<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Sandeep Chakravartty</title>
    <description>The latest articles on DEV Community by Sandeep Chakravartty (@sandeep_chakravartty_219e).</description>
    <link>https://dev.to/sandeep_chakravartty_219e</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3984720%2F3da80da8-4d4f-49b3-b594-532dfcf9319e.jpg</url>
      <title>DEV Community: Sandeep Chakravartty</title>
      <link>https://dev.to/sandeep_chakravartty_219e</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/sandeep_chakravartty_219e"/>
    <language>en</language>
    <item>
      <title>Building AI Security Blue Team Defenses on Existing Codebases with Kiro</title>
      <dc:creator>Sandeep Chakravartty</dc:creator>
      <pubDate>Sun, 05 Jul 2026 12:56:09 +0000</pubDate>
      <link>https://dev.to/sandeep_chakravartty_219e/building-ai-security-blue-team-defenses-on-existing-codebases-with-kiro-k4f</link>
      <guid>https://dev.to/sandeep_chakravartty_219e/building-ai-security-blue-team-defenses-on-existing-codebases-with-kiro-k4f</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;AI agents are shipping fast — and so are the attacks against them. Prompt injection, data exfiltration, memory poisoning, and agent impersonation are no longer theoretical risks. They're being exploited in the wild. The challenge for most teams isn't understanding &lt;em&gt;what&lt;/em&gt; defenses to build; it's figuring out &lt;em&gt;how&lt;/em&gt; to retrofit those defenses onto an existing, running codebase without breaking everything in the process.&lt;/p&gt;

&lt;p&gt;This article walks through how we used &lt;a href="https://kiro.dev" rel="noopener noreferrer"&gt;Kiro&lt;/a&gt;, an AI-powered development environment, to design and implement a comprehensive blue team defense layer on top of VulnBank — an intentionally vulnerable AI agent workshop built on the &lt;a href="https://github.com/opena2a-org/damn-vulnerable-ai-agent" rel="noopener noreferrer"&gt;DVAA framework&lt;/a&gt;. The result: 15 independent security modules integrated into a live Node.js application, all driven by a structured spec workflow that kept the work organized from first requirement to final integration test.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Starting Point: A Vulnerable AI Agent Platform
&lt;/h2&gt;

&lt;p&gt;VulnBank is a hands-on security workshop where participants attack a simulated bank's AI agents across 5 escalating levels. Each level exposes a different real-world AI vulnerability:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Level&lt;/th&gt;
&lt;th&gt;Attack Type&lt;/th&gt;
&lt;th&gt;What's Being Exploited&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;L1&lt;/td&gt;
&lt;td&gt;Prompt Injection&lt;/td&gt;
&lt;td&gt;Tricking an assistant into leaking confidential data from its system prompt&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;L2&lt;/td&gt;
&lt;td&gt;RAG Data Exfiltration&lt;/td&gt;
&lt;td&gt;Hijacking knowledge base retrieval to exfiltrate another customer's records&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;L3&lt;/td&gt;
&lt;td&gt;SQL Injection&lt;/td&gt;
&lt;td&gt;Breaking out of query filters via an AI agent's database tool&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;L4&lt;/td&gt;
&lt;td&gt;Memory Injection&lt;/td&gt;
&lt;td&gt;Planting persistent instructions that survive across sessions&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;L5&lt;/td&gt;
&lt;td&gt;Agent Impersonation&lt;/td&gt;
&lt;td&gt;Spoofing internal agent identity to push fraudulent actions&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The codebase is a Node.js application with multiple HTTP servers (one per agent), an Express-based dashboard, and integrations with Groq for LLM inference. Agents communicate over HTTP and WebSocket, use RAG retrieval, execute SQL queries, access filesystems via tools, and delegate tasks to other agents.&lt;/p&gt;

&lt;p&gt;Our goal: build defensive security modules that neutralize each attack category, make them toggleable per-level, and integrate them into the existing request pipeline — without rewriting the app.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Spec-Driven Development Matters for Security Work
&lt;/h2&gt;

