diagnose

Use when the agent's decision is 'this workload or GitOps reconciler is broken — find the root cause / localize the failure'. For a single Pod/Deployment/StatefulSet/DaemonSet, bundles: the resource (Kubernetes-shaped detail) + diagnostic resourceContext (managedBy, exposes, selectedBy, uses, runsOn, issue/audit/policy rollups) + current AND previous container logs across the workload's pods + recent Warning events filtered to this resource + a recentChanges section for the workload and directly referenced ConfigMaps (no Secret content) + a startupBlockers section when the workload can't reach Running (unschedulable with the offending node constraint named, admission/quota rejection, or a post-bind CNI/volume stall). For Application/Kustomization/HelmRelease, returns the reconciler resource + GitOps status summary + related parsed issues (cause/action/remediation), without pod-log fan-out. Use for CrashLoopBackOff, OOMKills, failed deploys, image-pull errors, readiness flaps, scheduling failures, error-spewing services, GitOps sync/health failures, or any workload root-causing where you would otherwise call get_resource → events → get_pod_logs → get_pod_logs(previous=true) in sequence — this returns the same data in one round-trip. If you only need ONE facet (e.g. just spec, just logs), prefer the targeted tool. For other CRDs or non-workload kinds, use get_resource (with optional include=events).