Docs

Getting started

Pick a topology

Same detection engine, different deployment shapes. Most people start with Gateway (all-in-one) — one container, gateway + dashboard, done in 60 seconds.

Start here

Gateway (all-in-one)

scottgal/stylobot-all

YARP detection proxy + dashboard in one container. Front your app, hit /_stylobot for the dashboard.

Gateway (proxy only)

scottgal/stylobot-gateway

Minimal proxy surface, no dashboard. Pair with stylobot-ui or the SDKs for a separate dashboard host.

Sidecar

scottgal/stylobot-sidecar

36 MB AOT detector. Your app calls it explicitly over gRPC or REST and decides what to do with the verdict. No proxy hop.

ASP.NET embed

mostlylucid.botdetection (NuGet)

AddStyloBot() + UseStyloBot() in Program.cs. In-process detection, no separate hop.

Dashboard viewer

scottgal/stylobot-ui

Read-only dashboard pointing at a remote gateway started with --enable-api. SignalR live feed; loopback-bind by default.

TypeScript SDK

@mostlylucid/stylobot-ui

Drop the same dashboard widgets into a non-.NET frontend. Talks to a gateway's --enable-api endpoint.

Quickstart

The fastest path. Native install picks itself per OS, click any tab to switch. Docker is OS-independent and bundles the dashboard.

Download the latest release v7.0.0 published 2026-06-01
All assets & checksums →
macOS · Apple Silicon 26.4 MB macOS · Intel 28.7 MB Windows · x64 27.7 MB Windows · Arm 26.0 MB Linux · x64 28.6 MB Linux · Arm 26.8 MB

Direct one-click downloads — GitHub redirects each link to the latest matching asset. Verify with SHA256SUMS.txt.

Native binary · or embed (auto-detected; click to switch)
Full getting-started guide →
  1. 1.
    Install (Homebrew)
    brew install scottgal/stylobot/stylobot
  2. 2.
    Run (foreground — shows the live CLI detection table)
    stylobot 5080 http://localhost:3000

    Add -d to background as a daemon (no CLI UI). The web dashboard ships in stylobot-all (Docker), stylobot-ui (remote viewer), and the UI SDKs (TypeScript, ASP.NET) — see the getting-started guide.

  1. 1.
    Install (Chocolatey or winget)
    choco install stylobot
    winget install Mostlylucid.StyloBot
  2. 2.
    Run (foreground — shows the live CLI detection table)
    stylobot 5080 http://localhost:3000

    Add -d to background as a daemon (no CLI UI). The web dashboard ships in stylobot-all (Docker), stylobot-ui (remote viewer), and the UI SDKs (TypeScript, ASP.NET) — see the getting-started guide.

  1. 1.
    Install (apt, Cloudsmith-signed)
    curl -1sLf 'https://dl.cloudsmith.io/public/mostlylucid/stylobot/setup.deb.sh' | sudo bash
    sudo apt update && sudo apt install stylobot
  2. 2.
    Run (foreground — shows the live CLI detection table)
    stylobot 5080 http://localhost:3000

    Add -d to background as a daemon (no CLI UI). The web dashboard ships in stylobot-all (Docker), stylobot-ui (remote viewer), and the UI SDKs (TypeScript, ASP.NET) — see the getting-started guide.

  1. 1.
    Add the NuGet package to your ASP.NET Core app
    dotnet add package mostlylucid.botdetection
  2. 2.
    Wire it up in Program.cs
    builder.Services.AddStyloBot();
    app.UseStyloBot();

    Detection runs in-process — no proxy hop. The ASP.NET UI SDK package ships the dashboard view components your app can mount at any route. TypeScript SDK is available for non-.NET frontends — see the getting-started guide.

  1. 1.
    Download from GitHub Releases

    Pick the asset for your platform: stylobot-linux-x64.tar.gz, stylobot-linux-arm64.tar.gz, stylobot-osx-arm64.tar.gz, stylobot-osx-x64.tar.gz, or stylobot-win-x64.zip from the releases page.

  2. 2.
    Verify provenance + extract
    gh attestation verify stylobot-linux-x64.tar.gz --owner scottgal
    tar xzf stylobot-linux-x64.tar.gz && chmod +x ./stylobot
  3. 3.
    Run (foreground — shows the live CLI detection table)
    ./stylobot 5080 http://localhost:3000

    Add -d to background as a daemon (no CLI UI). The web dashboard ships in stylobot-all (Docker), stylobot-ui (remote viewer), and the UI SDKs (TypeScript, ASP.NET) — see the getting-started guide.

