From shannon
Use when invalid data causes failures deep in execution, requiring validation at multiple system layers - validates at every layer data passes through using Shannon validation gates to make bugs structurally impossible with quantitative coverage tracking
npx claudepluginhub krzemienski/shannon-framework --plugin shannonThis skill uses the workspace's default tool permissions.
When you fix a bug caused by invalid data, adding validation at one place feels sufficient. But that single check can be bypassed by different code paths, refactoring, or mocks.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
When you fix a bug caused by invalid data, adding validation at one place feels sufficient. But that single check can be bypassed by different code paths, refactoring, or mocks.
Core principle: Validate at EVERY layer data passes through. Make the bug structurally impossible.
Single validation: "We fixed the bug" Multiple layers: "We made the bug impossible"
Different layers catch different cases:
Shannon extends Superpowers' 4-layer model with validation gates integration.
Purpose: Reject obviously invalid input at API boundary
function createProject(name: string, workingDirectory: string) {
if (!workingDirectory || workingDirectory.trim() === '') {
throw new Error('workingDirectory cannot be empty');
}
if (!existsSync(workingDirectory)) {
throw new Error(`workingDirectory does not exist: ${workingDirectory}`);
}
if (!statSync(workingDirectory).isDirectory()) {
throw new Error(`workingDirectory is not a directory: ${workingDirectory}`);
}
// ... proceed
}
Purpose: Ensure data makes sense for this operation
function initializeWorkspace(projectDir: string, sessionId: string) {
if (!projectDir) {
throw new Error('projectDir required for workspace initialization');
}
// ... proceed
}
Purpose: Prevent dangerous operations in specific contexts
async function gitInit(directory: string) {
// In tests, refuse git init outside temp directories
if (process.env.NODE_ENV === 'test') {
const normalized = normalize(resolve(directory));
const tmpDir = normalize(resolve(tmpdir()));
if (!normalized.startsWith(tmpDir)) {
throw new Error(
`Refusing git init outside temp dir during tests: ${directory}`
);
}
}
// ... proceed
}
Purpose: Run Shannon's 3-tier validation at critical checkpoints
async function deployFeature(feature: Feature) {
// Shannon's 3-tier validation
const gates = await runValidationGates(feature);
// Tier 1: Flow validation
if (!gates.tier1.pass) {
throw new Error(`Flow validation failed: ${gates.tier1.errors}`);
}
// Tier 2: Artifact validation
if (!gates.tier2.pass) {
throw new Error(`Artifact validation failed: ${gates.tier2.errors}`);
}
// Tier 3: Functional validation (NO MOCKS)
if (!gates.tier3.pass) {
throw new Error(`Functional validation failed: ${gates.tier3.errors}`);
}
// All gates passed, proceed with deployment
// ... proceed
}
Purpose: Capture context for forensics and Serena learning
async function gitInit(directory: string) {
const stack = new Error().stack;
// Shannon: Save to Serena for pattern analysis
await serena.write_memory(`operations/git_init/${Date.now()}`, {
operation: 'git_init',
directory,
cwd: process.cwd(),
env: process.env.NODE_ENV,
stack_depth: stack.split('\n').length,
timestamp: new Date().toISOString()
});
logger.debug('About to git init', {
directory,
cwd: process.cwd(),
stack,
});
// ... proceed
}
When you find a bug:
Trace the data flow (use root-cause-tracing skill)
Map all checkpoints
Add validation at each layer
Test each layer
Bug: Empty projectDir caused git init in source code
Data flow:
Project.create(name, '')WorkspaceManager.createWorkspace('')git init runs in process.cwd()Five layers added (Shannon enhancement):
Project.create() validates not empty/exists/writableWorkspaceManager validates projectDir not emptyWorktreeManager refuses git init outside tmpdir in testsResult: All 1847 tests passed, bug impossible to reproduce
Shannon tracking:
defense_coverage = {
"bug_id": "empty_projectDir",
"layers_added": 5,
"coverage": {
"entry_point": True,
"business_logic": True,
"environment_guards": True,
"validation_gates": True,
"instrumentation": True
},
"tests_passed": "1847/1847",
"bug_reproducible": False,
"timestamp": ISO_timestamp
}
serena.write_memory("defense/coverage/empty_projectDir", defense_coverage)
At critical checkpoints, run Shannon's 3-tier validation:
async function criticalOperation(data: unknown) {
// Layer 1: Entry validation
validateInput(data);
// Layer 2: Business validation
validateBusinessRules(data);
// Layer 3: Environment guards
if (process.env.NODE_ENV === 'production') {
requireProductionChecks(data);
}
// Layer 4: Shannon validation gates
const gates = await runValidationGates({
tier1: () => checkFlow(data),
tier2: () => checkArtifacts(data),
tier3: () => checkFunctional(data) // NO MOCKS
});
if (!gates.allPass) {
throw new ValidationError('Gates failed', gates.failures);
}
// Layer 5: Instrumentation
await logToSerena('criticalOperation', { data, gates });
// Now safe to proceed
// ...
}
Shannon requirement: Track defense coverage quantitatively:
# After adding defense layers
coverage_metrics = {
"total_layers": 5,
"layers_implemented": {
"entry_point": True,
"business_logic": True,
"environment_guards": True,
"validation_gates": True,
"instrumentation": True
},
"coverage_percentage": 100.0, # 5/5 layers
"test_verification": {
"bypass_attempts": 5,
"all_caught": True,
"layer_effectiveness": {
"layer1_catches": 3, # 60% of bypass attempts
"layer2_catches": 1, # 20%
"layer3_catches": 1, # 20%
"layer4_catches": 0, # All caught before gates
"layer5_detected": 5 # 100% logged
}
}
}
serena.write_memory("defense/metrics/{feature_id}", coverage_metrics)
Shannon learns which patterns work:
# Query historical defense implementations
defense_history = serena.query_memory("defense/metrics/*")
# Analyze effectiveness
analysis = {
"total_defenses": len(defense_history),
"avg_layers": average([d["total_layers"] for d in defense_history]),
"most_effective_layer": "entry_point", # Catches 65% on average
"least_bypassed": "validation_gates", # Never bypassed
"recommendation": "Always implement layer 4 (gates) for critical operations"
}
# Use this to guide future defense implementations
All five layers were necessary. During testing, each layer caught bugs the others missed:
Don't stop at one validation point. Add checks at every layer.
This skill works with:
Shannon integration:
After adding defense layers:
One layer = fixed the bug. Five layers = made it impossible.
Shannon's quantitative tracking + validation gates makes defense-in-depth measurable and verifiable.
Not "seems solid" - proven solid through multi-layer verification.