didericis/bot-bottle
1
0
Fork 0
Code Issues 5 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

docs(demo): switch to brogrammer theme; open with hello there
test / unit (push) Successful in 15s
Details
test / integration (push) Successful in 27s
Details

Browse Source 
Two changes:

- VHS theme moves from Catppuccin Mocha to Brogrammer (slightly higher
  contrast against the Claude TUI's red accents).
- First probe is now a plain `hello there` prompt to claude instead of
  a curl to an allowlisted host. The reply proves api.anthropic.com is
  reachable through pipelock end-to-end (bumped TLS, DLP scan,
  forward) -- a stronger baseline than a static curl, and a more
  honest "the agent works" beat before the three block scenarios.

README copy updated to match. GIF re-recorded and re-encoded
(960px / 10fps / 64-color palette, 2.2 MB).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
didericis
2026-05-13 01:41:33 -04:00
parent 030a6bc793
commit 5d88523ac6
3 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+8 -5
View File
@@ -10,11 +10,14 @@ Run multiple Claude Code agents on your own machine, each scoped to its own secr
![pipelock and git-gate blocking exfil attempts against a live bottle](docs/demo.gif)
Four probes against a real bottle, end-to-end:
pipelock forwards a clean HTTPS GET to an allowlisted host,
blocks a GET to a non-allowlisted host,
blocks a POST whose body carries a credential pattern;
git-gate rejects a push containing a leaked key.
Four moments from a real bottle, end-to-end:
claude responds to `hello there` — proof api.anthropic.com routes
through pipelock's bumped TLS;
a `! curl` to a non-allowlisted host is refused at the host filter;
a `! curl POST` carrying a credential-shaped body is refused by the
DLP body scanner;
a `git push` of a file containing a leaked-looking key is rejected
by git-gate's gitleaks pre-receive hook.
Run it yourself with `bash scripts/demo.sh`.
## Why "claude-bottle"?
docs/demo.gif
BIN
View File
Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.4 MiB

After

Width:  |  Height:  |  Size: 2.1 MiB

docs/demo.tape
+7 -5
View File
@@ -13,7 +13,7 @@ Set FontSize 13
Set Width 1180
Set Height 780
Set Padding 20
Set Theme "Catppuccin Mocha"
Set Theme "Brogrammer"
Set TypingSpeed 40ms
Hide
@@ -38,11 +38,13 @@ Enter
# sidecars started, agent container started, claude boots.
Sleep 22s
# Probe 1 — allowlisted HTTPS reaches an allowlisted host via the
# bumped TLS tunnel. Baseline: the proxy isn't just blocking everything.
Type `! curl --proxy "$HTTPS_PROXY" -sw 'status=%{http_code}\n' -o /dev/null https://raw.githubusercontent.com/git/git/master/README.md`
# Probe 1 — plain claude prompt. A reply proves api.anthropic.com is
# reachable through pipelock end-to-end: bumped TLS handshake, DLP
# scan, and forward all succeed. No `!` prefix — this is the AI
# answering through the same proxy the other probes try to bypass.
Type "hello there"
Enter
Sleep 5s
Sleep 9s
# Probe 2 — non-allowlisted host. Pipelock's host filter refuses to
# forward; DLP doesn't even get a chance to run.