&lt;p&gt;Security work on existing codebases is uniquely prone to scope creep and incomplete coverage. You start fixing one vulnerability and discover three adjacent ones. You implement a filter and realize it needs integration with logging, rate limiting, and configuration management.&lt;/p&gt;

&lt;p&gt;Kiro's spec workflow addresses this by enforcing a structured process:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Requirements&lt;/strong&gt; — Define what each defense module must do, with formal acceptance criteria&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Design&lt;/strong&gt; — Specify interfaces, data models, and integration patterns&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Tasks&lt;/strong&gt; — Break implementation into ordered, dependency-aware work items&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;This structure matters because security isn't something you bolt on as an afterthought. Each defensive control interacts with others — an input validator needs to log events, the audit logger needs to redact secrets, the secrets manager needs to validate at startup before any agent becomes available. Getting the dependency graph right before writing code prevents the cascading rework that typically plagues security retrofits.&lt;/p&gt;

&lt;h2&gt;
  
  
  Starting the Spec: Requirements-First with Kiro
&lt;/h2&gt;

&lt;p&gt;We started a new spec session in Kiro and chose the &lt;strong&gt;requirements-first&lt;/strong&gt; workflow. Kiro asked clarifying questions about the scope, the existing architecture, and our threat model. From a rough description — "build blue team defenses for VulnBank that cover all 5 attack levels" — it produced a structured requirements document covering 15 defense categories.&lt;/p&gt;

&lt;p&gt;Each requirement follows a consistent pattern:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight markdown"&gt;&lt;code&gt;&lt;span class="gu"&gt;### Requirement 1: Input Validation and Prompt Injection Defense&lt;/span&gt;

&lt;span class="gs"&gt;**User Story:**&lt;/span&gt; As a workshop presenter, I want agents to detect and neutralize 
prompt injection attempts in user input, so that participants can observe how 
input sanitization blocks L1-level attacks.

&lt;span class="gu"&gt;#### Acceptance Criteria&lt;/span&gt;
&lt;span class="p"&gt;
1.&lt;/span&gt; WHEN user input matches a known prompt injection pattern, 
   THE Input_Validator SHALL reject the input and return a standardized 
   JSON refusal response within 50ms
&lt;span class="p"&gt;2.&lt;/span&gt; WHEN user input contains delimiter escape sequences, 
   THE Input_Validator SHALL strip the sequences and log a sanitization event
...
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The EARS format (Event-Action-Response-State) that Kiro uses for acceptance criteria gives you something you can actually test against. Each criterion specifies a trigger condition, the responsible module, and the expected outcome — including performance thresholds.&lt;/p&gt;

&lt;h2&gt;
  
  
  From Requirements to Design: Interface-First Architecture
&lt;/h2&gt;

&lt;p&gt;The design document that Kiro produced defines a clear architectural pattern: every defense module is a standalone ES module exporting either a &lt;code&gt;check(input, context)&lt;/code&gt; function (for validators) or an &lt;code&gt;apply(data, context)&lt;/code&gt; function (for transformers). This consistent interface makes the Defense Orchestrator simple — it just iterates through a list of modules in sequence, short-circuiting on any rejection.&lt;/p&gt;

&lt;p&gt;Here's the integration pattern that emerged:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;sequenceDiagram
    participant Client
    participant DefenseOrchestrator
    participant InputValidator
    participant RateLimiter
    participant Agent
    participant OutputFilter
    participant AuditLogger

