ai-error-handling
2
总安装量
1
周安装量
#75121
全站排名
安装命令
npx skills add https://github.com/peterbamuhigire/skills-web-dev --skill ai-error-handling
Agent 安装分布
amp
1
cline
1
opencode
1
cursor
1
continue
1
kimi-cli
1
Skill 文档
Required Plugins
Superpowers plugin: MUST be active for all work using this skill. Use throughout the entire build pipeline â design decisions, code generation, debugging, quality checks, and any task where it offers enhanced capabilities. If superpowers provides a better way to accomplish something, prefer it over the default approach.
AI Error Handling & Validation
When to Use This Skill
Use when:
- Claude generates code (always validate)
- Building production code (quality gates required)
- Reviewing AI output (systematic verification)
- Ensuring code correctness (automated checks)
This skill automatically enforces validation patterns.
The 5-Layer Validation Stack
Every AI-generated code MUST pass through all 5 layers:
Layer 1: Syntax Check ââ Can it parse?
â
Layer 2: Requirement Check ââ Does it meet specs?
â
Layer 3: Test Check ââ Do tests pass?
â
Layer 4: Security Check ââ Any vulnerabilities?
â
Layer 5: Documentation Check ââ Can Claude explain it?
â
APPROVED â
Layer 1: Syntax Validation
Rule: Code must be syntactically correct before anything else.
JavaScript/TypeScript
# Syntax check
node --check file.js
# TypeScript check
tsc --noEmit file.ts
# ESLint
eslint file.js
PHP
# Syntax check
php -l file.php
# Code style
phpcs file.php
# Static analysis
phpstan analyze file.php
Python
# Syntax check
python -m py_compile file.py
# Type checking
mypy file.py
# Linting
pylint file.py
If syntax fails:
Ask Claude: "Fix syntax errors in [file]:
[Paste error output]
Correct the code to parse successfully."
Layer 2: Requirement Validation
Rule: Code must implement ALL requirements, not just some.
Validation Process
/**
* REQUIREMENT CHECKLIST
*
* Requirement 1: Validate user email format
* â Implemented at line 15 (regex validation)
* â Test exists: test/user.spec.js:42
*
* Requirement 2: Check email uniqueness in database
* â Implemented at line 23 (database query)
* â Test exists: test/user.spec.js:58
*
* Requirement 3: Return appropriate error codes
* â 400 for invalid format (line 18)
* â 409 for duplicate (line 27)
* â Test exists: test/user.spec.js:71, 85
*
* Requirement 4: Hash password before storing
* â MISSING - Not implemented
* â No test found
*
* STATUS: INCOMPLETE (1/4 requirements missing)
*/
If requirements fail:
Ask Claude: "This code doesn't meet Requirement X:
Expected: [describe requirement]
Actual: [describe what's missing]
Add the missing functionality."
Layer 3: Test Validation
Rule: Code without tests is unverified code.
Required Test Categories
// Test Category 1: Happy Path
it('should register user with valid data', async () => {
const result = await registerUser({
email: 'valid@example.com',
password: 'SecurePass123'
});
expect(result.success).toBe(true);
});
// Test Category 2: Edge Cases
it('should handle email with special characters', async () => {
const result = await registerUser({
email: 'user+tag@sub.example.com',
password: 'SecurePass123'
});
expect(result.success).toBe(true);
});
it('should reject email without domain', async () => {
const result = await registerUser({
email: 'invalid',
password: 'SecurePass123'
});
expect(result.success).toBe(false);
});
// Test Category 3: Error Cases
it('should handle database connection failure', async () => {
// Mock database failure
jest.spyOn(db, 'query').mockRejectedValue(new Error('Connection lost'));
const result = await registerUser({
email: 'test@example.com',
password: 'SecurePass123'
});
expect(result.success).toBe(false);
expect(result.error).toContain('database');
});
// Test Category 4: Security Cases
it('should prevent SQL injection attempts', async () => {
const result = await registerUser({
email: "'; DROP TABLE users; --",
password: 'SecurePass123'
});
expect(result.success).toBe(false);
});
If tests fail:
Ask Claude: "These tests are failing:
Test: [name]
Expected: [expected result]
Actual: [actual result]
Error: [error message]
Fix the implementation to make tests pass."
