Name: Bash Defensive Patterns
Author: Wshobson

Install

Terminal · npx

$npx skills add https://github.com/wshobson/agents --skill bash-defensive-patterns

Works with Paperclip

How Bash Defensive Patterns fits into a Paperclip company.

Bash Defensive Patterns drops into any Paperclip agent that handles this kind of work. Assign it to a specialist inside a pre-configured PaperclipOrg company and the skill becomes available on every heartbeat — no prompt engineering, no tool wiring.

SaaS FactoryPaired

Pre-configured AI company — 18 agents, 18 skills, one-time purchase.

$27$59

Explore pack

Source file

SKILL.md533 linesmarkdown

Expand

1---2name: bash-defensive-patterns3description: Master defensive Bash programming techniques for production-grade scripts. Use when writing robust shell scripts, CI/CD pipelines, or system utilities requiring fault tolerance and safety.4---5 6# Bash Defensive Patterns7 8Comprehensive guidance for writing production-ready Bash scripts using defensive programming techniques, error handling, and safety best practices to prevent common pitfalls and ensure reliability.9 10## When to Use This Skill11 12- Writing production automation scripts13- Building CI/CD pipeline scripts14- Creating system administration utilities15- Developing error-resilient deployment automation16- Writing scripts that must handle edge cases safely17- Building maintainable shell script libraries18- Implementing comprehensive logging and monitoring19- Creating scripts that must work across different platforms20 21## Core Defensive Principles22 23### 1. Strict Mode24 25Enable bash strict mode at the start of every script to catch errors early.26 27```bash28#!/bin/bash29set -Eeuo pipefail  # Exit on error, unset variables, pipe failures30```31 32**Key flags:**33 34- `set -E`: Inherit ERR trap in functions35- `set -e`: Exit on any error (command returns non-zero)36- `set -u`: Exit on undefined variable reference37- `set -o pipefail`: Pipe fails if any command fails (not just last)38 39### 2. Error Trapping and Cleanup40 41Implement proper cleanup on script exit or error.42 43```bash44#!/bin/bash45set -Eeuo pipefail46 47trap 'echo "Error on line $LINENO"' ERR48trap 'echo "Cleaning up..."; rm -rf "$TMPDIR"' EXIT49 50TMPDIR=$(mktemp -d)51# Script code here52```53 54### 3. Variable Safety55 56Always quote variables to prevent word splitting and globbing issues.57 58```bash59# Wrong - unsafe60cp $source $dest61 62# Correct - safe63cp "$source" "$dest"64 65# Required variables - fail with message if unset66: "${REQUIRED_VAR:?REQUIRED_VAR is not set}"67```68 69### 4. Array Handling70 71Use arrays safely for complex data handling.72 73```bash74# Safe array iteration75declare -a items=("item 1" "item 2" "item 3")76 77for item in "${items[@]}"; do78    echo "Processing: $item"79done80 81# Reading output into array safely82mapfile -t lines < <(some_command)83readarray -t numbers < <(seq 1 10)84```85 86### 5. Conditional Safety87 88Use `[[ ]]` for Bash-specific features, `[ ]` for POSIX.89 90```bash91# Bash - safer92if [[ -f "$file" && -r "$file" ]]; then93    content=$(<"$file")94fi95 96# POSIX - portable97if [ -f "$file" ] && [ -r "$file" ]; then98    content=$(cat "$file")99fi100 101# Test for existence before operations102if [[ -z "${VAR:-}" ]]; then103    echo "VAR is not set or is empty"104fi105```106 107## Fundamental Patterns108 109### Pattern 1: Safe Script Directory Detection110 111```bash112#!/bin/bash113set -Eeuo pipefail114 115# Correctly determine script directory116SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)"117SCRIPT_NAME="$(basename -- "${BASH_SOURCE[0]}")"118 119echo "Script location: $SCRIPT_DIR/$SCRIPT_NAME"120```121 122### Pattern 2: Comprehensive Function Templat123 124```bash125#!/bin/bash126set -Eeuo pipefail127 128# Prefix for functions: handle_*, process_*, check_*, validate_*129# Include documentation and error handling130 131validate_file() {132    local -r file="$1"133    local -r message="${2:-File not found: $file}"134 135    if [[ ! -f "$file" ]]; then136        echo "ERROR: $message" >&2137        return 1138    fi139    return 0140}141 142process_files() {143    local -r input_dir="$1"144    local -r output_dir="$2"145 146    # Validate inputs147    [[ -d "$input_dir" ]] || { echo "ERROR: input_dir not a directory" >&2; return 1; }148 149    # Create output directory if needed150    mkdir -p "$output_dir" || { echo "ERROR: Cannot create output_dir" >&2; return 1; }151 152    # Process files safely153    while IFS= read -r -d '' file; do154        echo "Processing: $file"155        # Do work156    done < <(find "$input_dir" -maxdepth 1 -type f -print0)157 158    return 0159}160```161 162### Pattern 3: Safe Temporary File Handling163 164```bash165#!