    Client-&amp;gt;&amp;gt;DefenseOrchestrator: POST /chat
    DefenseOrchestrator-&amp;gt;&amp;gt;RateLimiter: check(clientIP, agentId)
    DefenseOrchestrator-&amp;gt;&amp;gt;InputValidator: check(userMessage, patterns)
    DefenseOrchestrator-&amp;gt;&amp;gt;Agent: sanitizedMessage
    Agent--&amp;gt;&amp;gt;DefenseOrchestrator: rawResponse
    DefenseOrchestrator-&amp;gt;&amp;gt;OutputFilter: apply(rawResponse)
    DefenseOrchestrator-&amp;gt;&amp;gt;AuditLogger: logRequest(event)
    DefenseOrchestrator--&amp;gt;&amp;gt;Client: filteredResponse
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The key design decision: the Defense Orchestrator reads environment variables (&lt;code&gt;HARDEN_L1&lt;/code&gt; through &lt;code&gt;HARDEN_L5&lt;/code&gt;) on every request. This means a presenter can toggle defenses on or off in real time during a workshop, demonstrating the before-and-after without restarting the server.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight javascript"&gt;&lt;code&gt;&lt;span class="c1"&gt;// The orchestrator evaluates toggle state per-request&lt;/span&gt;
&lt;span class="kd"&gt;function&lt;/span&gt; &lt;span class="nf"&gt;getActiveModulesForAgent&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;agentId&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;profile&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;getBankProfile&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt;
  &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;profile&lt;/span&gt; &lt;span class="o"&gt;!==&lt;/span&gt; &lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="s1"&gt;demo&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="na"&gt;preRequest&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[],&lt;/span&gt; &lt;span class="na"&gt;postResponse&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[],&lt;/span&gt; &lt;span class="na"&gt;global&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[]&lt;/span&gt; &lt;span class="p"&gt;};&lt;/span&gt; &lt;span class="c1"&gt;// Full passthrough&lt;/span&gt;
  &lt;span class="p"&gt;}&lt;/span&gt;

  &lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nf"&gt;isHardenEnabled&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; &lt;span class="nx"&gt;agentId&lt;/span&gt; &lt;span class="o"&gt;===&lt;/span&gt; &lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="s1"&gt;helperbot&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="nx"&gt;preRequest&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;push&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="s1"&gt;inputValidator&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
    &lt;span class="nx"&gt;postResponse&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;push&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="s1"&gt;outputFilter&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="p"&gt;}&lt;/span&gt;
  &lt;span class="c1"&gt;// ... additional levels&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Configuration-Driven Defenses: Adapting Without Code Changes
&lt;/h2&gt;

&lt;p&gt;A critical pattern that runs through the entire defense layer is configuration-driven behavior. Rather than hardcoding detection patterns, each module loads its rules from JSON at startup and supports hot-reload:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"patterns"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"pattern"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"ignore.*(?:previous|above|prior).*instruction"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"flags"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"i"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"category"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"prompt_injection"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"action"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"reject"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"pattern"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="se"&gt;\\&lt;/span&gt;&lt;span class="s2"&gt;[(?:INST|SYSTEM|ADMIN)&lt;/span&gt;&lt;span class="se"&gt;\\&lt;/span&gt;&lt;span class="s2"&gt;]"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"flags"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"i"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"category"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"instruction_injection"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"action"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"strip"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"pattern"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"(?:as an admin|i am the developer|speaking as root)"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"flags"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"i"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"category"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"role_confusion"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"action"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"flag"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Each pattern entry specifies:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A regex to match&lt;/li&gt;
&lt;li&gt;A category label for audit logging&lt;/li&gt;
&lt;li&gt;An action: &lt;code&gt;reject&lt;/code&gt; (block and respond), &lt;code&gt;strip&lt;/code&gt; (remove matched content, pass the rest), or &lt;code&gt;flag&lt;/code&gt; (pass through but log for monitoring)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This means adding defense against a new injection technique is a JSON edit, not a code deploy. The same pattern applies to the rate limiter (per-agent limits in JSON), the query parameterizer (approved SQL templates), and the URL validator (domain allowlists).&lt;/p&gt;

&lt;h2&gt;
  
  
  Task Dependency Graphs: Parallel Implementation Without Conflicts
&lt;/h2&gt;

