defense-in-depth | Skill Performance & Reviews | TopRankSkills

TopRank Skills

Home / Skills / tools / defense-in-depth

defense-in-depth

maintained by pproenca

star 0 account_tree 0 verified_user MIT License
bolt View GitHub

name: defense-in-depth description: This skill should be used when the user asks for "defensive coding", "input validation", "prevent bugs", "multiple validation layers", or when fixing bugs caused by invalid data reaching deep execution. Validates at every layer. allowed-tools: []

Defense-in-Depth Validation

When fixing a bug caused by invalid data, adding validation at one place feels sufficient. But that single check can be bypassed.

Core principle: Validate at EVERY layer data passes through. Make the bug structurally impossible.

The Four Layers

Layer 1: Entry Point Validation

Reject obviously invalid input at API boundary:

function createProject(name: string, workingDirectory: string) {
  if (!workingDirectory || workingDirectory.trim() === "") {
    throw new Error("workingDirectory cannot be empty");
  }
  if (!existsSync(workingDirectory)) {
    throw new Error(`workingDirectory does not exist: ${workingDirectory}`);
  }
}

Layer 2: Business Logic Validation

Ensure data makes sense for this operation:

function initializeWorkspace(projectDir: string, sessionId: string) {
  if (!projectDir) {
    throw new Error("projectDir required for workspace initialization");
  }
}

Layer 3: Environment Guards

Prevent dangerous operations in specific contexts:

async function gitInit(directory: string) {
  if (process.env.NODE_ENV === "test") {
    const normalized = normalize(resolve(directory));
    const tmpDir = normalize(resolve(tmpdir()));

    if (!normalized.startsWith(tmpDir)) {
      throw new Error(`Refusing git init outside temp dir during tests`);
    }
  }
}

Layer 4: Debug Instrumentation

Capture context for forensics:

async function gitInit(directory: string) {
  logger.debug("About to git init", {
    directory,
    cwd: process.cwd(),
    stack: new Error().stack,
  });
}

Applying the Pattern

When fixing a bug:

  1. Trace data flow - Where does bad value originate? Where used?
  2. Map checkpoints - List every point data passes through
  3. Add validation at each layer - Entry, business, environment, debug
  4. Test each layer - Try to bypass layer 1, verify layer 2 catches it

Why Multiple Layers

Single validation: "We fixed the bug" Multiple layers: "We made the bug impossible"

Different layers catch different cases:

  • Entry validation catches most bugs
  • Business logic catches edge cases
  • Environment guards prevent context-specific dangers
  • Debug logging helps when other layers fail

Integration

Referenced by systematic-debugging after root cause is found. Add validation at each layer the data passed through.

chat Comments (0)

chat_bubble_outline

No comments yet. Be the first to share your thoughts!

Skill Details

GitHub Stars 0
GitHub Forks 0
Created Jan 2026
Last Updated 5个月前
tools tools code quality

Related Skills

creating-pr
chevron_right
reviewing-pr
chevron_right
packmind-standard-creator
chevron_right
packmind-standard-creator
chevron_right
code-review-router
chevron_right

Build your own?

Join 12,000+ developers contributing to the Claude ecosystem.