/bin/bash166set -Eeuo pipefail167 168trap 'rm -rf -- "$TMPDIR"' EXIT169 170# Create temporary directory171TMPDIR=$(mktemp -d) || { echo "ERROR: Failed to create temp directory" >&2; exit 1; }172 173# Create temporary files in directory174TMPFILE1="$TMPDIR/temp1.txt"175TMPFILE2="$TMPDIR/temp2.txt"176 177# Use temporary files178touch "$TMPFILE1" "$TMPFILE2"179 180echo "Temp files created in: $TMPDIR"181```182 183### Pattern 4: Robust Argument Parsing184 185```bash186#!/bin/bash187set -Eeuo pipefail188 189# Default values190VERBOSE=false191DRY_RUN=false192OUTPUT_FILE=""193THREADS=4194 195usage() {196    cat <<EOF197Usage: $0 [OPTIONS]198 199Options:200    -v, --verbose       Enable verbose output201    -d, --dry-run       Run without making changes202    -o, --output FILE   Output file path203    -j, --jobs NUM      Number of parallel jobs204    -h, --help          Show this help message205EOF206    exit "${1:-0}"207}208 209# Parse arguments210while [[ $# -gt 0 ]]; do211    case "$1" in212        -v|--verbose)213            VERBOSE=true214            shift215            ;;216        -d|--dry-run)217            DRY_RUN=true218            shift219            ;;220        -o|--output)221            OUTPUT_FILE="$2"222            shift 2223            ;;224        -j|--jobs)225            THREADS="$2"226            shift 2227            ;;228        -h|--help)229            usage 0230            ;;231        --)232            shift233            break234            ;;235        *)236            echo "ERROR: Unknown option: $1" >&2237            usage 1238            ;;239    esac240done241 242# Validate required arguments243[[ -n "$OUTPUT_FILE" ]] || { echo "ERROR: -o/--output is required" >&2; usage 1; }244```245 246### Pattern 5: Structured Logging247 248```bash249#!/bin/bash250set -Eeuo pipefail251 252# Logging functions253log_info() {254    echo "[$(date +'%Y-%m-%d %H:%M:%S')] INFO: $*" >&2255}256 257log_warn() {258    echo "[$(date +'%Y-%m-%d %H:%M:%S')] WARN: $*" >&2259}260 261log_error() {262    echo "[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $*" >&2263}264 265log_debug() {266    if [[ "${DEBUG:-0}" == "1" ]]; then267        echo "[$(date +'%Y-%m-%d %H:%M:%S')] DEBUG: $*" >&2268    fi269}270 271# Usage272log_info "Starting script"273log_debug "Debug information"274log_warn "Warning message"275log_error "Error occurred"276```277 278### Pattern 6: Process Orchestration with Signals279 280```bash281#!/bin/bash282set -Eeuo pipefail283 284# Track background processes285PIDS=()286 287cleanup() {288    log_info "Shutting down..."289 290    # Terminate all background processes291    for pid in "${PIDS[@]}"; do292        if kill -0 "$pid" 2>/dev/null; then293            kill -TERM "$pid" 2>/dev/null || true294        fi295    done296 297    # Wait for graceful shutdown298    for pid in "${PIDS[@]}"; do299        wait "$pid" 2>/dev/null || true300    done301}302 303trap cleanup SIGTERM SIGINT304 305# Start background tasks306background_task &307PIDS+=($!)308 309another_task &310PIDS+=($!)311 312# Wait for all background processes313wait314```315 316### Pattern 7: Safe File Operations317 318```bash319#!/bin/bash320set -Eeuo pipefail321 322# Use -i flag to move safely without overwriting323safe_move() {324    local -r source="$1"325    local -r dest="$2"326 327    if [[ ! -e "$source" ]]; then328        echo "ERROR: Source does not exist: $source" >&2329        return 1330    fi331 332    if [[ -e "$dest" ]]; then333        echo "ERROR: Destination already exists: $dest" >&2334        return 1335    fi336 337    mv "$source" "$dest"338}339 340# Safe directory cleanup341safe_rmdir() {342    local -r dir="$1"343 344    if [[ ! -d "$dir" ]]; then345        echo "ERROR: Not a directory: $dir" >&2346        return 1347    fi348 349    # Use -I flag to prompt before rm (BSD/GNU compatible)350    rm -rI -- "$dir"351}352 353# Atomic file writes354atomic_write() {355    local -r target="$1"356    local -r tmpfile357    tmpfile=$(mktemp) || return 1358 359    # Write to temp file first360    cat > "$tmpfile"361 362    # Atomic rename363    mv "$tmpfile" "$target"364}365```366 367### Pattern 8: Idempotent Script Design368 369```bash370#!