Agent skill
dotnet-exception-handling
Comprehensive .NET exception handling quality improvement workflow. Auto-detects .NET projects, investigates 10 common exception handling mistakes, generates prioritized findings, and orchestrates fixes following best practices.
Install this agent skill to your Project
npx add-skill https://github.com/rysweet/amplihack/tree/main/.claude/skills/dotnet-exception-handling
SKILL.md
.NET Exception Handling Quality Improvement
Purpose
Systematic investigation and remediation of .NET exception handling anti-patterns. Detects, documents, and fixes the 10 most common exception handling mistakes in .NET applications.
Use when: Preparing for production, code quality audits, security reviews, or onboarding to a .NET codebase.
Usage
# Investigation only (default)
/dotnet-exception-handling <path-to-dotnet-project>
# Filter by severity
/dotnet-exception-handling <project-path> --priority critical
# Auto-implement all fixes
/dotnet-exception-handling <project-path> --fix-all
Arguments:
project-path: Directory containing .csproj or .sln (default: current directory)--priority:critical|high|medium|low|all(default:all)--fix-all: Implement fixes automatically (default: investigate only)
The 10 Common Mistakes
- Catching Exception Too Broadly - Base
Exceptioninstead of specific types - Swallowing Exceptions Silently - Empty catch blocks hiding errors
- Using
throw ex;- Resets stack traces (usethrow;) - Wrapping Everything in Try/Catch - Defensive coding clutter
- Exceptions for Control Flow - Performance overhead for expected conditions
- Forgetting to Await Async - Unhandled exceptions on background threads
- Ignoring Background Task Exceptions - Fire-and-forget losing errors
- Generic Exception Types - Vague
new Exception()instead of specific types - Losing Inner Exceptions - Breaking exception chains
- Missing Global Handler - No centralized error handling (stack traces exposed)
Detailed descriptions, detection patterns, and fix templates → see reference.md
Execution Workflow
Phase 1: Investigation (6 Steps)
Step 1: Project Detection
- Scan for .csproj, .sln files
- Identify project types (ASP.NET Core, worker services, libraries)
- Count C# files for scope estimation
Step 2: Parallel Analysis
- Deploy 5 specialized agents:
- Background Worker Specialist
- API Layer Specialist
- Service Layer Specialist
- Data Layer Specialist
- Infrastructure Specialist
Step 3: Violation Detection
-
Use
rg -P(ripgrep PCRE mode) for pattern matching:bash# Mistake #1: Broad catches rg -P 'catch\s*\(Exception\b' --glob '*.cs' # Mistake #2: Empty catches rg -P 'catch[^{]*\{\s*(//[^\n]*)?\s*\}' --glob '*.cs' # Mistake #3: throw ex rg 'throw\s+ex;' --glob '*.cs' -
See
reference.mdfor complete pattern list
Step 4: Severity Classification
- CRITICAL: Security (stack trace exposure, missing global handler)
- HIGH: Reliability (swallowed exceptions, broad catches)
- MEDIUM: Code quality (excessive try/catch)
- LOW: Style issues
Step 5: Findings Report
- Generate markdown with file:line references
- Code snippets + recommended fixes
- Priority-based roadmap
Step 6: Knowledge Capture
- Store in
.claude/runtime/logs/EXCEPTION_INVESTIGATION_YYYY-MM-DD.md - Update project memory
Phase 2: Development (If --fix-all)
Step 7: Orchestrate Default Workflow
- Create GitHub issue with findings
- Set up worktree for fixes
- Implement GlobalExceptionHandler, Result<T>, etc.
- Write comprehensive tests (TDD)
- Three-agent review (reviewer, security, philosophy)
Step 8: Validation
- All tests pass
- Security: Zero stack traces
- Performance: <5ms p99 overhead
Quick Start Examples
Example 1: Investigation Only
/dotnet-exception-handling ./src/MyApi
Output: Investigation report with 23 violations (1 CRITICAL, 8 HIGH, 12 MEDIUM, 2 LOW)
Example 2: Fix Critical Only
/dotnet-exception-handling ./src/MyApi --priority critical --fix-all
Output: GitHub issue + PR implementing GlobalExceptionHandler + 15 tests
Example 3: Complete Fix
/dotnet-exception-handling ./src/MyApi --fix-all
Output: 23 violations fixed, 67 tests, PR ready (CI passing)
Core Architecture Patterns
GlobalExceptionHandler (IExceptionHandler)
Centralized exception-to-HTTP mapping for ASP.NET Core:
public class GlobalExceptionHandler : IExceptionHandler
{
public async ValueTask<bool> TryHandleAsync(
HttpContext httpContext,
Exception exception,
CancellationToken cancellationToken)
{
var (statusCode, title) = exception switch
{
ArgumentException => (400, "Invalid request"),
NotFoundException => (404, "Not found"),
ConflictException => (409, "Conflict"),
_ => (500, "Internal server error")
};
httpContext.Response.StatusCode = statusCode;
await httpContext.Response.WriteAsJsonAsync(new ProblemDetails
{
Status = statusCode,
Title = title,
Detail = statusCode >= 500
? "An error occurred"
: exception.Message
}, cancellationToken);
return true;
}
}
// Registration in Program.cs
builder.Services.AddExceptionHandler<GlobalExceptionHandler>();
app.UseExceptionHandler();
Benefits: Zero stack traces, consistent responses, no try/catch in controllers
Result<T> Pattern
Railway-oriented programming for validation (no exceptions for expected conditions):