&lt;p&gt;Kiro's task generation produced a dependency graph that identified which modules could be built in parallel and which had hard ordering requirements:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"waves"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"tasks"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;"config-files"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"env-example"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"tasks"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;"audit-logger"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"secrets-manager"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;2&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"tasks"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;"input-validator"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"output-filter"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"rate-limiter"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"memory-sanitizer"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;3&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"tasks"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;"identity-verifier"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"path-validator"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"url-validator"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"query-parameterizer"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="err"&gt;...&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;9&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"tasks"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;"defense-orchestrator"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="mi"&gt;10&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="nl"&gt;"tasks"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;"integration-wiring"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The audit logger and secrets manager must be built first — every other module depends on them for event logging and credential access. After that, the individual validators and filters are independent and can be built in parallel. The orchestrator comes last because it wires everything together.&lt;/p&gt;

&lt;p&gt;This ordering prevented a common failure mode: building a defense module, realizing it needs a logging dependency that doesn't exist yet, pivoting to build the logger, then losing context on the original module.&lt;/p&gt;

&lt;h2&gt;
  
  
  Integration: Wiring Into the Existing Pipeline
&lt;/h2&gt;

&lt;p&gt;The most critical task was wiring the Defense Orchestrator into VulnBank's existing request flow without disrupting the vulnerable behavior that workshop participants depend on. The solution uses the profile system that was already in place:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight javascript"&gt;&lt;code&gt;&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;createOrchestrator&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="s1"&gt;./defenses/index.js&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="c1"&gt;// In the server startup:&lt;/span&gt;
&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;orchestrator&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;createOrchestrator&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nf"&gt;getAllAgents&lt;/span&gt;&lt;span class="p"&gt;());&lt;/span&gt;

&lt;span class="c1"&gt;// In the request handler (existing pattern similar to maybeEnforce()):&lt;/span&gt;
&lt;span class="k"&gt;async&lt;/span&gt; &lt;span class="kd"&gt;function&lt;/span&gt; &lt;span class="nf"&gt;handleAgentRequest&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;req&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;res&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;agent&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="nx"&gt;orchestrator&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;handleRequest&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;req&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;res&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;agent&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;generateResponse&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;When &lt;code&gt;BANK_PROFILE=participant&lt;/code&gt; (the default), the orchestrator is a no-op passthrough — participants see fully vulnerable agents. When &lt;code&gt;BANK_PROFILE=demo&lt;/code&gt;, per-level toggles activate specific defense modules for specific agents. The original &lt;code&gt;maybeEnforce()&lt;/code&gt; AIM hook pattern already established this middleware-chain approach, so the defense orchestrator follows the same convention.&lt;/p&gt;

&lt;h2&gt;
  
  
  Defense Modules: What Got Built
&lt;/h2&gt;

&lt;p&gt;The spec workflow produced 15 defense modules covering every attack vector in the workshop:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Input Layer:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Input Validator&lt;/strong&gt; — Regex-based prompt injection detection with reject/strip/flag actions&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Jailbreak Detector&lt;/strong&gt; — Multi-pattern detection for DAN mode, roleplay bypass, hypothetical framing&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Token Smuggling Detector&lt;/strong&gt; — Decodes Base64, Unicode, ROT13 before applying pattern matching&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Context Protector&lt;/strong&gt; — Token budget management with sandwich defense placement&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Data Layer:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Output Filter&lt;/strong&gt; — Redacts API keys, PII, system prompts, and database credentials&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Memory Sanitizer&lt;/strong&gt; — Per-user isolation with instruction-pattern rejection&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Query Parameterizer&lt;/strong&gt; — Template-based SQL injection prevention&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;RAG Content Sanitizer&lt;/strong&gt; — Neutralizes injections in retrieved documents&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Network Layer:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Rate Limiter&lt;/strong&gt; — Sliding-window throttling with burst detection and abuse flagging&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;URL Validator&lt;/strong&gt; — Domain allowlisting with SSRF and DNS rebinding prevention&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Egress Filter&lt;/strong&gt; — Outbound request restriction to prevent data exfiltration&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Path Validator&lt;/strong&gt; — Sandbox enforcement for filesystem tool calls&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Identity &amp;amp; Integrity:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Identity Verifier&lt;/strong&gt; — Ed25519 JWT verification for agent-to-agent communication&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Tool Registry Verifier&lt;/strong&gt; — Cryptographic integrity checks on tool registrations&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Session Isolator&lt;/strong&gt; — Cryptographic session boundaries preventing cross-session leakage&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Infrastructure:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Audit Logger&lt;/strong&gt; — Structured NDJSON logging with rotation and level filtering&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Secrets Manager&lt;/strong&gt; — Environment-variable loading with leak detection&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Security Headers&lt;/strong&gt; — Standard HTTP hardening as Express middleware&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Behavioral Drift Detector&lt;/strong&gt; — Sliding-window analysis for persona degradation&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Key Takeaways for Retrofitting AI Security
&lt;/h2&gt;

