbone, data analysis] â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 5. COUNTERMEASURES (Solutions addressing root causes) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â [Specific actions, not vague intentions] â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 6. IMPLEMENTATION PLAN (Who, What, When) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â [Timeline, responsibilities, dependencies, milestones] â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 7. FOLLOW-UP (Verification & Prevention) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â [Success metrics, monitoring plan, review dates] â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Examples
Example 1: Database Connection Pool Exhaustion
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
A3 PROBLEM ANALYSIS
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
TITLE: API Downtime Due to Connection Pool Exhaustion
OWNER: Backend Team Lead
DATE: 2024-11-14
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 1. BACKGROUND â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â ⢠API goes down 2-3x per week during peak hours â
â ⢠Affects 10,000+ users, average 15min downtime â
â ⢠Revenue impact: ~$5K per incident â
â ⢠Customer satisfaction score dropped from 4.5 to 3.8 â
â ⢠Started 3 weeks ago after traffic increased 40% â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 2. CURRENT CONDITION â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â Observations: â
â ⢠Connection pool size: 10 (unchanged since launch) â
â ⢠Peak concurrent users: 500 (was 300 three weeks ago) â
â ⢠Average request time: 200ms (was 150ms) â
â ⢠Connections leaked: ~2 per hour (never released) â
â ⢠Error: "Connection pool exhausted" in logs â
â â
â Pattern: â
â ⢠Occurs at 2pm-4pm daily (peak traffic) â
â ⢠Gradual degradation over 30 minutes â
â ⢠Recovery requires app restart â
â ⢠Long-running queries block pool (some 30+ seconds) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 3. GOAL/TARGET â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â ⢠Zero downtime due to connection exhaustion â
â ⢠Support 1000 concurrent users (2x current peak) â
â ⢠All connections released within 5 seconds â
â ⢠Achieve within 1 week â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 4. ROOT CAUSE ANALYSIS â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â 5 Whys: â
â Problem: Connection pool exhausted â
â Why 1: All 10 connections in use, none available â
â Why 2: Connections not released after requests â
â Why 3: Error handling doesn't close connections â
â Why 4: Try-catch blocks missing .finally() â
â Why 5: No code review checklist for resource cleanup â
â â
â Contributing factors: â
â ⢠Pool size too small for current load â
â ⢠No connection timeout configured (hangs forever) â
â ⢠Slow queries hold connections longer â
â ⢠No monitoring/alerting on pool metrics â
â â
â ROOT CAUSE: Systematic issue with resource cleanup + â
â insufficient pool sizing â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 5. COUNTERMEASURES â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â Immediate (This Week): â
â 1. Audit all DB code, add .finally() for connection release â
â 2. Increase pool size: 10 â 30 â
â 3. Add connection timeout: 10 seconds â
â 4. Add pool monitoring & alerts (>80% used) â
â â
â Short-term (2 Weeks): â
â 5. Optimize slow queries (add indexes) â
â 6. Implement connection pooling best practices doc â
â 7. Add automated test for connection leaks â
â â
â Long-term (1 Month): â
â 8. Migrate to connection pool library with auto-release â
â 9. Add linter rule detecting missing .finally() â
â 10. Create PR checklist for resource management â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 6. IMPLEMENTATION PLAN â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â Week 1 (Nov 14-18): â
â ⢠Day 1-2: Audit & fix connection leaks [Dev Team] â
â ⢠Day 2: Increase pool size, add timeout [DevOps] â
â ⢠Day 3: Set up monitoring [SRE] â
â ⢠Day 4: Test under load [QA] â
â ⢠Day 5: Deploy to production [DevOps] â
â â
â Week 2 (Nov 21-25): â
â ⢠Optimize identified slow queries [DB Team] â
â ⢠Write best practices doc [Tech Writer + Dev Lead] â
â ⢠Create connection leak test [QA Team] â
â â
â Week 3-4 (Nov 28 - Dec 9): â
â ⢠Evaluate connection pool libraries [Dev Team] â
â ⢠Add linter rules [Dev Lead] â
â ⢠Update PR template [Dev Lead] â
â â
â Dependencies: None blocking Week 1 fixes â
â Resources: 2 developers, 1 DevOps, 1 SRE â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 7. FOLLOW-UP â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â Success Metrics: â
â ⢠Zero downtime incidents (monitor 4 weeks) â
â ⢠Pool usage stays <80% during peak â
â ⢠No connection leaks detected â
â ⢠Response time <200ms p95 â
â â
â Monitoring: â
â ⢠Daily: Check pool usage dashboard â
â ⢠Weekly: Review connection leak alerts â
â ⢠Bi-weekly: Team retrospective on progress â
â â
â Review Dates: â
â ⢠Week 1 (Nov 18): Verify immediate fixes effective â
â ⢠Week 2 (Nov 25): Assess optimization impact â
â ⢠Week 4 (Dec 9): Final review, close A3 â
â â
â Prevention: â
â ⢠Add connection handling to onboarding â
â ⢠Monthly audit of resource management code â
â ⢠Include pool metrics in SRE runbook â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Example 2: Security Vulnerability in Production
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
A3 PROBLEM ANALYSIS
