defense-in-depth — community defense-in-depth, copilot-agents, community, ide skills, Claude Code, Cursor, Windsurf

v1.0.0
GitHub

About this Skill

Ideal for Security-Centric Agents requiring robust data validation and sanitization protocols Custom agents built for GH copilot

AlabamaMike AlabamaMike
[0]
[0]
Updated: 3/5/2026

Agent Capability Analysis

The defense-in-depth skill by AlabamaMike is an open-source community AI agent skill for Claude Code and other IDE workflows, helping agents execute tasks with better context, repeatability, and domain-specific guidance.

Ideal Agent Persona

Ideal for Security-Centric Agents requiring robust data validation and sanitization protocols

Core Value

Empowers agents to enforce defense-in-depth principles, structurally preventing bugs through multi-layer validation, ensuring data integrity and security across various code paths and refactoring scenarios, leveraging protocols such as entry validation and mocking

Capabilities Granted for defense-in-depth

Implementing multi-layer data validation
Structurally preventing bugs in complex codebases
Enhancing security through robust data sanitization

! Prerequisites & Limits

  • Requires comprehensive codebase analysis
  • May introduce additional computational overhead
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

defense-in-depth

Install defense-in-depth, an AI agent skill for AI agent workflows and automation. Works with Claude Code, Cursor, and Windsurf with one-command setup.

SKILL.md
Readonly

Defense-in-Depth Validation

Overview

When you fix a bug caused by invalid data, adding validation at one place feels sufficient. But that single check can be bypassed by different code paths, refactoring, or mocks.

Core principle: Validate at EVERY layer data passes through. Make the bug structurally impossible.

Why Multiple Layers

Single validation: "We fixed the bug" Multiple layers: "We made the bug impossible"

Different layers catch different cases:

  • Entry validation catches most bugs
  • Business logic catches edge cases
  • Environment guards prevent context-specific dangers
  • Debug logging helps when other layers fail

The Four Layers

Layer 1: Entry Point Validation

Purpose: Reject obviously invalid input at API boundary

typescript
1function createProject(name: string, workingDirectory: string) {
2  if (!workingDirectory || workingDirectory.trim() === '') {
3    throw new Error('workingDirectory cannot be empty');
4  }
5  if (!existsSync(workingDirectory)) {
6    throw new Error(`workingDirectory does not exist: ${workingDirectory}`);
7  }
8  if (!statSync(workingDirectory).isDirectory()) {
9    throw new Error(`workingDirectory is not a directory: ${workingDirectory}`);
10  }
11  // ... proceed
12}

Layer 2: Business Logic Validation

Purpose: Ensure data makes sense for this operation

typescript
1function initializeWorkspace(projectDir: string, sessionId: string) {
2  if (!projectDir) {
3    throw new Error('projectDir required for workspace initialization');
4  }
5  // ... proceed
6}

Layer 3: Environment Guards

Purpose: Prevent dangerous operations in specific contexts

typescript
1async function gitInit(directory: string) {
2  // In tests, refuse git init outside temp directories
3  if (process.env.NODE_ENV === 'test') {
4    const normalized = normalize(resolve(directory));
5    const tmpDir = normalize(resolve(tmpdir()));
6
7    if (!normalized.startsWith(tmpDir)) {
8      throw new Error(
9        `Refusing git init outside temp dir during tests: ${directory}`
10      );
11    }
12  }
13  // ... proceed
14}

Layer 4: Debug Instrumentation

Purpose: Capture context for forensics

typescript
1async function gitInit(directory: string) {
2  const stack = new Error().stack;
3  logger.debug('About to git init', {
4    directory,
5    cwd: process.cwd(),
6    stack,
7  });
8  // ... proceed
9}

Applying the Pattern

When you find a bug:

  1. Trace the data flow - Where does bad value originate? Where used?
  2. Map all checkpoints - List every point data passes through
  3. Add validation at each layer - Entry, business, environment, debug
  4. Test each layer - Try to bypass layer 1, verify layer 2 catches it

Example from Session

Bug: Empty projectDir caused git init in source code

Data flow:

  1. Test setup → empty string
  2. Project.create(name, '')
  3. WorkspaceManager.createWorkspace('')
  4. git init runs in process.cwd()

Four layers added:

  • Layer 1: Project.create() validates not empty/exists/writable
  • Layer 2: WorkspaceManager validates projectDir not empty
  • Layer 3: WorktreeManager refuses git init outside tmpdir in tests
  • Layer 4: Stack trace logging before git init

Result: All 1847 tests passed, bug impossible to reproduce

Key Insight

All four layers were necessary. During testing, each layer caught bugs the others missed:

  • Different code paths bypassed entry validation
  • Mocks bypassed business logic checks
  • Edge cases on different platforms needed environment guards
  • Debug logging identified structural misuse

Don't stop at one validation point. Add checks at every layer.

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is defense-in-depth?

Ideal for Security-Centric Agents requiring robust data validation and sanitization protocols Custom agents built for GH copilot

How do I install defense-in-depth?

Run the command: npx killer-skills add AlabamaMike/copilot-agents/defense-in-depth. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for defense-in-depth?

Key use cases include: Implementing multi-layer data validation, Structurally preventing bugs in complex codebases, Enhancing security through robust data sanitization.

Which IDEs are compatible with defense-in-depth?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for defense-in-depth?

Requires comprehensive codebase analysis. May introduce additional computational overhead.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add AlabamaMike/copilot-agents/defense-in-depth. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use defense-in-depth immediately in the current project.

Related Skills

Looking for an alternative to defense-in-depth or another community skill for your workflow? Explore these related open-source skills.

View All

widget-generator

Logo of f
f

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.

149.6k
0
AI

flags

Logo of vercel
vercel

flags is a Next.js feature management skill that enables developers to efficiently add or modify framework feature flags, streamlining React application development.

138.4k
0
Browser

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI