1.8 KiB
1.8 KiB
title, type, permalink
| title | type | permalink |
|---|---|---|
| defense-in-depth | note | opencode-config/skills/systematic-debugging/defense-in-depth |
Defense in Depth
Overview
A single validation check can be bypassed by alternate paths, refactors, or test setup differences.
Core principle: add validation at multiple layers so one missed check does not recreate the same failure.
Layered Validation Model
Layer 1: Entry Validation
Reject obviously invalid input at boundaries (CLI/API/public methods).
Layer 2: Business-Logic Validation
Re-validate assumptions where operations are performed.
Layer 3: Environment Guards
Block dangerous operations in sensitive contexts (for example, test/runtime safety guards).
Layer 4: Diagnostic Context
Emit enough structured debug information to support future root-cause analysis.
Applying the Pattern
- Trace real data flow from entry to failure.
- Mark all checkpoints where invalid state could be detected.
- Add targeted validation at each relevant layer.
- Verify each layer can catch invalid input independently.
Example Shape
function createWorkspace(path: string) {
// Layer 1: entry
if (!path || path.trim() === '') {
throw new Error('path is required');
}
// Layer 2: operation-specific
if (!isPathAllowed(path)) {
throw new Error(`path not allowed: ${path}`);
}
}
async function dangerousOperation(path: string) {
// Layer 3: environment guard
if (process.env.NODE_ENV === 'test' && !isSafeTestPath(path)) {
throw new Error(`refusing unsafe path in test mode: ${path}`);
}
// Layer 4: diagnostic context
console.error('operation context', { path, cwd: process.cwd(), stack: new Error().stack });
}
Key Outcome
Root-cause fixes prevent recurrence at the origin. Layered validation reduces the chance that adjacent paths can reintroduce the same class of bug.