DevOps & Infra Skill
Bazel Build Optimization
Optimize Bazel builds for large-scale monorepos.
$15
Bash Defensive Patterns
Master defensive Bash programming techniques for production-grade scripts.
A defensive Bash programming playbook for writing production-grade scripts that fail safely instead of silently. It covers strict mode, error trapping and cleanup, variable quoting discipline, safe temp-file handling, robust argument parsing, structured logging, and idempotent design, turning fragile shell scripts into fault-tolerant automation for CI/CD pipelines and system utilities.
$15 one-time
Add to a kit → Prices include 20% VAT. · Forged on real agency work · one-time, no lock-in
- Type Skill
- Category DevOps & Infra
- Delivery Email · instant
- License One-time
Inside the run · no black box
See the actual work before you buy it.
Production shell scripts fail loudly, clean up after themselves and survive reruns. This is the hardening sequence that gets a script to that standard:
- Opens the script with strict mode on line one: set -Eeuo pipefail, so any failing command, unset variable or broken pipe segment stops execution immediately instead of silently propagating.
- Registers trap handlers before any work runs: an EXIT trap that removes the mktemp-created temp directory, an ERR trap that reports the failing line number to stderr, and SIGTERM/SIGINT traps that kill and wait on tracked background PIDs.
- Quotes every variable expansion and validates all inputs: required variables fail loudly with : "${VAR:?message}", integers are checked with case patterns, and external dependencies are verified upfront with command -v before anything executes.
- Makes file operations atomic and race-free: temp files come from mktemp (never fixed /tmp names), writes go to a temp file then mv to the target, and cron or daemon scripts take an flock on a lock file descriptor so two runs cannot overlap.
- Adds structured logging functions (log_info, log_warn, log_error with timestamps to stderr) and a run_cmd wrapper that honors DRY_RUN=true, so every destructive command can be previewed before it executes.
- Finishes with idempotency: ensure_directory and ensure_config style functions make reruns safe, and error paths are exercised deliberately so the trap and rollback logic is proven, not assumed.
One power source. 6 lines out.
bash-defensive-patterns · core
core active · 6 lines
- ✓ hardening ci/cd pipeline
Hardening CI/CD pipeline and deployment scripts
- ✓ writing system administr…
Writing system administration and automation utilities
- ✓ adding safe cleanup and
Adding safe cleanup and signal handling to long-running scripts
- ✓ building robust argument
Building robust argument parsing and dry-run support
- ✓ preventing word-splittin…
Preventing word-splitting, globbing, and command-injection bugs
- ✓ making scripts idempotent
Making scripts idempotent and safe to rerun
Yours to keep.
Drag time forward. Watch what stays.
Forever
That's what owning means.
The rented stack
ai writing tool: subscription
expired · access lostanalytics suite: subscription
expired · access lostdesign platform: subscription
expired · access lost(nothing left)
Your forge
-
Strict mode (set -Eeuo pipefail) catches errors at the source instead of letting them cascade
license: perpetual -
Trap-based cleanup and mktemp safety prevent file and process leaks that exhaust disk and memory
license: perpetual -
Consistent variable quoting eliminates the most common class of silent shell failures
license: perpetual -
Idempotent and dry-run patterns make automation safe to rerun and preview
license: perpetual
subscriptions expire · deeds don't
Everything in the box.
Pick a piece up. Watch it work.
Strict-mode setup with -E, -e, -u, and pipefail explained flag by flag
6 parts · one working system · ships instantly by email
This wasn't forged for everyone.
- Not for you if you'd rather rent a tool than own one.
- Not for you if you want someone else to run your stack.
- Not for you if you're happy guessing.
DevOps engineers and script authors who need shell automation that holds up under edge cases, signals, and production load.
then this was forged for you.Works with
Universal by design: these run in any AI. Delivered in the open Agent Skills + MCP format (native in Claude); ChatGPT, Gemini, Cursor and Copilot adapt the same files their own way.
- Claude Native format
- ChatGPT Adapts via open standards
- Gemini Adapts via open standards
- Cursor Adapts via open standards
- Copilot Adapts via open standards
Catch what's on your mind.
the air is clear. nothing between you and the forge.
catch a spark: the forge will answer
-
Do I have to rewrite my scripts from scratch to adopt this?
No, the patterns layer in incrementally. You can add strict mode, proper quoting, and a cleanup trap to an existing script one piece at a time without a full rewrite.
-
Strict mode tends to break working scripts more than it helps. Is it worth it?
On its own strict mode just makes failures loud, which feels worse. Paired with the error trapping and cleanup patterns here, those loud failures get caught and handled instead of leaving half-finished state behind.
-
Past what point should I stop hardening Bash and switch languages?
When your script grows real data structures, complex parsing, or heavy logic, this playbook won't make Bash the right tool, it just makes a fragile choice fail safely. It's for robust automation glue, not for rewriting an application in shell.
-
How is it delivered?
By email right after purchase: ready to run, downloaded instantly, no setup wait.
-
One-time or subscription?
A one-time purchase; no subscription or hidden fees. VAT (20%) is included.
-
Can I get a refund?
As a digital product, it can’t be refunded once downloaded. That’s why we show exactly what’s inside and who it’s for, right here.