public Result<Order> ValidateOrder(CreateOrderDto dto)
{
if (dto.Items.Count == 0)
return Result<Order>.Failure("Order must have items");
return Result<Order>.Success(new Order(dto));
}
// Controller usage
var result = await _service.ValidateOrder(dto);
return result.Match(
onSuccess: order => Ok(order),
onFailure: error => BadRequest(error)
);
Benefits: 100x faster than exceptions, explicit error handling, better composition
Complete implementations → see examples.md
Navigation Guide
When to Read Supporting Files
reference.md - Read when you need:
- Detailed descriptions of all 10 exception handling mistakes
- Complete detection patterns for ripgrep/grep
- Fix templates for each mistake type
- Security considerations (OWASP compliance, stack trace prevention)
- Severity classification reference
- Integration patterns (Azure SDK, EF Core, Service Bus)
examples.md - Read when you need:
- Before/after code examples for each mistake
- Complete working implementations (GlobalExceptionHandler, Result<T>, DbContextExtensions)
- Real-world scenarios (order processing, payment systems)
- Unit and integration testing patterns
- Copy-paste ready code
patterns.md - Read when you need:
- Architecture decision trees (global handler vs try/catch, Result<T> vs exceptions)
- Background worker exception handling patterns
- Azure SDK exception translation patterns
- EF Core concurrency and transaction patterns
- Performance benchmarks (Result<T> vs exceptions)
- Anti-patterns to avoid
Workflow Integration
This skill orchestrates two canonical workflows:
- Investigation Workflow (Phase 1): Scope → Explore → Analyze → Classify → Report → Capture
- Default Workflow (Phase 2, if --fix-all): Requirements → Architecture → TDD → Implementation → Review → CI/CD
References
- Article: Top 10 Exception Handling Mistakes in .NET
- Microsoft: Best Practices for Exceptions
- ASP.NET Core: Handle Errors in Web APIs
- Investigation Workflow:
~/.amplihack/.claude/workflow/INVESTIGATION_WORKFLOW.md - Default Workflow:
~/.amplihack/.claude/workflow/DEFAULT_WORKFLOW.md
Version History
- v1.0.0 (2026-02-10): Initial implementation based on CyberGym investigation (52 violations fixed, 87 tests)
Known Limitations
- Requires .NET 6+ for IExceptionHandler
- Result<T> pattern targets C# 7.0+ (struct readonly, expression-bodied members)
- Patterns specific to ASP.NET Core (may not apply to class libraries)
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
chemist-analyst
Analyzes events through chemistry lens using molecular structure, reaction mechanisms, thermodynamics, kinetics, and analytical techniques (spectroscopy, chromatography, mass spectrometry). Provides insights on chemical processes, material properties, reaction pathways, synthesis, and analytical methods. Use when: Chemical reactions, material analysis, synthesis planning, process optimization, environmental chemistry. Evaluates: Molecular structure, reaction mechanisms, yield, selectivity, safety, environmental impact.
learning-path-builder
Creates personalized learning paths for technologies, frameworks, or concepts. Use for user-interactive session only for onboarding new technologies, hackathon skill-building, or personal development planning. Not for use in automated development or investigation. Sequences resources (docs, tutorials, exercises) based on current skill level and learning goals. Adapts to learning style: hands-on, theory-first, project-based.
gh-work-report
Generates comprehensive GitHub activity reports across all authenticated accounts. Gathers repos, PRs, features, and themes for configurable time periods (1/5/7/30/90 days). Produces shareable markdown with tables, mermaid charts, and executive summaries. Can create a private repo with GitHub Actions automation and GitHub Pages aggregation site. Use when: "github report", "work report", "activity summary", "what did I work on", "gh-work-report", "show my github activity".
pr-review-assistant
Philosophy-aware PR reviews checking alignment with amplihack principles. Use when reviewing PRs to ensure ruthless simplicity, modular design, and zero-BS implementation. Suggests simplifications, identifies over-engineering, verifies brick module structure. Posts detailed, constructive review comments with specific file:line references.
code-smell-detector
Identifies anti-patterns specific to amplihack philosophy. Use when reviewing code for quality issues or refactoring. Detects: over-abstraction, complex inheritance, large functions (>50 lines), tight coupling, missing __all__ exports. Provides specific fixes and explanations for each smell.
biologist-analyst
Analyzes living systems and biological phenomena through biological lens using evolution, molecular biology, ecology, and systems biology frameworks. Provides insights on mechanisms, adaptations, interactions, and life processes. Use when: Biological systems, health issues, evolutionary questions, ecological problems, biotechnology. Evaluates: Function, structure, heredity, evolution, interactions, molecular mechanisms.
Didn't find tool you were looking for?