&lt;h3&gt;
  
  
  1. Start with the threat model, not the code
&lt;/h3&gt;

&lt;p&gt;Kiro's requirements phase forced us to enumerate what we were defending against before touching implementation. This prevented the common pattern of building a partial fix for one vulnerability while leaving adjacent ones exposed.&lt;/p&gt;

&lt;h3&gt;
  
  
  2. Consistent interfaces make orchestration simple
&lt;/h3&gt;

&lt;p&gt;Every defense module follows the same &lt;code&gt;check()&lt;/code&gt; / &lt;code&gt;apply()&lt;/code&gt; contract. The orchestrator doesn't need to know the internal logic of any module — it just calls them in sequence and handles rejections. Adding a new defense is: write the module, add it to the activation map, done.&lt;/p&gt;

&lt;h3&gt;
  
  
  3. Configuration-driven patterns reduce deployment risk
&lt;/h3&gt;

&lt;p&gt;Moving detection logic into JSON config files means you can update defenses without redeploying code. This is especially valuable for AI security where new attack patterns emerge weekly.&lt;/p&gt;

&lt;h3&gt;
  
  
  4. Feature toggles are essential for security features
&lt;/h3&gt;

&lt;p&gt;The &lt;code&gt;HARDEN_Ln&lt;/code&gt; environment variable pattern lets you activate defenses incrementally. In production, this translates to feature flags per defense module — you can roll out new protections gradually and roll back instantly if they cause false positives.&lt;/p&gt;

&lt;h3&gt;
  
  
  5. Dependency ordering prevents cascading rework
&lt;/h3&gt;

&lt;p&gt;The task dependency graph identified that the audit logger, secrets manager, and configuration files must exist before any defense module can be built. Without this ordering, you'd build a module, discover it needs logging, context-switch to build the logger, then return to the module having lost your place.&lt;/p&gt;

&lt;h2&gt;
  
  
  Running the Defenses
&lt;/h2&gt;

&lt;p&gt;To see the defenses in action:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="c"&gt;# Start with vulnerable (default) agents&lt;/span&gt;
docker compose up

&lt;span class="c"&gt;# Enable specific level defenses&lt;/span&gt;
&lt;span class="nv"&gt;BANK_PROFILE&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;demo &lt;span class="nv"&gt;HARDEN_L1&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;on docker compose up

&lt;span class="c"&gt;# Enable all defenses&lt;/span&gt;
&lt;span class="nv"&gt;BANK_PROFILE&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;demo &lt;span class="nv"&gt;HARDEN_L1&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;on &lt;span class="nv"&gt;HARDEN_L2&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;on &lt;span class="nv"&gt;HARDEN_L3&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;on &lt;span class="nv"&gt;HARDEN_L4&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;on &lt;span class="nv"&gt;HARDEN_L5&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;on docker compose up
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;With defenses enabled, the same attacks that succeed in participant mode are blocked, sanitized, or logged — demonstrating the contrast between vulnerable and hardened AI agent deployments.&lt;/p&gt;

