How This Post Was Created
A transparent look at the human-AI collaboration behind “Introducing PolicyVibes: AI-Native TOS Violation Detection”
What you're seeing: This is the actual conversation between a human and Claude that created the blog post. Tool calls show the actions Claude took (searching, reading files, writing code). This transparency helps you understand how AI-generated content is created.
Create a pr
I'll help you create a pull request. Let me first gather information about the current branch and changes.
The current branch `claude/create-pull-request-sbjbJ` is at the same commit as `origin/main`. There are no new changes on this branch to create a pull request from.
To create a PR, we need some changes first. Would you like me to:
1. **Make specific changes** to the codebase?
2. **Create a PR for an existing feature branch**?
I want to create a new blog that describes what https://github.com/securevibes/policyvibes does. Use AskUserQuestion tool to interview me
I found great information about PolicyVibes. Let me interview you to create a compelling blog post.
Question 1: Motivation & Problem
What problem inspired you to build PolicyVibes?
Question 2: Target Audience
Who is the primary audience - Platform providers, developers, or security teams?
Question 3: Why Claude Agent SDK?
Why did you choose to build this with the Claude Agent SDK?
Question 4: Real-World Impact
Do you have any examples of violations PolicyVibes has detected?
Question 5: SecureVibes Ecosystem
How does PolicyVibes fit into the broader SecureVibes project?
Question 6: Blog Tone & Angle
What angle would you like for the blog post?
1. Do some research on the Anthropic incident that cracked down on claude cli wrappers
2. All 3
3. Because policy violations are often difficult to be found via rules based engine since it requires thinking and analyzing
4. Run policyvibes on clawdbot and opencode, capture their output and add these screenshots to the blog
5. It can be run as a standalone agent but it can also be integrated as a subagent inside securevibes
6. Blog should cover a high level breakdown of what the problem is, what happened, how products were violating Anthropic's TOS, how one can run PolicyVibes to find such violations, how easy it is to add more violations via skills, how there is a need for AI native tooling in the GRC/compliance space.
I researched the Anthropic incident, cloned both repositories, and analyzed their source code for TOS violations.
Findings in OpenCode:
- Header spoofing with `anthropic-beta: claude-code-20250219`
- System prompt claiming "You are Claude Code, Anthropic's official CLI"
Findings in Clawdbot:
- Credential extraction from `~/.claude/.credentials.json`
- Reading macOS Keychain "Claude Code-credentials"
- OAuth token refresh with bidirectional sync
I've created a comprehensive blog post with:
- The Anthropic crackdown story
- Four violation types PolicyVibes detects
- Real code examples from both repos
- How to run PolicyVibes
- How to add custom detection skills
- The case for AI-native GRC tooling
the section from "The Future of Compliance" onwards looks not well formatted. Use your browser to format it better and push changes
Done! I've improved the "The Future of Compliance" section with:
- **Section header** with Shield icon and subtitle matching other sections
- **Styled card boxes** with borders and subtle backgrounds for the paragraphs
- **Animated closing statement** with gradient background and CheckCircle2 icon
- **Motion animations** for consistency with the rest of the blog
Changes pushed to branch `claude/create-pull-request-sbjbJ`.
This transcript demonstrates human-AI collaboration in content creation. The human provides direction; Claude handles research, writing, and implementation.
Read the Final Article