- Home
- Skills
- Mamba Mental
- Agent Skill Manager
- Defense In Depth
defense-in-depth_skill
- Python
2
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill mamba-mental/agent-skill-manager --skill defense-in-depth- SKILL.md3.8 KB
Overview
This skill implements a Defense-in-Depth Validation strategy that adds validation checks at every layer data passes through to make bugs structurally impossible. It integrates entry-point validation, business logic checks, environment guards, and debug instrumentation to catch invalid state from multiple angles. The goal is to stop invalid inputs early and ensure later layers still protect against bypasses, mocks, and refactors.
How this skill works
The skill instruments key code paths with four validation layers: API/entry-point checks to reject obviously invalid input; business-logic assertions to ensure data is sensible for the operation; environment guards to prevent dangerous context-specific actions; and debug instrumentation to capture context when something unexpected occurs. When a bug is found, the skill guides tracing data flow, mapping checkpoints, and adding or tightening validations at each layer, then verifies by testing bypass attempts.
When to use it
- When an input validation bug recurs after a single fix
- Before performing filesystem, network, or process-changing actions
- In tests to prevent operations that modify real resources
- When refactoring or adding alternate code paths that may bypass checks
- During incident forensics to capture context and repro data
Best practices
- Validate at the API boundary but never rely on it alone
- Add focused business-logic checks for operation-specific invariants
- Enforce environment guards in test and CI to avoid side effects
- Attach lightweight debug context (stack, cwd, inputs) around risky ops
- Write tests that attempt to bypass each layer and verify remaining guards
Example use cases
- Reject empty or non-existent working directories at the service boundary
- Assert required workspace parameters inside workspace initialization routines
- Refuse git init in tests unless the directory is inside a temporary path
- Log stack and process context before running external commands for forensic traces
- Harden CI and integration tests by layering checks so mocks cannot trigger real side effects
FAQ
Checks should be inexpensive and focused: entry checks reject obvious invalid input, business checks verify operation-specific invariants, and environment guards are conditional. Properly designed checks add negligible overhead but dramatically reduce risk.
How do I test that a layer actually prevents a bug?
Create targeted tests that intentionally bypass earlier layers (mocks, direct calls) and confirm the next layer still rejects the bad data. Include test cases for environment-specific guards and record debug logs for verification.