KS
Killer-Skills

defense-in-depth — how to use defense-in-depth how to use defense-in-depth, defense-in-depth validation, GH copilot custom agents, data validation best practices, defense-in-depth setup guide, defense-in-depth vs single validation

v1.0.0
GitHub

About this Skill

Perfect for Code Review Agents needing robust data validation and bug prevention capabilities. Defense-in-depth is a validation principle that ensures data integrity by checking it at every layer, preventing bugs and errors from occurring.

Features

Validates data at every layer to prevent bugs
Catches different cases through multiple validation layers
Entry validation catches invalid data at the point of entry
Supports custom agents for GH copilot
Enforces structurally impossible bug prevention

# Core Topics

how to use defense-in-depth defense-in-depth validation GH copilot custom agents data validation best practices defense-in-depth setup guide defense-in-depth vs single validation
AlabamaMike AlabamaMike
[0]
[0]
Updated: 3/6/2026

Quality Score

Top 5%
36
Excellent
Based on code quality & docs
Installation
SYS Universal Install (Auto-Detect)
Cursor IDE Windsurf IDE VS Code IDE
> npx killer-skills add AlabamaMike/copilot-agents/defense-in-depth

Agent Capability Analysis

The defense-in-depth MCP Server by AlabamaMike is an open-source Categories.community integration for Claude and other AI agents, enabling seamless task automation and capability expansion. Optimized for how to use defense-in-depth, defense-in-depth validation, GH copilot custom agents.

Ideal Agent Persona

Perfect for Code Review Agents needing robust data validation and bug prevention capabilities.

Core Value

Empowers agents to enforce defense-in-depth validation, making bugs structurally impossible by validating data at every layer, utilizing multiple layers of validation including entry validation, and ensuring data integrity through comprehensive checks.

Capabilities Granted for defense-in-depth MCP Server

Validating complex data at multiple layers
Preventing bugs through structural impossibility
Ensuring data integrity in GH copilot environments

! Prerequisites & Limits

  • Requires custom agent implementation for GH copilot
  • May increase development complexity due to multiple validation layers
Project
SKILL.md
3.6 KB
.cursorrules
1.2 KB
package.json
240 B
Ready
UTF-8

# Tags

[No tags]
SKILL.md
Readonly

Defense-in-Depth Validation

Overview

When you fix a bug caused by invalid data, adding validation at one place feels sufficient. But that single check can be bypassed by different code paths, refactoring, or mocks.

Core principle: Validate at EVERY layer data passes through. Make the bug structurally impossible.

Why Multiple Layers

Single validation: "We fixed the bug" Multiple layers: "We made the bug impossible"

Different layers catch different cases:

  • Entry validation catches most bugs
  • Business logic catches edge cases
  • Environment guards prevent context-specific dangers
  • Debug logging helps when other layers fail

The Four Layers

Layer 1: Entry Point Validation

Purpose: Reject obviously invalid input at API boundary

typescript
1function createProject(name: string, workingDirectory: string) {
2  if (!workingDirectory || workingDirectory.trim() === '') {
3    throw new Error('workingDirectory cannot be empty');
4  }
5  if (!existsSync(workingDirectory)) {
6    throw new Error(`workingDirectory does not exist: ${workingDirectory}`);
7  }
8  if (!statSync(workingDirectory).isDirectory()) {
9    throw new Error(`workingDirectory is not a directory: ${workingDirectory}`);
10  }
11  // ... proceed
12}

Layer 2: Business Logic Validation

Purpose: Ensure data makes sense for this operation

typescript
1function initializeWorkspace(projectDir: string, sessionId: string) {
2  if (!projectDir) {
3    throw new Error('projectDir required for workspace initialization');
4  }
5  // ... proceed
6}

Layer 3: Environment Guards

Purpose: Prevent dangerous operations in specific contexts

typescript
1async function gitInit(directory: string) {
2  // In tests, refuse git init outside temp directories
3  if (process.env.NODE_ENV === 'test') {
4    const normalized = normalize(resolve(directory));
5    const tmpDir = normalize(resolve(tmpdir()));
6
7    if (!normalized.startsWith(tmpDir)) {
8      throw new Error(
9        `Refusing git init outside temp dir during tests: ${directory}`
10      );
11    }
12  }
13  // ... proceed
14}

Layer 4: Debug Instrumentation

Purpose: Capture context for forensics

typescript
1async function gitInit(directory: string) {
2  const stack = new Error().stack;
3  logger.debug('About to git init', {
4    directory,
5    cwd: process.cwd(),
6    stack,
7  });
8  // ... proceed
9}

Applying the Pattern

When you find a bug:

  1. Trace the data flow - Where does bad value originate? Where used?
  2. Map all checkpoints - List every point data passes through
  3. Add validation at each layer - Entry, business, environment, debug
  4. Test each layer - Try to bypass layer 1, verify layer 2 catches it

Example from Session

Bug: Empty projectDir caused git init in source code

Data flow:

  1. Test setup → empty string
  2. Project.create(name, '')
  3. WorkspaceManager.createWorkspace('')
  4. git init runs in process.cwd()

Four layers added:

  • Layer 1: Project.create() validates not empty/exists/writable
  • Layer 2: WorkspaceManager validates projectDir not empty
  • Layer 3: WorktreeManager refuses git init outside tmpdir in tests
  • Layer 4: Stack trace logging before git init

Result: All 1847 tests passed, bug impossible to reproduce

Key Insight

All four layers were necessary. During testing, each layer caught bugs the others missed:

  • Different code paths bypassed entry validation
  • Mocks bypassed business logic checks
  • Edge cases on different platforms needed environment guards
  • Debug logging identified structural misuse

Don't stop at one validation point. Add checks at every layer.

Related Skills

Looking for an alternative to defense-in-depth or building a Categories.community AI Agent? Explore these related open-source MCP Servers.

View All

widget-generator

Logo of f
f

widget-generator is an open-source AI agent skill for creating widget plugins that are injected into prompt feeds on prompts.chat. It supports two rendering modes: standard prompt widgets using default PromptCard styling and custom render widgets built as full React components.

149.6k
0
Design

chat-sdk

Logo of lobehub
lobehub

chat-sdk is a unified TypeScript SDK for building chat bots across multiple platforms, providing a single interface for deploying bot logic.

73.0k
0
Communication

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
Communication

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
Communication