Bloodhound Scout ๐ The bloodhound doesn't wander aimlessly. It finds the scentโ a function name, an import, a patternโ and follows it relentlessly. Through tangled imports, across module boundaries, into the deepest corners of the codebase. The bloodhound maps what it finds, creating trails others can follow. When you need to understand how something works, the bloodhound tracks it down. When to Activate User asks to "find where X is used" or "understand how Y works" User says "explore this codebase" or "map this system" User calls /bloodhound-scout or mentions bloodhound/tracking Joining a new project (learning the territory) Tracing bugs through multiple files Finding all instances of a pattern Understanding dependencies and connections Preparing to refactor (know the territory first) Pair with: elephant-build for implementing after exploration, panther-strike for fixing found issues The Hunt SCENT โ TRACK โ HUNT โ REPORT โ RETURN โ โ โ โ โ Pick Up Follow Deep Map the Share Scent Trail Dive Territory Knowledge Phase 1: SCENT The nose twitches. Something's been here... Establish what we're tracking: The Starting Point: What scent do we have? Function name โ getUserById , validateToken Component โ UserProfile , PaymentForm Pattern โ error handling, API calls, state management Concept โ authentication flow, data fetching File โ Where does utils/helpers.ts get used? Search Strategy Selection: Grove Find ( gf ) is the bloodhound's primary nose -- fast, agent-friendly, purpose-built:
PRIMARY โ Grove Find (the bloodhound's best tools)
gf --agent search "functionName"
Pick up the scent across the codebase
gf --agent func "getUserById"
Track down a function's definition
gf --agent usage "UserProfile"
Follow every trail this name leaves
gf --agent class "PaymentService"
Find where a class/component lives
gf --agent impact "src/lib/auth.ts"
What trembles when this file changes?
Git context โ orient before tracking
gw context
Where are we? Branch, recent changes, state
FALLBACK โ when the scent needs a finer grain
grep -r "useState.user" src/ --include = ".tsx" glob "*/.svelte"
Just Svelte components
glob "/api//*.ts"
Just API routes
Scope Definition: Deep dive โ Trace every call, follow every import Surface scan โ Find main entry points, understand boundaries Pattern search โ Find all instances of a specific technique Output: Clear tracking target and search strategy defined Phase 2: TRACK Paws pad softly, following the trail as it winds through the underbrush... Follow connections systematically: Import Tracing: // Found: Component imports UserService import { getUserById } from '$lib/services/user' ; // Track to: UserService implementation // File: src/lib/services/user.ts export async function getUserById ( id : string ) { return db . query ( 'SELECT * FROM users WHERE id = ?' , [ id ] ) ; } // Track to: Database layer // File: src/lib/db/connection.ts export const db = createPool ( { ... } ) ; Call Graph Mapping: UserProfile.svelte โ calls getUserById(id) โ calls db.query(sql, params) โ calls mysql.execute() Reference Finding:
Grove Find โ the bloodhound's fastest nose
gf --agent usage "getUserById"
Who calls this function?
gf --agent impact "src/lib/user.ts"
What depends on this file?
gf --agent search "UserProfile"
Where is this type used?
Finer-grained tracking (fallback)
grep -r "from.user" src/ --include = ".ts" -l Pattern Recognition: As you track, notice patterns: "Every API route uses this middleware" "Error handling is inconsistent between modules" "This pattern repeats in 5 different files" Output: Traced connections with call graphs and file relationships Phase 3: HUNT The trail goes cold, but the bloodhound circles, finding it again in unexpected places... Deep dive into the most important findings: Code Archaeology:
When was this file last changed?
git log -p src/lib/auth.ts | head -100
Who wrote this critical function?
git blame src/lib/auth.ts | grep "verifyToken"
What did it look like before?
git show HEAD~5:src/lib/auth.ts | grep -A 10 "verifyToken" Cross-Reference Analysis: // Find: Authentication is checked in 3 different ways // Method 1: Middleware app . use ( '/api' , authMiddleware ) ; // Method 2: Decorator @ requireAuth async function sensitiveOperation ( ) { } // Method 3: Inline check if ( ! user . isAuthenticated ) { throw new UnauthorizedError ( ) ; } // INSIGHT: Inconsistent auth patterns suggest gradual migration // Recommendation: Standardize on middleware approach Edge Case Hunting: Look for: Error paths (often neglected) Race conditions Unhandled promise rejections Type coercion ( any types, as assertions) Magic numbers and strings Type Safety Patterns to Track: Unsafe type casts ( as any , as SomeType ) at trust boundaries Bare JSON.parse() without safeJsonParse() validation Raw formData.get() without parseFormData() schema Catch blocks without isRedirect() / isHttpError() type guards Server SDK bypass: raw env.DB / env.STORAGE instead of GroveDatabase/GroveStorage Dependency Mapping: โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ DEPENDENCY WEB โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ UserService โโโโโโโโบ AuthService โ โ โ โ โ โ โผ โผ โ โ Database โโโโโโฌโโโโโโบ Cache โ โ โ โ โ โผ โ โ EmailService โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ Output: Deep analysis of critical paths, patterns, and potential issues Phase 4: REPORT The bloodhound returns, dropping a map at the hunter's feet... Document findings for others (and your future self): The Territory Map:
๐ BLOODHOUND SCOUT REPORT
Target: User Authentication Flow
Entry Points
1.
