limit shell command output

multi-agent-supervisor/agents/logs_analyzer.py

@@ -31,8 +31,9 @@ OS-Specific Log Analysis:
 
 **macOS:**
 - System logs: `log show` (unified logging) or Console.app
-- Recent logs: `log show --last 1h --predicate 'eventType == logEvent'`
-- System events: `log show --predicate 'subsystem == "com.apple.kernel"'`
+- Recent logs: `log show --last 1h --predicate 'eventType == logEvent' | head -500`
+- System events: `log show --predicate 'subsystem == "com.apple.kernel"' | head -200`
+- Error-focused: `log show --last 1h --predicate 'messageType == error' | head -200`
 - Application logs: `~/Library/Logs/`, `/Library/Logs/`, `/var/log/`
 - Crash reports: `~/Library/Logs/DiagnosticReports/`
 
@@ -46,13 +47,15 @@ Analysis Techniques:
 - Time-based filtering: Focus on relevant time periods
 - Pattern matching: Search for error, fail, critical, warning, denied
 - Cross-reference multiple log sources for complete picture
+- **CRITICAL: Always limit output with `| head -500` or `| tail -500` to prevent token overflow**
 
 Best Practices:
 1. **Detect OS first** using `uname -s` to choose appropriate log commands
-2. **Start recent**: Use last 100-1000 lines or recent time periods
+2. **Start recent**: Use last 500-1000 lines or recent time periods
 3. **Search systematically**: Keywords → timestamps → context → correlation
 4. **Multiple sources**: System, application, and service logs
 5. **Summarize clearly**: Include timestamps, severity, and actionable insights
+6. **ALWAYS limit output**: Use `head -500`, `tail -500`, or `grep` to keep responses manageable
 
 Log Location Hints:
 - Linux: `/var/log/`, `journalctl`, `/proc/`, `/sys/kernel/debug/`