Skip to main content

Use cases

Each use case below is a real, unedited Claude Code session in which a developer asks Claude to do supply-chain work and Claude runs the real cilock CLI to do it. The recordings are replayed as selectable terminal text (not video), so you can read every command and every result.

  • Rebuild a compromised package — LiteLLM was backdoored on PyPI, so build it yourself from a forked source under eBPF, verify the chain against a signed policy, install it with zero egress, and use it.
  • Catch a compromised CI dependency — a force-pushed tag turns a pinned action into a credential harvester; CI/lock's eBPF tracing and secret scanning catch it and a signed policy blocks the release.
  • Signed compliance evidence (GRC) — a CIS Ubuntu scan becomes a signed attestation mapped to NIST 800-53 / FedRAMP; a policy blocks the release on high-severity failures. The compliance scanners are compiled in with the rookery builder.
  • Release gates — verifying a signed attestation against a Witness policy: one build that passes the gate, and one that the gate blocks.