MIT Licensed

The engine is open source.

The 49 detectors and dashboard are free. Nothing on your stack calls home. Self-host and keep every request you score.

detectors

~150µs

per request

MIT

licensed

Star on GitHub Install in 30 seconds

What's in the engine

49 detectors

Across protocol, behavior, content, network, and AI layers

129-dim session vectors + HNSW similarity search

Markov-chain transition probabilities, sub-millisecond ANN

Anonymous entity resolution (L0-L5)

Progressive identity across rotation attempts

Leiden clustering

Emergent bot networks by behavioral similarity

Local dashboard with config editor (read)

Same dashboard you see at /dashboard, running on this site

SQLite persistence out of the box

No external DB required for single-node deployments

Optional Ollama / LlamaSharp local LLM escalation

Ambiguous verdicts can route to a locally-hosted model

Simulation packs (WordPress honeypot etc.)

HMAC-canary-embedded fake responses for active engagement

Zero PII

HMAC-SHA256 hashed signatures, PII-stripped user agents

How it sees you

Live · Your Detection Bot

Identified as ClaudeBot

· Known AI training bot: ClaudeBot (Anthropic)
· Known bot pattern: ClaudeBot
· Heuristic model (early): 78 % bot likelihood (19 features)

Top Bots

Name	Hits	Seen
US Bot	130	3h 24m
GPT's Grumpy Giggles	59	12h 40m
Bytespider	28	15h 25m
googlebot	25	2h 28m
Header Huddlebug	7	21h 49m

1–5 of 43

1 …

The binaries

Six install paths. All ship from the same source tree with SLSA provenance attestations and sigstore signatures.

stylobot

CLI / gateway, the headline binary

brew install scottgal/stylobot/stylobot

stylobot-gateway

YARP detection proxy in a Docker container

docker run -p 8080:8080 scottgal/stylobot-gateway

stylobot-all

Gateway + dashboard in one container, simplest deploy

docker run -p 8080:8080 scottgal/stylobot-all

stylobot-sidecar

36 MB native AOT detection sidecar (gRPC + REST)

docker run -p 5090:5090 scottgal/stylobot-sidecar

stylobot-ui

Remote dashboard viewer. SignalR live-feed against a gateway

docker run -p 5095:8080 scottgal/stylobot-ui

mostlylucid.botdetection

NuGet package. Embed as ASP.NET Core middleware

dotnet add package mostlylucid.botdetection

Running it in production

The CLI exposes daemon control directly. Under systemd or launchd it runs as a forking service.

stylobot 5080 http://localhost:3000 -d  # fork to background

stylobot status                          # check health

stylobot stop                            # SIGTERM the daemon

Sample systemd unit

[Service]
Type=simple
ExecStart=/usr/bin/stylobot 5080 http://localhost:3000 --mode production
Restart=on-failure

Why you can trust the binaries

SLSA provenance attestations on every release. Verify with gh attestation verify stylobot-linux-x64.tar.gz --owner scottgal.
sigstore-signed. Every binary is rekor-logged so you can audit the signing chain back to the GitHub Actions run.
Cloudsmith-signed apt repo. apt update verifies the repo signature on every fetch.
Homebrew formula strips macOS quarantine for you. The tarball download also ships with a clear-quarantine.sh helper.
All build logs are public on GitHub Actions. You can trace any binary back to the exact source commit.

What's not in FOSS

The engine is complete. These are the things a licensed deployment adds on top.

Paid

Hot-reload config editor

FOSS dashboard reads policy; paid unlocks live writes without restart.
Paid

PostgreSQL + pgvector persistence

For multi-node deployments and longer retention than SQLite is built for.
Paid

Cross-gateway Redis backplane / fleet management

Shared reputation + live config across N gateways.
Paid

Compliance reports / DPA-aligned audit log

SOC2/GDPR-ready evidence packs.
Paid

Commercial monitoring packs

ASP.NET hot-reload, WordPress, Magento. See pack pricing.

Need fleet, hot-reload, or packs?

The engine stays free. The features that make it run at scale are licensed.

See pricing