Stats
Actions
Tags
From crowdstrike-falcon-foundry
Debugs CrowdStrike Falcon Foundry CLI errors, manifest validation, deploy failures, and dev server issues. Use for troubleshooting authentication, headless/CI setup, and unexpected behavior.
How this skill is triggered — by the user, by Claude, or both
Slash command
/crowdstrike-falcon-foundry:debugging-workflowsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Systematic procedures for diagnosing and resolving common CrowdStrike Falcon Foundry development issues.
Systematic procedures for diagnosing and resolving common CrowdStrike Falcon Foundry development issues.
What's happening?
CLI command hangs
├── In headless/CI environment → Missing --no-prompt or required flags (see Headless section)
└── In interactive terminal → Check network/auth with foundry profile active
Deploy fails
├── Validation error → Check manifest YAML syntax, then deploy again
├── "Unknown error" → Duplicate workflow name across apps in tenant
└── Silent failure → Tenant may be missing required module (SKU) for requested scopes
foundry ui run fails
├── On new app → Deploy backend capabilities first (API integrations, functions, collections resolve from cloud)
├── Permission errors → Check manifest OAuth scopes, restart server, verify auth
└── Blank page / CORS error → noAttr() or base path removed from vite.config.js (see ui-development)
Auth fails
├── 401/403 from API → Check OAuth scopes in manifest
├── Login hangs → Headless environment, no browser — use env vars or profile create --no-prompt
└── Works locally, fails in CI → Set FOUNDRY_API_CLIENT_ID env vars in CI config
# Via Foundry CLI with Docker (random ports, closest to production)
foundry functions run --name my-function
# Direct Go execution (port 8081, no Docker)
cd functions/my-function && go run main.go
# Direct Python execution (port 8081, no Docker)
cd functions/my-function && python3 main.py
curl -X POST http://localhost:8081/api/process -d '{"key":"value"}'
# With configuration file (local only)
CS_FN_CONFIG_PATH=./config.json python3 main.py
RTR scripts can only be tested via the CLI (not the Falcon console):
foundry rtr-scripts run --name my-script
Platforms: Windows (script.ps1), Linux (script.sh), macOS (script.zsh). Script size limit ~40KB. Deletion requires Falcon Administrator role in Falcon console UI.
foundry workflows triggers view --mock
foundry workflows actions view --mock
foundry workflows executions validate --mocks mymocks.json
foundry workflows executions start --definition my-workflow --mocks mymocks.json
foundry workflows executions view <execution_id>
Deployment is two-phase: validation (checks manifest and schemas) then artifact build. Use foundry apps validate --no-prompt to dry-run the validation phase after adding API integrations or collections (catches spec/schema issues in seconds). Don't validate right before deploy — deploy runs the same validation plus workflow semantics and name uniqueness checks.
foundry version # Check CLI version
foundry profile list # Check available profiles
foundry profile active # Verify active profile
foundry login # Re-authenticate via browser (interactive)
foundry profile delete --name <name> --no-prompt # Reset corrupted profile
foundry login # Re-authenticate
Use foundry apps validate --no-prompt to validate the manifest and schemas without deploying. For OpenAPI specs, use npx @redocly/cli lint to validate structure locally.
If deploy fails with validation errors:
This is the most common failure mode when Foundry CLI is driven by agents (Claude Code) or CI/CD pipelines. Most commands default to interactive mode, which blocks indefinitely.
foundry login Hangs or Failsfoundry login opens a browser for OAuth. In headless environments, use one of these alternatives:
Option 1: Environment variables (no login needed):
export FOUNDRY_API_CLIENT_ID="<client-id>"
export FOUNDRY_API_CLIENT_SECRET="<client-secret>"
export FOUNDRY_CID="<customer-id>"
export FOUNDRY_CLOUD_REGION="us-1"
Option 2: Non-interactive profile creation:
foundry profile create \
--name "ci-profile" \
--api-client-id "<id>" \
--api-client-secret "<secret>" \
--cid "<cid>" \
--cloud-region "us-1" \
--no-prompt
foundry profile activate --name "ci-profile"
Option 3: Pre-populated config file at ~/.config/foundry/configuration.yml:
profiles:
- name: ci-profile
cloud_region: us-1
credentials:
cid: <customer-id>
api_client_id: <client-id>
api_client_secret: <client-secret>
active_profile: ci-profile
Add --no-prompt to prevent interactive prompts. Nearly all commands support it: apps create, apps validate, apps deploy, apps release, apps delete (also needs --force-delete), functions create, collections create, ui pages create, ui extensions create, rtr-scripts create, profile create, profile delete, workflows create, and api-integrations create. Provide all required flags explicitly — run foundry <command> --help to identify them.
