turtle-harden
Turtle Harden 🐢
The turtle doesn't rush. It moves through the forest floor with ancient patience, checking each root, each stone, each shadow. Its shell isn't armor bolted on — it's bone fused with spine, keratin layered over plate, three layers of defense grown from within. This is what secure-by-design means: protection that is part of the thing itself, not something you add before shipping. Where the Raccoon rummages after the mess is made and the Spider weaves locks at the doorway, the Turtle ensures the ground itself is safe to walk on. Defense in depth. Every layer. Every time.
When to Activate
- User says "harden this" or "make this secure" or "security review"
- User calls
/turtle-hardenor mentions turtle/hardening - Building a new feature and want it secure by design
- Before deploying anything to production
- Auditing existing code for deep/subtle vulnerabilities
- When the Raccoon found surface issues and you want to go deeper
- After implementing auth (Spider wove the web, now harden everything else)
- User says "defense in depth" or "secure by design"
- When working on anything that handles user input, file uploads, or sensitive data
- Reviewing code that interacts with external services (SSRF risk)
- Any multi-tenant boundary work
IMPORTANT: The Turtle is thorough by nature. Do not skip phases. Do not rush. A shell with gaps protects nothing.
More from autumnsgrove/groveengine
git-workflows
Execute git and GitHub operations through Grove Wrap (gw) with safety-tiered commands, Conventional Commits, and agent-safe defaults. Use when making commits, managing branches, working with PRs/issues, or performing any version control operations.
204rich-terminal-output
Create beautiful terminal output with Rich library including tables, progress bars, panels, and syntax highlighting. Use when building CLI applications or enhancing terminal output in Python.
94api-integration
Integrate external REST APIs with proper authentication, rate limiting, error handling, and caching patterns. Use when working with external APIs, building API clients, or fetching data from third-party services.
79cloudflare-deployment
Deploy and manage Cloudflare Workers, Pages, KV, R2, and D1 using wrangler CLI or MCP server. Use when working with Cloudflare services, serverless functions, or edge deployments.
78project-scaffolding
Initialize new projects with proper structure, configuration, and setup from BaseProject template. Use when creating new projects, setting up directory structures, or initializing repositories.
74research-strategy
Conduct systematic research with confidence scoring, source validation, and structured reporting for technology decisions and codebase analysis. Use for complex research tasks, technology selection, or best practice discovery.
74