Docker — any OS
Bundled gateway + dashboard (the free engine in one container)
  1. 1.
    Run
    docker run -p 8080:8080 scottgal/stylobot-all:latest
  2. 2.
    Open the dashboard
    http://localhost:8080/_stylobot

    This is the FOSS engine, no licence required. stylobot-gateway ships the proxy-only image; stylobot-sidecar is a 36 MB AOT detector your app calls directly.

Production hardening

Demo mode runs anywhere; production mode requires an HMAC signing key so signature hashes can't be reversed from your server's source.

1. Generate an HMAC key

stylobot genkey prints a fresh random 32-byte base64 key. openssl rand -base64 32 works too. 

stylobot genkey

2. Set it in appsettings.json (next to the binary)

{
  "SignatureLogging": {
    "SignatureHashKey": "<paste your genkey output here>"
  }
}

Or via env: SignatureLogging__SignatureHashKey="..." — the standard ASP.NET Core config provider applies.

3. Run in production mode

stylobot 5080 http://localhost:3000 --mode production --policy block

Policies: logonly (default in demo), block (default in production), throttle, challenge. Probability threshold defaults to 0.7 — override with --threshold 0.85.

Run as a daemon or system service

The CLI manages its own background process. Use it for one-off backgrounding; use systemd / launchd when you want the OS to keep it running across reboots.

CLI daemon

stylobot start 5080 http://localhost:3000 --mode production --policy block
stylobot status
stylobot logs
stylobot stop

-d on a normal run command is shorthand for the start subcommand. PID file lives at ~/.config/stylobot/stylobot.pid.

systemd (Linux)

The Cloudsmith .deb ships scripts/stylobot.service: 

sudo cp scripts/stylobot.service /etc/systemd/system/
sudo systemctl enable --now stylobot

Default unit runs --mode production. Put your HMAC key in /etc/stylobot/appsettings.json before enabling, or the unit will fail to start.

macOS launchd via Homebrew — read this first

brew services start stylobot works, but the formula's launchd plist hard-codes --mode production. Without an HMAC key set first the service will crash-loop with "Cannot use default HMAC key in production mode". Order matters: 

brew install scottgal/stylobot/stylobot
stylobot genkey
# Save the key into ~/.stylobot/appsettings.json under SignatureLogging:SignatureHashKey
brew services start stylobot

The plist lives at ~/Library/LaunchAgents/homebrew.mxcl.stylobot.plist; edit ProgramArguments if you want to switch the service to --mode demo for a learning install.

Optional bits

Detection works fully without either of these. Turn them on when you want them.

LLM escalation

Ambiguous verdicts can route to a local or hosted LLM. Bring your own key, or run Ollama locally and pay nothing. 

stylobot 5080 http://localhost:3000 --llm ollama
stylobot 5080 http://localhost:3000 --llm openai --llm-key sk-...

For Ollama: stylobot checks at startup whether the model is pulled and prints the exact ollama pull command if it isn't.

Cloudflare Tunnel

Throw real internet traffic at a local install in one command. Requires cloudflared on PATH (brew install cloudflared). 

stylobot 5080 http://localhost:3000 --tunnel

Prints a trycloudflare.com URL on stdout. Add a token for a named tunnel; omit for a quick anonymous one.

Why you can trust the binaries

Every release is built by a public GitHub Actions workflow and signed end-to-end.

  • SLSA provenance attestations on every release. Verify any download: gh attestation verify stylobot-linux-x64.tar.gz --owner scottgal
  • sigstore-signed. Every artifact is rekor-logged so you can audit the signing chain back to a public GitHub Actions run.
  • Cloudsmith-signed apt repo. apt update verifies the repo signature on every fetch.
  • Homebrew formula strips macOS quarantine automatically. The tarball download also ships a clear-quarantine.sh helper.
  • winget published as Mostlylucid.StyloBot by the same release pipeline.
GitHub NuGet Docker Release

Ready for the commercial bits?

The open-source build is the full detection engine. The paid tiers add Postgres + pgvector persistence, hot-reload config editing across a fleet, Redis cluster coordination, scheduled reports, and the platform packs (ASP.NET, Magento, Umbraco, WordPress).

30-day free trial
No credit card
FOSS fallback (export config, drop to free binary)
See plans & tiers Browse the packs

Resources

GitHub

Source, issues, releases.
Docker Hub

amd64 + arm64 images for every variant.
NuGet

Embed detection in your ASP.NET Core app.
FOSS install matrix

Every install path side by side.