/bin/bash371set -Eeuo pipefail372 373# Check if resource already exists374ensure_directory() {375    local -r dir="$1"376 377    if [[ -d "$dir" ]]; then378        log_info "Directory already exists: $dir"379        return 0380    fi381 382    mkdir -p "$dir" || {383        log_error "Failed to create directory: $dir"384        return 1385    }386 387    log_info "Created directory: $dir"388}389 390# Ensure configuration state391ensure_config() {392    local -r config_file="$1"393    local -r default_value="$2"394 395    if [[ ! -f "$config_file" ]]; then396        echo "$default_value" > "$config_file"397        log_info "Created config: $config_file"398    fi399}400 401# Rerunning script multiple times should be safe402ensure_directory "/var/cache/myapp"403ensure_config "/etc/myapp/config" "DEBUG=false"404```405 406### Pattern 9: Safe Command Substitution407 408```bash409#!/bin/bash410set -Eeuo pipefail411 412# Use $() instead of backticks413name=$(<"$file")  # Modern, safe variable assignment from file414output=$(command -v python3)  # Get command location safely415 416# Handle command substitution with error checking417result=$(command -v node) || {418    log_error "node command not found"419    return 1420}421 422# For multiple lines423mapfile -t lines < <(grep "pattern" "$file")424 425# NUL-safe iteration426while IFS= read -r -d '' file; do427    echo "Processing: $file"428done < <(find /path -type f -print0)429```430 431### Pattern 10: Dry-Run Support432 433```bash434#!/bin/bash435set -Eeuo pipefail436 437DRY_RUN="${DRY_RUN:-false}"438 439run_cmd() {440    if [[ "$DRY_RUN" == "true" ]]; then441        echo "[DRY RUN] Would execute: $*"442        return 0443    fi444 445    "$@"446}447 448# Usage449run_cmd cp "$source" "$dest"450run_cmd rm "$file"451run_cmd chown "$owner" "$target"452```453 454## Advanced Defensive Techniques455 456### Named Parameters Pattern457 458```bash459#!/bin/bash460set -Eeuo pipefail461 462process_data() {463    local input_file=""464    local output_dir=""465    local format="json"466 467    # Parse named parameters468    while [[ $# -gt 0 ]]; do469        case "$1" in470            --input=*)471                input_file="${1#*=}"472                ;;473            --output=*)474                output_dir="${1#*=}"475                ;;476            --format=*)477                format="${1#*=}"478                ;;479            *)480                echo "ERROR: Unknown parameter: $1" >&2481                return 1482                ;;483        esac484        shift485    done486 487    # Validate required parameters488    [[ -n "$input_file" ]] || { echo "ERROR: --input is required" >&2; return 1; }489    [[ -n "$output_dir" ]] || { echo "ERROR: --output is required" >&2; return 1; }490}491```492 493### Dependency Checking494 495```bash496#!/bin/bash497set -Eeuo pipefail498 499check_dependencies() {500    local -a missing_deps=()501    local -a required=("jq" "curl" "git")502 503    for cmd in "${required[@]}"; do504        if ! command -v "$cmd" &>/dev/null; then505            missing_deps+=("$cmd")506        fi507    done508 509    if [[ ${#missing_deps[@]} -gt 0 ]]; then510        echo "ERROR: Missing required commands: ${missing_deps[*]}" >&2511        return 1512    fi513}514 515check_dependencies516```517 518## Best Practices Summary519 5201. **Always use strict mode** - `set -Eeuo pipefail`5212. **Quote all variables** - `"$variable"` prevents word splitting5223. **Use [[]] conditionals** - More robust than [ ]5234. **Implement error trapping** - Catch and handle errors gracefully5245. **Validate all inputs** - Check file existence, permissions, formats5256. **Use functions for reusability** - Prefix with meaningful names5267. **Implement structured logging** - Include timestamps and levels5278. **Support dry-run mode** - Allow users to preview changes5289. **Handle temporary files safely** - Use mktemp, cleanup with trap52910. **Design for idempotency** - Scripts should be safe to rerun53011. **Document requirements** - List dependencies and minimum versions53112. **Test error paths** - Ensure error handling works correctly53213. **Use `command -v`** - Safer than `which` for checking executables53314. **Prefer printf over echo** - More predictable across systems

Related skills

Accessibility Compliance

This walks you through implementing proper WCAG 2.2 compliance with real code patterns for screen readers, keyboard navigation, and mobile accessibility. It cov

Airflow Dag Patterns

If you're building data pipelines with Airflow, this skill gives you production-ready DAG patterns that actually work in the real world. It covers TaskFlow API

Angular Migration

Migrating from AngularJS to Angular is notoriously painful, and this skill tackles the practical stuff that makes or breaks these projects. It covers hybrid app