Agent诊断
- 作者仓库星标 1,187
- 叉子 185
- 作者更新于 2026年6月14日 10:01
- 作者仓库 claude-code-skills
- 领域
- 工程开发
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 88 / 100 · 社区维护
- 作者 / 版本 / 许可
- @daymade · 未声明 license
- Token 消耗评级
- 低消耗
- 接入复杂程度
- 即装即用
- 是否需要外部 API Key
- 不需要
- 兼容的系统
- macOS · Windows
- 底层运行要求
- 无特殊要求
- 文件与系统权限
-
- 只读
- 允许写入 / 修改
- 网络行为
- 允许外网请求
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: windows-remote-desktop-connection-doctor
description: Diagnose Windows App (Microsoft Remote Desktop / Azure Virtual Desktop / W365) connection qualit…
category: 工程开发
runtime: 无特殊运行时
---
# windows-remote-desktop-connection-doctor 输出预览
## PART A: 任务判断
- 适用问题:代码实现、重构、调试或代码审查。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“Background / Diagnostic Workflow / Step 1: Collect Connection Info”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于代码实现、重构、调试或代码审查,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“Background / Diagnostic Workflow / Step 1: Collect Connection Info”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、写入/修改文件、会按任务需要访问外部网络、通常不需要额外 API Key 给出执行前确认项。
## Running Rules
- 读取文件、写入/修改文件;会按任务需要访问外部网络;通常不需要额外 API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文没有稳定的斜杠命令要求。安装验证后通常全局生效,直接在对话里点名这个 Skill 并描述任务即可。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、写入/修改文件。
先用一个小任务确认它会围绕“Background / Diagnostic Workflow / Step 1: Collect Connection Info”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: windows-remote-desktop-connection-doctor
description: Diagnose Windows App (Microsoft Remote Desktop / Azure Virtual Desktop / W365) connection qualit…
category: 工程开发
source: daymade/claude-code-skills
---
# windows-remote-desktop-connection-doctor
## 什么时候使用
- windows-remote-desktop-connection-doctor 是一个工程开发方向的技能,扩展 Agent 在写代码、做 review、跑测试这类场景下的能力 适合处理工程开发场景下的代码实现、调试、重构、测试或代码审…
- 面向代码实现、重构、调试或代码审查,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「Background / Diagnostic Workflow / Step 1: Collect Connection Info」组织步骤,不把推断写成作者事实。
- 读取文件、写入/修改文件;会按任务需要访问外部网络;通常不需要额外 API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "windows-remote-desktop-connection-doctor" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> Background / Diagnostic Workflow / Step 1: Collect Connection Info
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> 无特殊运行时 | 读取文件、写入/修改文件 | 会按任务需要访问外部网络
安全层 -> 通常不需要额外 API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} Windows Remote Desktop Connection Doctor
Diagnose and fix Windows App (AVD/WVD/W365) connection quality issues on macOS, with focus on transport protocol optimization.
Methodology base: the general evidence-driven diagnosis discipline lives in the debugging-network-issues skill. This skill is the Windows-App / AVD transport domain layer — it leans toward connection-quality optimization more than root-cause falsification, so the methodology overlap is lighter.
Background
Azure Virtual Desktop transport priority: UDP Shortpath > TCP > WebSocket. UDP Shortpath provides the best experience (lowest latency, supports UDP Multicast). When it fails, the client falls back to WebSocket over TCP 443 through the gateway, adding significant latency overhead.
Diagnostic Workflow
Step 1: Collect Connection Info
Ask the user to provide the Connection Info from Windows App (click the signal icon in the toolbar). Key fields to extract:
| Field | What It Tells |
|---|---|
| Transport Protocol | Current transport: UDP, UDP Multicast, WebSocket, or TCP |
| Round-Trip Time (RTT) | End-to-end latency in ms |
| Available Bandwidth | Current bandwidth in Mbps |
| Gateway | The AVD gateway hostname and port |
| Service Region | Azure region code (e.g., SEAS = South East Asia) |
If Transport Protocol is UDP or UDP Multicast, the connection is optimal — no further diagnosis needed.
If Transport Protocol is WebSocket or TCP, proceed to Step 2.
Step 2: Collect Network Evidence
Gather evidence in parallel — do NOT make assumptions. Run the following checks simultaneously:
2A: Network Interfaces and Routing
ifconfig | grep -E "^[a-z]|inet |utun"
netstat -rn | head -40
scutil --proxy
Look for:
- utun interfaces: Identify VPN/proxy TUN tunnels (ShadowRocket, Clash, Tailscale)
- Default route priority: Which interface handles default traffic
- Split routing:
0/1 + 128.0/1 → utunpattern means a VPN captures all traffic - System proxy: HTTP/HTTPS proxy enabled on localhost ports
2B: RDP Client Process and Connections
# Find the Windows App process (NOT "msrdc" — the new client uses "Windows" as process name)
ps aux | grep -i -E 'msrdc|Windows' | grep -v grep
# Check its network connections
lsof -i -n -P 2>/dev/null | grep -i "Windows" | head -20
# Check for UDP connections
lsof -i UDP -n -P 2>/dev/null | head -30
Key evidence to look for:
- Source IP
198.18.0.x: Traffic is being routed through ShadowRocket/proxy TUN tunnel - No UDP connections from Windows process: Shortpath not established
- Only TCP 443: Fallback to gateway WebSocket transport
2C: VPN/Proxy State
# Environment proxy variables
env | grep -i proxy
# System proxy via scutil
scutil --proxy
# ShadowRocket config API (if accessible on local network)
NO_PROXY="<local-ip>" curl -s --connect-timeout 5 "http://<local-ip>:8080/api/read"
2D: Tailscale State (if running)
tailscale status
tailscale netcheck
The netcheck output reveals NAT type (MappingVariesByDestIP), UDP support, and public IP — valuable even when Tailscale is not the problem.
