MCP HubMCP Hub
스킬 목록으로 돌아가기

defend-colony

pjt222
업데이트됨 2 days ago
2 조회
17
2
17
GitHub에서 보기
메타reactdesign

정보

이 스킬은 면역 반응 패턴에서 영감을 받아 분산 시스템에서 집단적이고 계층화된 방어를 구현하는 프레임워크를 제공합니다. 위협 탐지, 경고 전파, 심각도에 따라 단계적으로 확대되는 비례적 대응을 가능하게 하여 과잉 또는 과소 대응을 방지합니다. 단일 구성 요소로 모든 위협을 해결할 수 없는 환경에서 확장 가능한 사고 대응 및 심층 방어 전략을 설계할 때 활용하세요.

빠른 설치

Claude Code

추천
기본
npx skills add pjt222/agent-almanac -a claude-code
플러그인 명령대체
/plugin add https://github.com/pjt222/agent-almanac
Git 클론대체
git clone https://github.com/pjt222/agent-almanac.git ~/.claude/skills/defend-colony

Claude Code에서 이 명령을 복사하여 붙여넣어 스킬을 설치하세요

문서

Defend Colony

Layered collective defense: alarm signal + role mobilize + proportional response + immune memory. Inspired by social insect + biological immune sys.

Use When

  • Defense-in-depth, no single guardian covers all
  • Incident response scales w/ severity
  • Components can't defend alone
  • Defense over-reactive (every alert = full mob) / under-reactive (threats unnoticed)
  • Org resilience: teams self-org on incident
  • Complement coordinate-swarm w/ threat-response patterns

In

  • Required: Colony desc (sys, org, team)
  • Required: Threat cats (attacks, failures, competitors, env)
  • Optional: Current defenses + fail modes
  • Optional: Defender types + caps
  • Optional: Latency per tier
  • Optional: Recovery reqs

Do

Step 1: Threat Landscape + Perimeter

ID what to defend, from what, where perimeter.

  1. Critical assets:
    • Protect all cost (core data, prod sys, key ppl)
    • Can sustain temp damage (staging, non-crit svcs)
    • Expendable under extreme (caches, replicas, non-essential)
  2. Classify threats:
    • Probes: low-level recon (port scans, failed logins)
    • Incursions: active boundary violations (unauth access, injection)
    • Infestations: persistent inside (compromised nodes, insider)
    • Existential: survival threats (corruption, catastrophic fail, DDoS)
  3. Perimeter:
    • Outer: first detection (firewalls, rate limits, monitoring)
    • Inner: critical asset boundaries (access ctrl, encryption, isolation)
    • Core: last-resort (backups, kill switches, circuit breakers)

Got: Map: assets prioritized + threats classified + perimeters layered.

If err: Overwhelming → top 3 critical assets + top 3 threat types. Coverage of what matters > perfect. Unclear boundaries → default zero-trust + define from actual traffic.

Step 2: Alarm Network

Detection + alert propagation.

  1. Sentinels per layer:
    • Outer: light, high-sens (may false+)
    • Inner: heavy, high-spec (fewer false+, slower)
    • Core: critical monitors (zero missed tolerance)
  2. Graduated alarms:
    • Yellow: anomaly, increased monitor, no mob
    • Orange: confirmed pattern, local defenders mob, scouts investigate
    • Red: active breach / severe, full mob, non-essential paused
    • Black: existential, all → defense, sacrifice expendable if needed
  3. Propagation:
    • Local: sentinels alert nearby directly
    • Regional: clusters aggregate + escalate if threshold met
    • Colony-wide: regional escalation → broadcast
    • Each step adds confirmation — single sentinel can't trigger colony-wide
  4. Fatigue prevention:
    • Auto-suppress repeated identical (dedup w/ time window)
    • Req escalation confirmed by indep sentinels
    • Track alarm-to-threat ratio — FP >50% → recalibrate
Alarm Propagation:
┌──────────────────────────────────────────────────────────┐
│ Sentinel detects anomaly ──→ Yellow alert (local)        │
│        │                                                 │
│        ↓ (confirmed by 2nd sentinel)                     │
│ Orange alert ──→ Local defenders mobilize                │
│        │                                                 │
│        ↓ (pattern matches known threat + 3rd sentinel)   │
│ Red alert ──→ Full defense mobilization                  │
│        │                                                 │
│        ↓ (critical asset under active attack)            │
│ Black alert ──→ All resources to defense, circuit break  │
└──────────────────────────────────────────────────────────┘

