defend-colony
О программе
Этот навык предоставляет структуру для реализации коллективной многоуровневой защиты в распределенных системах, вдохновленную паттернами иммунного ответа. Он обеспечивает обнаружение угроз, распространение оповещений и пропорциональный ответ, который эскалирует в зависимости от серьезности, предотвращая чрезмерную или недостаточную реакцию. Используйте его для проектирования масштабируемых стратегий реагирования на инциденты и стратегий глубокой эшелонированной обороны, где ни один отдельный компонент не может противостоять всем угрозам.
Быстрая установка
Claude Code
Рекомендуетсяnpx skills add pjt222/agent-almanac -a claude-code/plugin add https://github.com/pjt222/agent-almanacgit clone https://github.com/pjt222/agent-almanac.git ~/.claude/skills/defend-colonyСкопируйте и вставьте эту команду в Claude Code для установки этого навыка
Документация
Defend Colony
Layered collective defense: alarm signal + role mobilize + proportional response + immune memory. Inspired by social insect + biological immune sys.
Use When
- Defense-in-depth, no single guardian covers all
- Incident response scales w/ severity
- Components can't defend alone
- Defense over-reactive (every alert = full mob) / under-reactive (threats unnoticed)
- Org resilience: teams self-org on incident
- Complement
coordinate-swarmw/ threat-response patterns
In
- Required: Colony desc (sys, org, team)
- Required: Threat cats (attacks, failures, competitors, env)
- Optional: Current defenses + fail modes
- Optional: Defender types + caps
- Optional: Latency per tier
- Optional: Recovery reqs
Do
Step 1: Threat Landscape + Perimeter
ID what to defend, from what, where perimeter.
- Critical assets:
- Protect all cost (core data, prod sys, key ppl)
- Can sustain temp damage (staging, non-crit svcs)
- Expendable under extreme (caches, replicas, non-essential)
- Classify threats:
- Probes: low-level recon (port scans, failed logins)
- Incursions: active boundary violations (unauth access, injection)
- Infestations: persistent inside (compromised nodes, insider)
- Existential: survival threats (corruption, catastrophic fail, DDoS)
- Perimeter:
- Outer: first detection (firewalls, rate limits, monitoring)
- Inner: critical asset boundaries (access ctrl, encryption, isolation)
- Core: last-resort (backups, kill switches, circuit breakers)
Got: Map: assets prioritized + threats classified + perimeters layered.
If err: Overwhelming → top 3 critical assets + top 3 threat types. Coverage of what matters > perfect. Unclear boundaries → default zero-trust + define from actual traffic.
Step 2: Alarm Network
Detection + alert propagation.
- Sentinels per layer:
- Outer: light, high-sens (may false+)
- Inner: heavy, high-spec (fewer false+, slower)
- Core: critical monitors (zero missed tolerance)
- Graduated alarms:
- Yellow: anomaly, increased monitor, no mob
- Orange: confirmed pattern, local defenders mob, scouts investigate
- Red: active breach / severe, full mob, non-essential paused
- Black: existential, all → defense, sacrifice expendable if needed
- Propagation:
- Local: sentinels alert nearby directly
- Regional: clusters aggregate + escalate if threshold met
- Colony-wide: regional escalation → broadcast
- Each step adds confirmation — single sentinel can't trigger colony-wide
- Fatigue prevention:
- Auto-suppress repeated identical (dedup w/ time window)
- Req escalation confirmed by indep sentinels
- Track alarm-to-threat ratio — FP >50% → recalibrate
Alarm Propagation:
┌──────────────────────────────────────────────────────────┐
│ Sentinel detects anomaly ──→ Yellow alert (local) │
│ │ │
│ ↓ (confirmed by 2nd sentinel) │
│ Orange alert ──→ Local defenders mobilize │
│ │ │
│ ↓ (pattern matches known threat + 3rd sentinel) │
│ Red alert ──→ Full defense mobilization │
│ │ │
│ ↓ (critical asset under active attack) │
│ Black alert ──→ All resources to defense, circuit break │
└──────────────────────────────────────────────────────────┘
Got: Graduated alarm, severity → response intensity. Multi-sentinel confirms prevent single FPs. Fatigue managed via dedup + calibration.
If err: Too many FPs → raise thresh / more confirms. Threats slip → add sentinels at breach layer / lower thresh. Too slow → reduce confirm reqs (accept higher FP).
Step 3: Role-Based Defenders
Assign roles + mob protocols proportional to threat.
- Roles:
- Sentinels: detection (always active, low cost)
- Guards: first responders (idle until mob, fast)
- Soldiers: heavy (expensive mob, high cap)
- Healers: repair + recovery (see
repair-damage) - Messengers: coord across regions
- Roles → alerts:
- Yellow: sentinels ↑ monitor freq, guards standby
- Orange: guards mob → threat loc, soldiers standby
- Red: soldiers mob, non-essential → defense
- Black: all → defense, colony activities suspended
- Proportional:
- Never soldiers for probe (waste + reveals caps)
- Never only sentinels vs incursion (insufficient)
- Match tier — escalate if fails, de-escalate when recedes
- Role transitions:
- Workers → guards (temp upskill emergency)
- Guards → soldiers (sustained threat)
- Post-threat → reverse transitions restore normal
Got: Force scales w/ severity. Normal = min defense. Under threat = rapid proportional mob, no over/under.
If err: Mob too slow → pre-position guards near known vectors. Too expensive → reduce permanent guards, rely on worker-to-guard. Role confusion → simplify to 3 (detect/respond/recover).