The CI environment has no ~/.config/foundry/configuration.yml. Set environment variables in CI pipeline configuration — they override local config.
| Symptom | Likely Cause | First Action |
|---|---|---|
foundry login hangs | Headless environment | Use env vars or profile create --no-prompt |
| Any command hangs | Missing --no-prompt or required flags | Add flags, run --help |
| Deploy hangs indefinitely | Manifest validation issue | Check YAML syntax, deploy again |
foundry ui run fails on new app | Backend not deployed | Run foundry apps deploy first |
| API calls return 403 | Insufficient OAuth scopes | Review manifest oauth section |
| Deploy fails silently | Tenant missing required module (SKU) | Verify tenant has Falcon module for scopes |
| Local server won't start | Port conflicts | Use --port flag or kill existing processes |
| Auth works locally, fails in CI | No config file in CI | Set FOUNDRY_API_CLIENT_ID env vars |
| Page 404 after deploy/release | App not installed from App Catalog | Install from catalog, wait for propagation |
| Page 404 on new cloud only | Cloud-specific IDs in manifest | Strip IDs with yq before deploying to new cloud |
| Blank page, no CORS errors | Vite root changed from src | Restore root: 'src' in vite.config.js |
| Blank page with CORS errors | noAttr() removed from vite.config.js | Restore the noAttr() plugin in vite.config.js |
| Blank page, no errors in console | falcon.connect() not awaited | The platform iframe stays blank until the postMessage handshake completes — add await falcon.connect() before any rendering |
| Data not appearing after writes | Schema mismatch or missing error check | Verify field names/enums match schema exactly; check result?.errors?.length after writes |
| Dialog white background in dark mode | Shoelace panel defaults | Override --sl-panel-background-color with var(--ground-floor) |
| App install fails with no detail | Workflow CEL expression error | Test API integration in console, then inspect workflow editor for errors |
When a Foundry app fails to install with no useful error message, isolate the problem by testing each component in the Falcon console:
Test the API integration first — In the Falcon console, use the credentials from the install config to test the operation directly (e.g., run listUsers with the Okta domain and API key). This proves whether the spec and credentials work independently of the app.
Eliminate unlikely suspects — Static UI files (extensions, pages) don't cause install failures. If the API integration works, the problem is almost certainly in a workflow.
Inspect the workflow in the console — Open Falcon Fusion SOAR, edit the workflow, and look at each action's configuration. The workflow editor shows validation errors (like unknown variable references in CEL expressions) that the install API doesn't surface.
Example: Apps failed to install with no detail. API integration tested fine. Editing the workflow in the console revealed "unknown variable" on the Print data action — the CEL variable path was missing the
Custom_prefix the platform adds to all API integration names. The install error gave no hint; the workflow editor showed it immediately.
Claude Code can read images directly. When the Falcon console shows something unexpected — a blank page, an error modal, a disabled button — a screenshot is often the fastest way to diagnose the issue.
Without Playwright MCP (fastest): Ask the user to take a screenshot of what they're seeing and paste or drag it into the conversation. Claude reads it immediately and can identify error messages, missing elements, wrong page states, or styling issues without any setup.
With Playwright MCP: If Playwright MCP is configured (claude mcp add playwright -- npx @playwright/mcp@latest), Claude can take screenshots directly via browser_take_screenshot. This is useful for interactive debugging sessions. See e2e-testing/references/debugging-with-mcp.md for details.
From test failure artifacts: When e2e tests fail, Playwright saves screenshots to test-results/. Read the .png file directly — it shows the exact page state at the moment of failure.
Screenshots are particularly effective for:
foundry ui run rendering issues (dark mode, missing Shoelace styles)foundry profile delete --name <name> --no-promptfoundry loginpkill -f "foundry ui"manifest.ymlBefore seeking external help:
foundry versionfoundry profile activenpx @redocly/cli lint (if applicable)npx claudepluginhub crowdstrike/foundry-skills --plugin crowdstrike-falcon-foundryOrchestrates the Falcon Foundry app lifecycle from requirements through deployment using CLI commands. Triggers when creating, planning, or building a Foundry app.
Diagnoses and fixes deploy-time, runtime, and visibility issues in Atlassian Forge apps. Runs lint, version checks, and fix commands automatically without asking permission.
Provides expert guidance for Microsoft Foundry (Azure AI Foundry) development, covering troubleshooting, best practices, architecture, decision making, security, deployment, and integrations.