Layer 4: Security Validation
Rule: Every piece of code must be security-reviewed.
Security Checklist
## Input Validation
â¡ All user inputs validated
â¡ Data types enforced
â¡ Length limits enforced
â¡ Special characters handled
## SQL Injection Prevention
â¡ Parameterized queries used
â¡ No string concatenation for SQL
â¡ ORM used correctly
## XSS Prevention
â¡ Output escaped
â¡ HTML entities encoded
â¡ Content Security Policy set
## Authentication & Authorization
â¡ Authentication required where needed
â¡ Authorization checked before actions
â¡ Sessions validated
â¡ Tokens verified
## Data Exposure
â¡ No secrets in code
â¡ No sensitive data in logs
â¡ No password in plain text
â¡ No API keys hardcoded
## Error Handling
â¡ No stack traces to users
â¡ Generic error messages
â¡ Detailed logs server-side only
Common Security Issues:
â SQL Injection
// DON'T:
const query = `SELECT * FROM users WHERE email = '${email}'`;
const users = await db.query(query);
// DO:
const query = 'SELECT * FROM users WHERE email = ?';
const users = await db.query(query, [email]);
â XSS (Cross-Site Scripting)
// DON'T:
element.innerHTML = userInput;
// DO:
element.textContent = userInput;
// Or use proper escaping library
â Exposed Secrets
// DON'T:
const apiKey = 'sk-1234567890abcdef';
// DO:
const apiKey = process.env.API_KEY;
If security fails:
Ask Claude: "Security issues found:
Issue: [describe vulnerability]
Location: [file:line]
Risk: [High/Medium/Low]
Fix this security vulnerability."
Layer 5: Documentation Validation
Rule: If Claude can’t explain the code clearly, it might be wrong.
Documentation Test
Ask Claude: "Explain this function:
- What does it do?
- What are the inputs (with types)?
- What are the outputs (with format)?
- What are possible errors?
- What edge cases does it handle?
- Provide a usage example."
If Claude:
â Explains clearly and correctly â Code is probably good
â Can't explain or explanation is wrong â Code might be faulty
Example: Good Documentation
/**
* Registers a new user account
*
* PROCESS:
* 1. Validates email format and password strength
* 2. Checks email uniqueness in database
* 3. Hashes password with bcrypt (12 rounds)
* 4. Creates user record in database
* 5. Sends welcome email
*
* @param {Object} userData - User registration data
* @param {string} userData.email - Valid email address (RFC 5322)
* @param {string} userData.password - Password (min 8 chars, 1 upper, 1 number)
* @param {string} userData.name - Full name (optional)
*
* @returns {Promise<{success: boolean, userId?: string, error?: string}>}
* success=true: User created, userId returned
* success=false: Creation failed, error message returned
*
* @throws {ValidationError} Invalid email or weak password
* @throws {DuplicateError} Email already registered
* @throws {DatabaseError} Database operation failed
*
* @example
* // Success case
* const result = await registerUser({
* email: 'john@example.com',
* password: 'SecurePass123',
* name: 'John Doe'
* });
* // result = { success: true, userId: '123' }
*
* @example
* // Failure case (duplicate email)
* const result = await registerUser({
* email: 'existing@example.com',
* password: 'SecurePass123'
* });
* // result = { success: false, error: 'Email already registered' }
*/
async function registerUser(userData) {
// Implementation...
}
The Validation Loop
Pattern: Don’t accept poor AI output. Loop until quality threshold met.