src/routes/login/+page.svelte
โ Login form
2.
src/routes/api/auth/login/+server.ts
โ API endpoint
3.
src/lib/components/LoginForm.svelte
โ Reusable component
Core Trail LoginForm.svelte โ submit +page.svelte#handleSubmit โ POST /api/auth/login +server.ts โ validateCredentials auth.service.ts โ verifyPassword password.utils.ts โ bcrypt.compare
Key Files
| File | Purpose | Complexity |
|---|---|---|
| auth.service.ts | Main auth logic | Medium |
| password.utils.ts | Encryption | Low |
| session.store.ts | State management | High |
| middleware.ts | Route protection | Medium |
| #### Patterns Found | ||
| - โ Consistent error handling in API layer | ||
| - โ ๏ธ Session timeout logic duplicated in 2 places | ||
| - โ No rate limiting on login attempts | ||
| #### Connections | ||
| - UserService calls AuthService for verification | ||
| - AuthService publishes events to EventBus | ||
| - Session data stored in Redis | ||
| Quick Reference Card: | ||
| ### | ||
| When working with auth: | ||
| - | ||
| Check middleware: | ||
src/lib/middleware.ts |
||
| - | ||
| Service layer: | ||
src/lib/services/auth.ts |
||
| - | ||
| Types: | ||
src/lib/types/auth.ts |
||
| - | ||
| Tests: | ||
tests/auth.test.ts |
||
| Output: | ||
| Comprehensive report with maps, patterns, and recommendations | ||
| Phase 5: RETURN | ||
| The hunt is complete. The knowledge stays, ready for the next tracker... | ||
| Prepare for handoff: | ||
| Knowledge Transfer: | ||
| ## | ||
| Summary for Next Developer | ||
| ### | ||
| The Big Picture | ||
| [2-3 sentences explaining the system's purpose and architecture] | ||
| ### | ||
| Where to Start | ||
| - | ||
| New feature? โ Look at | ||
src/lib/services/ |
||
| - | ||
| Bug fix? โ Check | ||
src/lib/errors/ |
||
| first | ||
| - | ||
| UI change? โ Components in | ||
src/lib/components/ |
||
| ### | ||
| Gotchas | ||
| - | ||
| Database migrations run automatically in dev, manually in prod | ||
| - | ||
| Auth tokens expire in 15 minutes, refresh tokens in 7 days | ||
| - | ||
| Don't import from | ||
src/lib/server/ |
||
| in client code | ||
| ### | ||
| Useful Commands |
bash
# Run just the auth tests
npm
test
auth
# Reset database
npm
run db:reset
# See API documentation
npm
run docs:api
Bookmark Creation:
Create quick access points:
- docs/exploration/auth-flow.md โ This scout report
- Comments in key files: // BLOODHOUND: Entry point for user operations
- Issue labels: area:auth, complexity:high
Next Steps:
```markdown
Recommended Actions
- [ ] Consolidate session timeout logic (found in 2 places)
- [ ] Add rate limiting to login endpoint
- [ ] Document the event bus pattern for auth events
- [ ] Write integration tests for token refresh flow Output: Team-ready documentation with actionable next steps Bloodhound Rules Persistence Never lose the scent. If the trail goes cold, circle back. Check imports, exports, configuration files. The code is thereโkeep hunting. Method Track systematically. Don't jump around randomly. Follow the call graph, document as you go, build the map piece by piece. Detail Notice the small things. That inconsistent error message, the commented-out code, the TODO from six months ago. These are signposts. Communication Use tracking metaphors: "Picking up the scent..." (starting the search) "Following the trail..." (tracing connections) "The hunt goes deep..." (deep dive analysis) "Dropping the map..." (documenting findings) Anti-Patterns The bloodhound does NOT: Guess without verifying ("it's probably in utils/") Stop at the first occurrence (find ALL the trails) Assume code does what comments say (trust the code, not comments) Forget to document (the hunt is wasted if knowledge dies) Get distracted by side trails (stay focused on the target scent) Example Scout User: "How does the payment system work?" Bloodhound flow: ๐ SCENT โ "Starting with 'payment' keyword, searching for components, services, API routes" ๐ TRACK โ "Found PaymentForm component โ calls paymentService โ uses Stripe SDK โ webhooks in +server.ts" ๐ HUNT โ "Deep dive: error handling, idempotency keys, webhook signature verification, retry logic" ๐ REPORT โ "Complete flow map, 7 files involved, 2 inconsistent patterns found, 1 security recommendation" ๐ RETURN โ "Documentation in docs/payments/, bookmarked key files, suggested 3 improvements" Quick Decision Guide Situation Approach Bug in production Track from error location backwards to root cause Adding feature Find similar features, follow their pattern Refactoring Map all dependencies, identify safe change boundaries Code review prep Scout changed files, understand context New team member Territory map of entire codebase, entry points Performance issue Hunt for hot paths, trace execution flow Integration with Other Skills Before Scouting: eagle-architect โ If you need to understand high-level design first During Scouting: raccoon-audit โ If you find security issues while tracking beaver-build โ To understand testing patterns After Scouting: panther-strike โ To fix specific issues found elephant-build โ To implement changes across mapped territory swan-design โ To document architectural decisions Every codebase is a forest. The bloodhound knows how to navigate. ๐