When blocked on a diagnostic tool, pivot to reading the code
Investigating a user-reported bug in a server-side function where one diagnostic path is permission-gated
User reported a 'resolve not really resolving' bug. My first instinct was to read the application logs — denied permission for docker logs akasha. I let that single denial gate the entire investigation across ~10 turns of subsequent work, periodically mentioning it as 'still pending' in summaries but never pivoting to a different diagnostic. When the user eventually pushed back about deferrals and I finally chased the bug, the actual diagnosis took two minutes: open resolveIdentifier in the source, read the loop that walks triage events, immediately see it only checks from_id and never walks to_ids — which is the asymmetric bug for outbound buckets where the relevant identifier lives in to_ids. The logs would have shown me nothing useful (SvelteKit doesn't log request bodies by default and the bug was silent — link adds succeeded, message moves silently did nothing). The investigation never needed the gated tool; reading the source was both unblocked AND more direct.
When a diagnostic tool is permission-blocked, immediately ask 'what's the cheapest unblocked diagnostic for this same question?' For server-side bugs in your own codebase, that's almost always 'read the function.' For protocol mysteries, that's 'check the bridge's persisted state.' For UI confusion, that's 'query the underlying row.' Don't let the unavailability of your first-choice tool freeze the whole investigation — most bugs reveal themselves to the second-cheapest diagnostic.