Step 4: Immune Memory + Adaptation
Learn each encounter.
- Per incident, threat signature:
- Attack pattern (how detected)
- Vector (where entered)
- Effective response (what stopped)
- Failed response (what didn't)
- Store in immune memory:
- Fast-lookup pattern lib for sentinels
- Updated playbooks w/ known-effective
- Flagged FP patterns → reduce future fatigue
- Adaptive immunity:
- New signatures → all sentinels (colony-wide learning)
- Detecting sentinels get priority updates (local)
- Periodic review culls outdated
- Stress test:
- Re-sim past threats → verify defenses still work
- Red team → novel threats test adaptation
- Measure detection: known vs unknown
Got: Defense gets stronger per encounter. Known = faster detect + better response. Novel = graduated alarm, resolution → memory.
If err: Memory too large → prioritize by freq + severity, archive rare/minor. Too specialized, misses novel → keep "general patrol" (anomaly detection, no pattern match).
Step 5: Post-Incident Recovery
Defense → normal w/ repair + resilience.
- Threat elim verify:
- Confirm neutralized (not just suppressed)
- Scan secondaries during primary
- Verify no compromised agents remain
- Damage assess:
- Catalog damaged/degraded/lost
- Priority by criticality (core first)
- Estimate recovery time + resources
- Recovery:
- Healers → damaged (see
repair-damage) - Restore svcs in priority
- Elevated sentinel during recovery (vulnerable period)
- Healers → damaged (see
- De-escalate:
- Step down (Red → Orange → Yellow → Normal)
- Reassigned workers → primary roles
- Stand down soldiers, guards → patrol
- Post-incident review <24h (fresh memory)
Got: Smooth defense → recovery → normal. Elevated monitor catches secondaries. Review feeds memory.
If err: Slow recovery → pre-build playbooks for likely damage. Secondaries during recovery → de-esc too aggressive, keep higher alert longer. Review skipped (time pressure) → schedule non-negotiable.
Check
- Critical assets ID'd + prioritized
- Threats classified (type + severity)
- Perimeter layered + sentinels per layer
- Alarm graduated + multi-sentinel confirm
- Roles defined + mob → alerts
- Proportional prevents over/under
- Memory captures + applies lessons
- Recovery restores safely
Traps
- Maginot Line: Over-invest 1 layer, others unprotected. Layered — any single can breach.
- Alert fatigue: Many alarms, few real → degrades attention. Calibrate ruthless; missed FP cheaper than missed real.
- Symmetric response: Same intensity always → wastes + reveals caps. Match — escalate only when needed.
- No immune memory: Repeated same threat, no learning → expensive + fragile. Every incident → update knowledge.
- Permanent war footing: Sustained high-alert → exhausts + degrades normal. De-esc deliberate when threat passes.
→
coordinate-swarm— foundational coord patterns supporting alarm + mobbuild-consensus— rapid consensus for collective defense under pressurescale-colony— defense scales w/ growthrepair-damage— morphic regenerative recoveryconfigure-alerting-rules— practical alerting implconduct-post-mortem— structured analysis → feeds memory
GitHub репозиторий
Frequently asked questions
What is the defend-colony skill?
defend-colony is a Claude Skill by pjt222. Skills package instructions and resources that Claude loads on demand, so Claude can perform defend-colony-related tasks without extra prompting.
How do I install defend-colony?
Use the install commands on this page: add defend-colony to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.
What category does defend-colony belong to?
defend-colony is in the Meta category, tagged react and design.
Is defend-colony free to use?
Yes. defend-colony is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.
Похожие навыки
Этот навык предоставляет проверенную в продакшене настройку для Content Collections — TypeScript-ориентированного инструмента, который преобразует файлы Markdown/MDX в типобезопасные коллекции данных с валидацией Zod. Используйте его при создании блогов, сайтов документации или контентных приложений на Vite + React для обеспечения типобезопасности и автоматической проверки содержимого. Он охватывает всё: от настройки плагина Vite и компиляции MDX до оптимизации развертывания и валидации схем.
Этот навык позволяет разработчикам создавать приложения на платформе прогнозных рынков Polymarket, включая интеграцию с API для торговли и получения рыночных данных. Он также обеспечивает потоковую передачу данных в реальном времени через WebSocket для отслеживания текущих сделок и рыночной активности. Используйте его для реализации торговых стратегий или создания инструментов, обрабатывающих обновления рынка в реальном времени.
Этот навык помогает разработчикам создавать плагины OpenCode, которые подключаются к более чем 25 типам событий, таким как команды, файлы и операции LSP. Он предоставляет структуру плагина, спецификации API событий и шаблоны реализации для модулей на JavaScript/TypeScript. Используйте его, когда вам нужно перехватывать, отслеживать или расширять жизненный цикл ассистента OpenCode AI с помощью пользовательской событийно-ориентированной логики.
SGLang — это высокопроизводительный фреймворк для обслуживания больших языковых моделей (LLM), специализирующийся на быстрой структурированной генерации JSON, regex и рабочих процессов агентов с использованием кэширования префиксов RadixAttention. Он обеспечивает значительно более высокую скорость вывода, особенно для задач с повторяющимися префиксами, что делает его идеальным для сложных структурированных результатов и многократных диалогов. Выбирайте SGLang вместо альтернатив, таких как vLLM, когда вам требуется ограниченное декодирование или вы создаете приложения с интенсивным совместным использованием префиксов.
