Claude Code Plugins

Community-maintained marketplace

Feedback

defense-in-depth

@LerianStudio/ring
17
0

|

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name defense-in-depth
description Multi-layer validation pattern - validates data at EVERY layer it passes through to make bugs structurally impossible, not just caught.
trigger - Bug caused by invalid data reaching deep layers - Single validation point can be bypassed - Need to prevent bug category, not just instance
skip_when - Validation already exists at all layers → check other issues - Simple input validation sufficient → add single check
related [object Object]

Defense-in-Depth Validation

Overview

When you fix a bug caused by invalid data, adding validation at one place feels sufficient. But that single check can be bypassed by different code paths, refactoring, or mocks.

Core principle: Validate at EVERY layer data passes through. Make the bug structurally impossible.

Why Multiple Layers

Single validation: "We fixed the bug" Multiple layers: "We made the bug impossible"

Different layers catch different cases:

  • Entry validation catches most bugs
  • Business logic catches edge cases
  • Environment guards prevent context-specific dangers
  • Debug logging helps when other layers fail

The Four Layers

Layer Purpose Example
1. Entry Point Reject invalid input at API boundary if (!workingDir || !existsSync(workingDir)) throw new Error(...)
2. Business Logic Ensure data makes sense for operation if (!projectDir) throw new Error('projectDir required')
3. Environment Guards Prevent dangerous ops in contexts if (NODE_ENV === 'test' && !path.startsWith(tmpdir())) throw...
4. Debug Instrumentation Capture context for forensics logger.debug('About to git init', { directory, cwd, stack })

Applying the Pattern

Steps: (1) Trace data flow (origin → error) (2) Map all checkpoints (3) Add validation at each layer (4) Test each layer (try to bypass layer 1, verify layer 2 catches it)

Example

Bug: Empty projectDir caused git init in source code

Flow: Test setup ('') → Project.create(name, '')WorkspaceManager.createWorkspace('')git init in process.cwd()

Layers added: L1: Project.create() validates not empty/exists/writable | L2: WorkspaceManager validates not empty | L3: Refuse git init outside tmpdir in tests | L4: Stack trace logging

Result: 1847 tests passed, bug impossible to reproduce

Key Insight

All four layers necessary - each caught bugs others missed: different code paths bypassed entry validation | mocks bypassed business logic | edge cases needed environment guards | debug logging identified structural misuse.

Don't stop at one validation point. Add checks at every layer.