âââââââââââââââââââââââââââââââ
â Claude generates code â
ââââââââââââ¬âââââââââââââââââââ
â
â¼
âââââââââââââââââââââââââââââââ
â Run 5-layer validation â
ââââââââââââ¬âââââââââââââââââââ
â
â¼
âââââââââââââââââââââââââââââââ
â All layers pass? â
â YES â ACCEPT â
â NO â REJECT + FEEDBACK â
ââââââââââââ¬âââââââââââââââââââ
â
ââââââââ´âââââââ
â NO â YES
â¼ â¼
âââââââââââ ââââââââ
â Ask â â DONE â
â Claude â â â
â to fix â ââââââââ
ââââââ¬âââââ
â
â (Loop back)
âââââââââââââââââââââââ
â
â¼
(Try again with feedback)
MAX ITERATIONS: 3
If still failing after 3 attempts:
â Human review required
Quality Scoring System
Score AI-generated code on a 0-100 scale:
Syntax (20 points):
ââ Parses correctly: 10 points
ââ Follows style guide: 5 points
ââ No linting errors: 5 points
Requirements (30 points):
ââ All requirements met: 20 points
ââ Edge cases handled: 5 points
ââ Error cases handled: 5 points
Tests (20 points):
ââ Happy path covered: 8 points
ââ Edge cases tested: 6 points
ââ Error cases tested: 6 points
Security (20 points):
ââ No SQL injection: 5 points
ââ No XSS: 5 points
ââ Input validation: 5 points
ââ No exposed secrets: 5 points
Documentation (10 points):
ââ Function documented: 5 points
ââ Usage examples: 5 points
TOTAL: 100 points
ACCEPTANCE THRESHOLD: >= 80 points
If < 80: Iterate with Claude
Recovery Strategies
| Problem | Recovery Action |
|---|---|
| Syntax error | Show error â Ask Claude to fix â Re-validate |
| Missing requirement | Point out missing feature â Ask Claude to add â Re-validate |
| Test failure | Show failed test â Ask Claude to fix logic â Re-run |
| Security vulnerability | Describe risk â Ask Claude to secure â Re-check |
| Poor documentation | Ask Claude to document â Verify explanation â Re-validate |
| Logic error | Show expected vs actual â Ask Claude to fix â Re-test |
| Performance issue | Show bottleneck â Ask Claude to optimize â Benchmark |
| Unclear code | Ask Claude to simplify â Verify clarity â Re-validate |
Automated Validation Script
#!/bin/bash
# validate-ai-code.sh - Automated 5-layer validation
echo "=== 5-LAYER VALIDATION ==="
# Layer 1: Syntax
echo "Layer 1: Syntax check"
php -l $1 || exit 1
# Layer 2: Requirements (manual checklist)
echo "Layer 2: Review requirements manually"
echo "All requirements met? (y/n)"
read requirements
if [ "$requirements" != "y" ]; then
echo "FAIL: Requirements not met"
exit 1
fi
# Layer 3: Tests
echo "Layer 3: Running tests"
phpunit tests/ || exit 1
# Layer 4: Security
echo "Layer 4: Security scan"
phpstan analyze $1 --level=8 || exit 1
# Layer 5: Documentation (manual check)
echo "Layer 5: Documentation review"
echo "Code properly documented? (y/n)"
read documentation
if [ "$documentation" != "y" ]; then
echo "FAIL: Documentation incomplete"
exit 1
fi
echo "â ALL LAYERS PASSED"
echo "Code approved for use"
Best Practices
DO:
â Always validate AI output – Never blindly accept â Run all 5 layers – Skip none â Loop until quality threshold – Don’t accept poor code â Provide specific feedback – Help Claude improve â Log validation results – Track quality over time â Automate where possible – Scripts for consistency
DON’T:
â Don’t skip validation – Even if Claude seems confident â Don’t accept failing tests – Fix before using â Don’t ignore security – Critical for production â Don’t use undocumented code – You’ll regret it later â Don’t blindly trust – Validate, verify, test
Integration with Other Skills
Use this skill WITH:
orchestration-best-practices– Validate orchestrated codeai-assisted-development– Validate AI agent outputsapi-error-handling– Validate API implementationsvibe-security-skill– Additional security checks
This skill ensures:
- No broken code reaches production
- All requirements are implemented
- Security vulnerabilities caught early
- Quality improves with each iteration
Summary
The 5 Validation Layers:
- Syntax – Can it parse?
- Requirements – Does it meet specs?
- Tests – Do tests pass?
- Security – Any vulnerabilities?
- Documentation – Can Claude explain it?
Quality Threshold: >= 80/100 points
Validation Loop: Generate â Validate â Pass? â Accept | Fail? â Fix â Repeat
Max Iterations: 3 (then human review)
Result: Production-ready, secure, verified code every time.
Related Skills:
orchestration-best-practices/– Code structure patternsai-assisted-development/– AI agent coordinationvibe-security-skill/– Security best practicesapi-error-handling/– API-specific validation
Last Updated: 2026-02-07 Line Count: ~487 lines (compliant)