Step 3: Analyze Windows App Logs
This is the most critical step. Windows App logs contain transport negotiation details that no network-level test can reveal.
Log location on macOS:
~/Library/Containers/com.microsoft.rdc.macos/Data/Library/Logs/Windows App/
Files are named: com.microsoft.rdc.macos_v<version>_<date>_<time>.log
See references/windows_app_log_analysis.md for detailed log parsing guidance.
Quick Log Search
LOG_DIR=~/Library/Containers/com.microsoft.rdc.macos/Data/Library/Logs/Windows\ App
# Find the most recent log
LATEST_LOG=$(ls -t "$LOG_DIR"/*.log 2>/dev/null | head -1)
# Search for transport-critical entries (filter out noise)
grep -i -E "STUN|TURN|VPN|Routed|Shortpath|FetchClient|clientoption|GATEWAY.*ERR|Certificate.*valid|InternetConnectivity|Passed URL" "$LATEST_LOG" | grep -v "BasicStateManagement\|DynVC\|dynvcstat\|asynctransport"
Key Log Patterns
| Log Pattern | Meaning |
|---|---|
Passed: InternetConnectivity |
Health check completed successfully |
TCP/IP Traffic Routed Through VPN: No/Yes |
Client detected VPN routing for TCP |
STUN/TURN Traffic Routed Through VPN: Yes |
Client detected VPN routing for STUN/TURN |
Passed URL: https://...wvd.microsoft.com/ Response Time: Nms |
Gateway reachability confirmed |
FetchClientOptions exception: Request timed out |
Critical: Client cannot get transport options from gateway |
Certificate validation failed |
TLS interception or DNS poisoning detected |
OnRDWebRTCRedirectorRpc rtcSession not handled |
WebRTC session setup not handled by client |
Compare Working vs Broken Logs
When possible, compare a log from when the connection worked (UDP) with the current log:
# Compare startup health check blocks
for f in "$LOG_DIR"/*.log; do
echo "=== $(basename "$f") ==="
grep -E "InternetConnectivity|Routed Through VPN|Passed URL|FetchClient" "$f" | head -10
echo ""
done
A working log will contain the full health check block (InternetConnectivity, VPN routing detection, gateway URL tests). A broken log may show these entries missing entirely, or show certificate/timeout errors instead.
Step 4: Determine Root Cause
Based on collected evidence, identify the root cause category:
Category A: VPN/Proxy Interference
Evidence: Windows App source IP is 198.18.0.x, STUN/TURN routed through VPN, no UDP connections.
Fix: Add DIRECT rules for AVD traffic in the proxy tool:
DOMAIN-SUFFIX,wvd.microsoft.com,DIRECT
DOMAIN-SUFFIX,microsoft.com,DIRECT
IP-CIDR,13.104.0.0/14,DIRECT
Verify: Temporarily disable VPN/proxy, reconnect VDI, check if transport changes to UDP.
Category B: ISP/Network UDP Restriction
Evidence: Even with all VPNs off, still WebSocket. No UDP connections. FetchClientOptions timeout.
Verify:
# Test STUN connectivity to a known server
python3 -c "
import socket, struct, os
header = struct.pack('!HHI', 0x0001, 0, 0x2112A442) + os.urandom(12)
for srv in [('stun.l.google.com', 19302), ('stun1.l.google.com', 19302)]:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.settimeout(3)
s.sendto(header, srv)
data, addr = s.recvfrom(1024)
print(f'STUN from {srv[0]}: OK')
s.close(); break
except: print(f'STUN from {srv[0]}: FAILED'); s.close()
"
Fix options:
- Try mobile hotspot (isolate home network from ISP)
- Check router NAT type (Full Cone NAT preferred)
- Enable UPnP on router
- Try IPv6 if available
- Contact ISP about UDP restrictions
Category C: Client Health Check Failure
Evidence: Log shows certificate validation errors at startup, health check block (InternetConnectivity, STUN/TURN detection) missing from log, FetchClientOptions timeout.
This means the client cannot complete its diagnostic/capability discovery, preventing Shortpath negotiation.
Possible causes:
- ISP HTTPS interception/MITM (especially in China)
- DNS poisoning returning incorrect IPs for Microsoft diagnostic endpoints
- Firewall blocking Microsoft telemetry endpoints
Fix options:
- Change DNS to 8.8.8.8 or 1.1.1.1 (bypass ISP DNS)
- Route Microsoft traffic through a clean proxy
- Check if ISP injects certificates
Category D: Server-Side Shortpath Not Enabled
Evidence: Log shows no STUN/TURN or Shortpath related entries at all (not even detection), but health checks pass and no errors.
This means the AVD host pool does not have RDP Shortpath enabled. This requires admin action on the Azure portal.
Step 5: Verify Fix
After applying a fix, reconnect the VDI session and verify:
- Check Connection Info — Transport Protocol should show
UDPorUDP Multicast - RTT should drop significantly (e.g., from 165ms to 40-60ms)
- Verify with lsof:
lsof -i UDP -n -P 2>/dev/null | grep -i "Windows"
# Should show UDP connections if Shortpath is active
References
- references/windows_app_log_analysis.md — Detailed log parsing patterns, error signatures, and comparison methodology
- references/avd_transport_protocols.md — How AVD transport selection works, STUN/TURN/ICE overview, Shortpath architecture
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核