Got: Graduated alarm, severity → response intensity. Multi-sentinel confirms prevent single FPs. Fatigue managed via dedup + calibration.

If err: Too many FPs → raise thresh / more confirms. Threats slip → add sentinels at breach layer / lower thresh. Too slow → reduce confirm reqs (accept higher FP).

Step 3: Role-Based Defenders

Assign roles + mob protocols proportional to threat.

  1. Roles:
    • Sentinels: detection (always active, low cost)
    • Guards: first responders (idle until mob, fast)
    • Soldiers: heavy (expensive mob, high cap)
    • Healers: repair + recovery (see repair-damage)
    • Messengers: coord across regions
  2. Roles → alerts:
    • Yellow: sentinels ↑ monitor freq, guards standby
    • Orange: guards mob → threat loc, soldiers standby
    • Red: soldiers mob, non-essential → defense
    • Black: all → defense, colony activities suspended
  3. Proportional:
    • Never soldiers for probe (waste + reveals caps)
    • Never only sentinels vs incursion (insufficient)
    • Match tier — escalate if fails, de-escalate when recedes
  4. Role transitions:
    • Workers → guards (temp upskill emergency)
    • Guards → soldiers (sustained threat)
    • Post-threat → reverse transitions restore normal

Got: Force scales w/ severity. Normal = min defense. Under threat = rapid proportional mob, no over/under.

If err: Mob too slow → pre-position guards near known vectors. Too expensive → reduce permanent guards, rely on worker-to-guard. Role confusion → simplify to 3 (detect/respond/recover).

Step 4: Immune Memory + Adaptation

Learn each encounter.

  1. Per incident, threat signature:
    • Attack pattern (how detected)
    • Vector (where entered)
    • Effective response (what stopped)
    • Failed response (what didn't)
  2. Store in immune memory:
    • Fast-lookup pattern lib for sentinels
    • Updated playbooks w/ known-effective
    • Flagged FP patterns → reduce future fatigue
  3. Adaptive immunity:
    • New signatures → all sentinels (colony-wide learning)
    • Detecting sentinels get priority updates (local)
    • Periodic review culls outdated
  4. Stress test:
    • Re-sim past threats → verify defenses still work
    • Red team → novel threats test adaptation
    • Measure detection: known vs unknown

Got: Defense gets stronger per encounter. Known = faster detect + better response. Novel = graduated alarm, resolution → memory.

If err: Memory too large → prioritize by freq + severity, archive rare/minor. Too specialized, misses novel → keep "general patrol" (anomaly detection, no pattern match).

Step 5: Post-Incident Recovery

Defense → normal w/ repair + resilience.

  1. Threat elim verify:
    • Confirm neutralized (not just suppressed)
    • Scan secondaries during primary
    • Verify no compromised agents remain
  2. Damage assess:
    • Catalog damaged/degraded/lost
    • Priority by criticality (core first)
    • Estimate recovery time + resources
  3. Recovery:
    • Healers → damaged (see repair-damage)
    • Restore svcs in priority
    • Elevated sentinel during recovery (vulnerable period)
  4. De-escalate:
    • Step down (Red → Orange → Yellow → Normal)
    • Reassigned workers → primary roles
    • Stand down soldiers, guards → patrol
    • Post-incident review <24h (fresh memory)

Got: Smooth defense → recovery → normal. Elevated monitor catches secondaries. Review feeds memory.

If err: Slow recovery → pre-build playbooks for likely damage. Secondaries during recovery → de-esc too aggressive, keep higher alert longer. Review skipped (time pressure) → schedule non-negotiable.

