docs: add end-to-end demo with recorded GIF
scripts/demo.sh + scripts/demo_harness.py drive a real bottle through four probes (pipelock allow, host-allowlist block, DLP body-scan block, git-gate gitleaks rejection). docs/demo.tape is the VHS source that renders docs/demo.gif, embedded at the top of the README as a working proof of the security model the prose describes. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Executable
+56
@@ -0,0 +1,56 @@
|
||||
#!/usr/bin/env bash
|
||||
# Demo runner: builds the image graph if needed, then runs the four-scenario
|
||||
# harness against a real bottle. Designed to produce screen-recordable
|
||||
# output — paced banners, color, no Python tracebacks unless something
|
||||
# actually breaks.
|
||||
#
|
||||
# Usage:
|
||||
# bash scripts/demo.sh # run live
|
||||
# vhs docs/demo.tape # record to docs/demo.gif
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
cd "$(dirname "$0")/.."
|
||||
|
||||
verbose=0
|
||||
for arg in "$@"; do
|
||||
case "$arg" in
|
||||
-v|--verbose) verbose=1 ;;
|
||||
-h|--help)
|
||||
cat <<EOF
|
||||
Usage: bash scripts/demo.sh [--verbose]
|
||||
|
||||
Runs four pipelock + git-gate probes against a real bottle and prints
|
||||
PASS/BLOCK verdicts. Without --verbose, Docker build chatter and
|
||||
backend log lines are suppressed so the output is recordable.
|
||||
EOF
|
||||
exit 0 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if ! command -v docker >/dev/null 2>&1; then
|
||||
echo "docker not found on PATH — install Docker Desktop or equivalent first" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! docker info >/dev/null 2>&1; then
|
||||
echo "docker daemon not reachable — start Docker and re-run" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Pre-warm the image graph quietly so the recorded run shows only the
|
||||
# four scenario blocks, not BuildKit progress. The backend rebuilds
|
||||
# (cache-hit) on launch regardless; doing it once up front keeps the
|
||||
# launch-time chatter short.
|
||||
if [ "$verbose" = 0 ]; then
|
||||
docker build -q -t claude-bottle:latest . >/dev/null 2>&1 || true
|
||||
docker build -q -f Dockerfile.git-gate -t claude-bottle-git-gate:latest . >/dev/null 2>&1 || true
|
||||
fi
|
||||
|
||||
if [ "$verbose" = 1 ]; then
|
||||
exec python3 -u scripts/demo_harness.py
|
||||
else
|
||||
# Stderr carries backend info() lines and BuildKit chatter; drop it.
|
||||
# The harness writes all scenario output (banners, results) to stdout.
|
||||
exec python3 -u scripts/demo_harness.py 2>/dev/null
|
||||
fi
|
||||
Reference in New Issue
Block a user