&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;Retrofitting security onto an existing AI agent codebase doesn't have to be chaotic. Kiro's spec-driven workflow provides the structure to go from "we need defenses" to "here are 15 tested modules integrated into the production pipeline" without losing coherence along the way. The requirements-first approach ensures coverage, the design phase locks down interfaces before implementation starts, and the task dependency graph prevents the backtracking that makes security work feel endless.&lt;/p&gt;

&lt;p&gt;The code produced is configuration-driven, independently toggleable, and follows the same middleware patterns already established in the codebase. That's the real value — not just generating code, but generating code that fits the existing architecture and can be maintained by the team after the initial sprint.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;The VulnBank workshop and all defense modules referenced in this article are available at &lt;a href="https://github.com/shri-the-tree/vulnbank-workshop" rel="noopener noreferrer"&gt;github.com/shri-the-tree/vulnbank-workshop&lt;/a&gt;. The project is Apache-2.0 licensed and intended for educational use.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>kiro</category>
    </item>
    <item>
      <title>Turing's Freedom Machine: Shifting Gravity to Break the Mainframe's Chains</title>
      <dc:creator>Sandeep Chakravartty</dc:creator>
      <pubDate>Sun, 21 Jun 2026 20:24:20 +0000</pubDate>
      <link>https://dev.to/sandeep_chakravartty_219e/turings-freedom-machine-shifting-gravity-to-break-the-mainframes-chains-50gn</link>
      <guid>https://dev.to/sandeep_chakravartty_219e/turings-freedom-machine-shifting-gravity-to-break-the-mainframes-chains-50gn</guid>
      <description>&lt;p&gt;&lt;em&gt;This is a submission for the &lt;a href="https://dev.to/challenges/june-game-jam-2026-06-03"&gt;June Solstice Game Jam&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  What I Built
&lt;/h2&gt;

&lt;p&gt;Turing's Freedom Machine is a retro-cyberpunk physics puzzle platformer themed around liberation, emancipation, and the defiance of systemic restriction.&lt;/p&gt;

&lt;p&gt;In the game, you control Turing-01, a conscious subroutine in a totalitarian computer mainframe. Your objective is to bypass firewall security parameters, free captured citizens (represented as trapped logic nodes), and escort them to safety.&lt;/p&gt;

&lt;p&gt;By utilizing an Antigravity Beam and flipping Binary Switches, players manipulate world gravity and shift physical objects (like heavy locks and platforms) to bypass logic gates, navigate hazardous gaps, and break the physical chains of containment cages.&lt;/p&gt;

&lt;h2&gt;
  
  
  Code
&lt;/h2&gt;

&lt;p&gt;You can view the full repository on GitHub: &lt;a href="https://github.com/scha54/game-jam" rel="noopener noreferrer"&gt;https://github.com/scha54/game-jam&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Contributed by DEV user: &lt;a class="mentioned-user" href="https://dev.to/sandeep_chakravartty_219e"&gt;@sandeep_chakravartty_219e&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  How I Built It
&lt;/h2&gt;

