AgentSkillsCN

ring:defense-in-depth

多层校验模式——在数据流经的每一层均进行严格校验,从根本上杜绝漏洞,而非仅仅在事后发现并修复。

SKILL.md
--- frontmatter
name: ring:defense-in-depth
description: |
  Multi-layer validation pattern - validates data at EVERY layer it passes through
  to make bugs structurally impossible, not just caught.

trigger: |
  - Bug caused by invalid data reaching deep layers
  - Single validation point can be bypassed
  - Need to prevent bug category, not just instance

skip_when: |
  - Validation already exists at all layers → check other issues
  - Simple input validation sufficient → add single check

related:
  complementary: [root-cause-tracing]

Defense-in-Depth Validation

Overview

When you fix a bug caused by invalid data, adding validation at one place feels sufficient. But that single check can be bypassed by different code paths, refactoring, or mocks.

Core principle: Validate at EVERY layer data passes through. Make the bug structurally impossible.

Why Multiple Layers

Single validation: "We fixed the bug" Multiple layers: "We made the bug impossible"

Different layers catch different cases:

  • Entry validation catches most bugs
  • Business logic catches edge cases
  • Environment guards prevent context-specific dangers
  • Debug logging helps when other layers fail

The Four Layers

LayerPurposeExample
1. Entry PointReject invalid input at API boundaryif (!workingDir || !existsSync(workingDir)) throw new Error(...)
2. Business LogicEnsure data makes sense for operationif (!projectDir) throw new Error('projectDir required')
3. Environment GuardsPrevent dangerous ops in contextsif (NODE_ENV === 'test' && !path.startsWith(tmpdir())) throw...
4. Debug InstrumentationCapture context for forensicslogger.debug('About to git init', { directory, cwd, stack })

Applying the Pattern

Steps: (1) Trace data flow (origin → error) (2) Map all checkpoints (3) Add validation at each layer (4) Test each layer (try to bypass layer 1, verify layer 2 catches it)

Example

Bug: Empty projectDir caused git init in source code

Flow: Test setup ('') → Project.create(name, '')WorkspaceManager.createWorkspace('')git init in process.cwd()

Layers added: L1: Project.create() validates not empty/exists/writable | L2: WorkspaceManager validates not empty | L3: Refuse git init outside tmpdir in tests | L4: Stack trace logging

Result: 1847 tests passed, bug impossible to reproduce

Key Insight

All four layers necessary - each caught bugs others missed: different code paths bypassed entry validation | mocks bypassed business logic | edge cases needed environment guards | debug logging identified structural misuse.

Don't stop at one validation point. Add checks at every layer.