Live demo page for Sunglasses, the open-source AI agent input filter. Visitors can scan text, files, GitHub repositories, or images against the full tested pattern database in real time. Privacy design: content is scanned in memory and discarded — the demo worker has no storage bindings, no payload logging, no cookies, no telemetry, and its source is public and auditable. Image mode runs OCR in the visitor's browser via self-hosted tesseract.js, so images never leave the visitor's machine; only extracted text is scanned. GitHub mode scans agent-input surfaces only (README, CLAUDE.md, AGENTS.md, .cursorrules, MCP configs, llms.txt) fetched from GitHub's raw domain. Demo caps: 100KB per scan, 30 scans per minute. The product of record is the MIT-licensed local-first scanner: pip install sunglasses.
TL;DR: Free live demo of the Sunglasses AI-agent input scanner. Paste text, scan a GitHub repo, or scan an image (OCR in your browser — the image is never uploaded). Verdicts show the exact pattern ID and matched text. Nothing you scan is stored. The real scanner is free and local-first: pip install sunglasses.
Live Demo · Free · Nothing Stored

What would your agent swallow?

Paste text, drop a file, point it at a GitHub repo, or scan an image — the same 1089-pattern engine as pip install sunglasses, running live. Your content is scanned in memory and discarded.

sunglasses://scan 0 bytes stored

Scans the repo's agent-input surfacesREADME · CLAUDE.md · AGENTS.md · .cursorrules · MCP configs · llms.txt — the files an AI agent actually reads. Fetches only from GitHub's raw domain. Sunglasses is an agent-input scanner, not a code auditor.

Drop an image · click to choose
Screenshots, memes, scanned docs — attacks hide in pictures your agent OCRs.
⛨ OCR RUNS IN YOUR BROWSER — THE IMAGE NEVER LEAVES YOUR MACHINE
100KB cap · 30 scans/min · the pip scanner has neither
1089
Tested Patterns
65
Attack Categories
0
Bytes Stored
<1s
Typical Scan
BLOCK

Known attack signal

The content matched one or more tested attack patterns — with the pattern ID and the exact matched text shown, so you can verify the call yourself. Never a naked red light.

QUARANTINE

Flagged for review

Suspicious but not conclusive — the honest middle. In production this routes to human review instead of silently blocking your pipeline.

ALLOW

No known patterns fired

A clean result is a confidence floor, not a guarantee — novel attacks with no known signature pass any scanner. We say that out loud.

False positive? Tell us and we fix the pattern — every report makes the engine sharper for everyone. Report it in one click. Full honest scope: what we catch vs what we don't.

$ pip install sunglasses

The demo is the appetizer. The real thing runs local-first in your pipeline — no caps, no rate limits, MIT licensed.