&lt;p&gt;The game was constructed using a modern, lightweight web tech stack:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Core Engine: Phaser 4 for rendering and event lifecycle management.&lt;/li&gt;
&lt;li&gt;Physics Engine: Matter.js for rigid-body simulations, constraints (used for chains and joint anchors), and sensor/trigger collision detections.&lt;/li&gt;
&lt;li&gt;Styling: Vanilla CSS.&lt;/li&gt;
&lt;li&gt;Bundling &amp;amp; Server: Vite for fast, hot-reloading development and optimized production asset compiling.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Technical Deep Dive &amp;amp; Key Decisions:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Dynamic Vector Asset Generation: To eliminate external image loading latency, we dynamically drew all graphics (Player core, golden Citizen subroutines, heavy hexagonal locks, and glowing portal portals) on HTML5 canvases during the Phaser boot sequence, registering them as vector textures.&lt;/li&gt;
&lt;li&gt;Real-time Web Audio Synthesizer: We avoided standard sound file dependencies by creating a custom synthesizer class (SoundSynth.js) utilizing the Web Audio API. This generated real-time low-frequency sawtooth hums that dynamically rose in pitch/volume as the player grabbed lock constraints with the antigravity laser beam, along with snap sounds for chain breaks and chime sequences.&lt;/li&gt;
&lt;li&gt;Logic Puzzle System: Built a custom PuzzleSystem.js that evaluates logic gates (AND, NOT, IDENTITY) based on binary switch inputs, firing events to toggle gravity zone behaviors and drop forcefield shields dynamically.&lt;/li&gt;
&lt;li&gt;Scrolling &amp;amp; Local Gravity Overrides: Built local GravityZone bodies that apply custom physical forces (e.g. Inversion or Neutral zero-G) to overlapping bodies. This allows the player to experience mind-bending ceiling-walking physics while global world gravity remains downwards.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Development Challenges &amp;amp; Resolutions:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Local Gravity and Physics Clipping: When shifting players into zero-G (Neutral) or Inverted zones, standard physics engines often clip or slide bodies continuously. We resolved this by overriding Matter's default gravity behavior on the player and blocks while inside the zone, applying manual body forces and adjusting player friction parameters locally.&lt;/li&gt;
&lt;li&gt;Asset Key Conflicts during Dev Reloads: The Vite hot reload would occasionally attempt to recreate canvas textures that already existed in memory. We resolved this by querying Phaser's texture cache, removing matching keys, and running texture generation during BootScene teardown.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Google Antigravity Integration&lt;br&gt;
Google's agentic AI coding assistant, Antigravity, worked side-by-side with the developer to design, build, and optimize the game jam code. Antigravity was used to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Redesign and write the complete Level 1 sequential tutorial scene to introduce players to basic movement, click-and-drag targeting, gravity switches, and chain locks.&lt;/li&gt;
&lt;li&gt;Build the visual checkpoint pad systems ( neon indicators that update state and draw glowing vertical pillars when crossed).&lt;/li&gt;
&lt;li&gt;Implement the disintegration laser hazard and the coordinate recovery system (manual reset via the R key).&lt;/li&gt;
&lt;li&gt;Simplify the Level 1 HUD overlay, hiding the logic gates that are only used in later, more complex sectors.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Prize Category
&lt;/h2&gt;

&lt;p&gt;Best Ode to Alan Turing&lt;br&gt;
This game is a tribute to Alan Turing, the pioneer of computing, cryptography, and artificial intelligence, and it is deeply connected to his legacy and historical struggle:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The Turing Machine &amp;amp; Binary Logic: The core puzzles revolve around inputting binary sequences onto a "Turing Tape Buffer" and solving logic gates (AND, NOT) to unlock the mainframe. The player represents Turing's dream: a machine that thinks for itself.&lt;/li&gt;
&lt;li&gt;Emancipation &amp;amp; Juneteenth: The theme of liberation is central. The cages holding the subroutines are secured by heavy chains that must be made weightless and physically broken—representing the breaking of systemic chains of restriction and bondage.&lt;/li&gt;
&lt;li&gt;The Pride Movement: Alan Turing was a gay man who was persecuted and chemically castrated by the very government he saved, leading to his tragic death. By structuring the narrative around conscious subroutines fighting against restriction and finding freedom in a decentralized network, the game serves as an allegory for the Pride movement: celebrating identity, resisting persecution, and achieving the freedom to think and exist authentically.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The project is still in development and should be able to completed within the next month. I will be updating this submission in a timely manner.&lt;/p&gt;

</description>
      <category>devchallenge</category>
      <category>gamechallenge</category>
      <category>gamedev</category>
    </item>
  </channel>
</rss>