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
TITLE: Critical SQL Injection Vulnerability
OWNER: Security Team Lead
DATE: 2024-11-14
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 1. BACKGROUND â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â ⢠Critical security vulnerability reported by researcher â
â ⢠SQL injection in user search endpoint â
â ⢠Potential data breach affecting 100K+ user records â
â ⢠CVSS score: 9.8 (Critical) â
â ⢠Vulnerability exists in production for 6 months â
â ⢠Similar issue found in 2 other endpoints (scanning) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 2. CURRENT CONDITION â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â Vulnerable Code: â
â ⢠/api/users/search endpoint uses string concatenation â
â ⢠Input: search query (user-provided, not sanitized) â
â ⢠Pattern: `SELECT * FROM users WHERE name = '${input}'` â
â â
â Scope: â
â ⢠3 endpoints vulnerable (search, filter, export) â
â ⢠All use same unsafe pattern â
â ⢠No parameterized queries â
â ⢠No input validation layer â
â â
â Risk Assessment: â
â ⢠Exploitable from public internet â
â ⢠No evidence of exploitation (logs checked) â
â ⢠Similar code in admin panel (higher privilege) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 3. GOAL/TARGET â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â ⢠Patch all SQL injection vulnerabilities within 24 hours â
â ⢠Zero SQL injection vulnerabilities in codebase â
â ⢠Prevent similar issues in future code â
â ⢠Verify no unauthorized access occurred â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 4. ROOT CAUSE ANALYSIS â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â 5 Whys: â
â Problem: SQL injection vulnerability in production â
â Why 1: User input concatenated directly into SQL â
â Why 2: Developer wasn't aware of SQL injection risks â
â Why 3: No security training for new developers â
â Why 4: Security not part of onboarding checklist â
â Why 5: Security team not involved in development process â
â â
â Contributing Factors (Fishbone): â
â ⢠Process: No security code review â
â ⢠Technology: ORM not used consistently â
â ⢠People: Knowledge gap in secure coding â
â ⢠Methods: No SAST tools in CI/CD â
â â
â ROOT CAUSE: Security not integrated into development â
â process, training gap â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 5. COUNTERMEASURES â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â Immediate (24 Hours): â
â 1. Patch all 3 vulnerable endpoints â
â 2. Deploy hotfix to production â
â 3. Scan codebase for similar patterns â
â 4. Review access logs for exploitation attempts â
â â
â Short-term (1 Week): â
â 5. Replace all raw SQL with parameterized queries â
â 6. Add input validation middleware â
â 7. Set up SAST tool in CI (Snyk/SonarQube) â
â 8. Security team review of all data access code â
â â
â Long-term (1 Month): â
â 9. Mandatory security training for all developers â
â 10. Add security review to PR process â
â 11. Migrate to ORM for all database access â
â 12. Implement security champion program â
â 13. Quarterly security audits â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 6. IMPLEMENTATION PLAN â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â Hour 0-4 (Emergency Response): â
â ⢠Write & test patches [Security + Senior Dev] â
â ⢠Emergency PR review [CTO + Tech Lead] â
â ⢠Deploy to staging [DevOps] â
â â
â Hour 4-24 (Production Deploy): â
â ⢠Deploy hotfix [DevOps + On-call] â
â ⢠Monitor for issues [SRE Team] â
â ⢠Scan logs for exploitation [Security Team] â
â ⢠Notify stakeholders [Security Lead + CEO] â
â â
â Day 2-7: â
â ⢠Full codebase remediation [Dev Team] â
â ⢠SAST tool setup [DevOps + Security] â
â ⢠Security review [External Auditor] â
â â
â Week 2-4: â
â ⢠Security training program [Security + HR] â
â ⢠Process improvements [Engineering Leadership] â
â â
â Dependencies: External auditor availability (Week 2) â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 7. FOLLOW-UP â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ¤
â Success Metrics: â
â ⢠Zero SQL injection vulnerabilities (verified by scan) â
â ⢠100% of PRs pass SAST checks â
â ⢠100% developer security training completion â
â ⢠No unauthorized access detected in log analysis â
â â
â Verification: â
â ⢠Day 1: Verify patch deployed, vulnerability closed â
â ⢠Week 1: External security audit confirms fixes â
â ⢠Week 2: SAST tool catching similar issues â
â ⢠Month 1: Training completion, process adoption â
â â
â Prevention: â
â ⢠SAST tools block vulnerable code in CI â
â ⢠Security review required for data access code â
â ⢠Quarterly penetration testing â
â ⢠Annual security training refresh â
â â
â Incident Report: â
â ⢠Post-mortem meeting: Nov 16 â
â ⢠Document lessons learned â
â ⢠Share with engineering org â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Notes
- A3 forces concise, complete thinking (fits on one page)
- Use data and facts, not opinions or blame
- Root cause analysis is criticalâuse
/whyor/cause-and-effect - Countermeasures must address root causes, not symptoms
- Implementation plan needs clear ownership and timelines
- Follow-up ensures sustainable improvement
- A3 becomes historical record for organizational learning
- Update A3 as situation evolves (living document until closed)
- Consider A3 for: incidents, recurring issues, major improvements
- Overkill for: small bugs, one-line fixes, trivial issues