didericis/bot-bottle
1
0
Fork 0
Code Issues 5 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

docs(demo): switch to brogrammer theme; open with hello there
test / unit (push) Successful in 15s
Details
test / integration (push) Successful in 27s
Details

Browse Source 
Two changes:

- VHS theme moves from Catppuccin Mocha to Brogrammer (slightly higher
  contrast against the Claude TUI's red accents).
- First probe is now a plain `hello there` prompt to claude instead of
  a curl to an allowlisted host. The reply proves api.anthropic.com is
  reachable through pipelock end-to-end (bumped TLS, DLP scan,
  forward) -- a stronger baseline than a static curl, and a more
  honest "the agent works" beat before the three block scenarios.

README copy updated to match. GIF re-recorded and re-encoded
(960px / 10fps / 64-color palette, 2.2 MB).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
didericis
2026-05-13 01:41:33 -04:00
parent 030a6bc793
commit 5d88523ac6
3 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+8 -5
View File
@@ -10,11 +10,14 @@ Run multiple Claude Code agents on your own machine, each scoped to its own secr
![pipelock and git-gate blocking exfil attempts against a live bottle](docs/demo.gif) ![pipelock and git-gate blocking exfil attempts against a live bottle](docs/demo.gif)
Four probes against a real bottle, end-to-end: Four moments from a real bottle, end-to-end:
pipelock forwards a clean HTTPS GET to an allowlisted host, claude responds to `hello there` — proof api.anthropic.com routes
blocks a GET to a non-allowlisted host, through pipelock's bumped TLS;
blocks a POST whose body carries a credential pattern; a `! curl` to a non-allowlisted host is refused at the host filter;
git-gate rejects a push containing a leaked key. a `! curl POST` carrying a credential-shaped body is refused by the
DLP body scanner;
a `git push` of a file containing a leaked-looking key is rejected
by git-gate's gitleaks pre-receive hook.
Run it yourself with `bash scripts/demo.sh`. Run it yourself with `bash scripts/demo.sh`.
## Why "claude-bottle"? ## Why "claude-bottle"?
docs/demo.gif
BIN
View File
Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.4 MiB

After

Width:  |  Height:  |  Size: 2.1 MiB

docs/demo.tape
+7 -5
View File
@@ -13,7 +13,7 @@ Set FontSize 13
Set Width 1180 Set Width 1180
Set Height 780 Set Height 780
Set Padding 20 Set Padding 20
Set Theme "Catppuccin Mocha" Set Theme "Brogrammer"
Set TypingSpeed 40ms Set TypingSpeed 40ms
Hide Hide
@@ -38,11 +38,13 @@ Enter
# sidecars started, agent container started, claude boots. # sidecars started, agent container started, claude boots.
Sleep 22s Sleep 22s
# Probe 1 — allowlisted HTTPS reaches an allowlisted host via the # Probe 1 — plain claude prompt. A reply proves api.anthropic.com is
# bumped TLS tunnel. Baseline: the proxy isn't just blocking everything. # reachable through pipelock end-to-end: bumped TLS handshake, DLP
Type `! curl --proxy "$HTTPS_PROXY" -sw 'status=%{http_code}\n' -o /dev/null https://raw.githubusercontent.com/git/git/master/README.md` # scan, and forward all succeed. No `!` prefix — this is the AI
# answering through the same proxy the other probes try to bypass.
Type "hello there"
Enter Enter
Sleep 5s Sleep 9s
# Probe 2 — non-allowlisted host. Pipelock's host filter refuses to # Probe 2 — non-allowlisted host. Pipelock's host filter refuses to
# forward; DLP doesn't even get a chance to run. # forward; DLP doesn't even get a chance to run.