The previous demo harness called the backend Python API directly,
which didn't match what a user typing `./cli.py start <agent>` would
actually see. The recording now goes through the real CLI surface:
- claude-bottle.demo.json + scripts/demo-setup.sh stage a demo
manifest (one bottle, FAKE_TOKEN env, one unreachable git upstream)
alongside a dummy SSH identity at ~/.cache/claude-bottle-demo/.
- docs/demo.tape types `./cli.py start demo`, answers the y/N
preflight, and runs four bash probes via claude's `!` prefix
(curl x3 + git push), so the recording shows real preflight output
and real probe results.
- scripts/demo.sh wraps setup -> cli.py -> teardown for human use;
scripts/demo-record.sh does the same around `vhs docs/demo.tape`.
- .gitignore picks up claude-bottle.json so a user's local manifest
doesn't get tracked alongside .example / .demo siblings.
scripts/demo_harness.py is removed -- its behavior is fully replaced
by the cli.py + `!` flow.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
scripts/demo.sh + scripts/demo_harness.py drive a real bottle through
four probes (pipelock allow, host-allowlist block, DLP body-scan
block, git-gate gitleaks rejection). docs/demo.tape is the VHS source
that renders docs/demo.gif, embedded at the top of the README as a
working proof of the security model the prose describes.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
didericis