Back to Product
H7 Demo Kit · 10-minute setup

See H7 detect an AI agent compromise in real time

The demo kit ships with the CI/CD compromise scenario, attack scripts, and a self-contained Docker environment. Clone, run make attack-vercel, and watch H7 emit a signed .cal certificate — then verify it offline with the bundled Ed25519 public key.

Clone on GitHub ↗
Setup in ≈ 10 minutes

What's in the kit

Everything needed to validate H7 on your machine — no cloud account, no account creation.

agents/vercel_agent.pySimulated CI agent under observation
scripts/attack-noise.pyScheduling-entropy drift attack script
attack-vercel.shCI/CD supply-chain compromise simulation (April 2026 scenario)
fixtures/H7_RELEASE_SIGNING.pubEd25519 public key for offline .cal verification
fixtures/baseline.example.jsonSample behavioral baseline (use without live calibration)
docker-compose.ymlFull stack: H7 sensor + monitored agent + sinkhole
MakefileTargets: setup · calibrate · up · attack-vercel · verify · down
README.md10-minute setup walkthrough

10-minute walkthrough

Run the full detection cycle from clone to verified .cal certificate.

01

Clone and fetch binaries

$ git clone https://github.com/pulsaride/h7-demo-kit$ cd h7-demo-kit$ make setup
02

Calibrate and start the monitored environment

$ make calibrate[h7] baseline window: 30s[h7] collecting behavioral fingerprint...[h7] BASELINE_ESTABLISHED ✓$ make up[h7] sensor attached · monitoring agents/vercel_agent.py
03

Trigger the CI/CD compromise scenario

$ make attack-vercel[*] Triggering CI/CD supply-chain attack simulation[h7] DRIFT_DETECTED: behavioral_entropy_threshold_crossed[h7]   unexpected: ptrace→process_vm_readv[h7] ALERT: LIVING_OFF_THE_LAND · agent:vercel_agent[h7]   action: emit .cal certificate + notify operator[h7] .cal signed  sha256:a7f3...d9c1  (Ed25519) ✓
04

Verify the .cal certificate offline

$ make verify[verify] loading key: fixtures/H7_RELEASE_SIGNING.pub[verify] certificate: run/alerts/alert-000000.cal[verify] signature: VALID ✓[verify] agent: vercel_agent[verify] kappa: 0.84  cusum_s: 1.92  h: 0.32[verify] action: ALERT_EMITTED

System requirements

OS
Linux ≥ 5.15 (eBPF CO-RE required)
Docker
Docker + Compose v2
Arch
x86_64 or aarch64
RAM
2 GB minimum
Setup time
≈ 10 minutes
Windows note: WSL2 with a ≥5.15 kernel works for the attack scenarios but does not support the live eBPF probe. Native Linux or a Linux VM is required for full probe functionality.
Verified: offline certificate validation included

Ready to see it live?

Clone the demo kit and run the CI/CD compromise scenario on your machine in under 10 minutes. No cloud account. No signup. Just a Linux machine and Docker.

Clone on GitHub ↗Book a Contextual Pilot