Check

  • Critical assets ID'd + prioritized
  • Threats classified (type + severity)
  • Perimeter layered + sentinels per layer
  • Alarm graduated + multi-sentinel confirm
  • Roles defined + mob → alerts
  • Proportional prevents over/under
  • Memory captures + applies lessons
  • Recovery restores safely

Traps

  • Maginot Line: Over-invest 1 layer, others unprotected. Layered — any single can breach.
  • Alert fatigue: Many alarms, few real → degrades attention. Calibrate ruthless; missed FP cheaper than missed real.
  • Symmetric response: Same intensity always → wastes + reveals caps. Match — escalate only when needed.
  • No immune memory: Repeated same threat, no learning → expensive + fragile. Every incident → update knowledge.
  • Permanent war footing: Sustained high-alert → exhausts + degrades normal. De-esc deliberate when threat passes.

  • coordinate-swarm — foundational coord patterns supporting alarm + mob
  • build-consensus — rapid consensus for collective defense under pressure
  • scale-colony — defense scales w/ growth
  • repair-damage — morphic regenerative recovery
  • configure-alerting-rules — practical alerting impl
  • conduct-post-mortem — structured analysis → feeds memory

GitHub 저장소

pjt222/agent-almanac
경로: i18n/caveman-ultra/skills/defend-colony
0
agentsagentskillsai-assisted-developmentclaude-codeskillsteams

연관 스킬

content-collections

메타

이 스킬은 콘텐츠 콜렉션(Content Collections)을 위한 프로덕션 검증된 설정을 제공합니다. 콘텐츠 콜렉션은 Markdown/MDX 파일을 Zod 검증이 포함된 타입 안전한 데이터 콜렉션으로 변환해주는 TypeScript 최우선 도구입니다. 블로그, 문서 사이트 또는 콘텐츠 중심의 Vite + React 애플리케이션을 구축할 때 타입 안전성과 자동 콘텐츠 검증을 보장하기 위해 사용하세요. Vite 플러그인 구성과 MDX 컴파일부터 배포 최적화 및 스키마 검증에 이르기까지 모든 것을 다룹니다.

스킬 보기

polymarket

메타

이 스킬은 개발자들이 Polymarket 예측 시장 플랫폼을 활용한 애플리케이션을 구축할 수 있도록 지원하며, 거래 및 시장 데이터를 위한 API 통합 기능을 포함합니다. 또한 WebSocket을 통한 실시간 데이터 스트리밍을 제공하여 실시간 거래와 시장 활동을 모니터링할 수 있습니다. 이를 통해 거래 전략을 구현하거나 실시간 시장 업데이트를 처리하는 도구를 생성하는 데 활용할 수 있습니다.

스킬 보기

creating-opencode-plugins

메타

이 스킬은 개발자들이 명령어, 파일, LSP 작업 등 25개 이상의 이벤트 유형에 연결되는 OpenCode 플러그인을 만들 수 있도록 돕습니다. JavaScript/TypeScript 모듈을 위한 플러그인 구조, 이벤트 API 명세, 구현 패턴을 제공합니다. OpenCode AI 어시스턴트의 라이프사이클을 사용자 정의 이벤트 기반 로직으로 가로채거나, 모니터링하거나, 확장해야 할 때 사용하세요.

스킬 보기

sglang

메타

SGLang은 RadixAttention 프리픽스 캐싱을 활용하여 JSON, 정규식, 에이전트 워크플로우를 위한 고속 구조화 생성에 특화된 고성능 LLM 서빙 프레임워크입니다. 특히 반복되는 프리픽스가 있는 작업에서 상당히 빠른 추론 속도를 제공하여 복잡한 구조화 출력 및 다중 턴 대화에 이상적입니다. 제약 디코딩이 필요하거나 광범위한 프리픽스 공유가 있는 애플리케이션을 구축할 때는 vLLM과 같은 대안보다 SGLang을 선택하십시오.

스킬 보기