Demo Orchestration
Demo orchestration is included on every plan as part of the dev stack. On demo.behavry.ai it runs continuously.
What this is
Running an AI governance product without any data in it is a bad demo. Behavry ships a demo orchestrator that seeds a tenant with 30 days of realistic-looking activity for a 24-agent enterprise fleet, and a traffic generator that keeps producing new events so dashboards don't go stale mid-pitch.
Use it for:
- Sales POCs where a prospect wants to see what Behavry looks like with data
- Design-partner walkthroughs of new features
- Local development against non-empty state
- The public
demo.behavry.aiinstance
The fleet
24 agent personas across typical enterprise roles:
- Engineering — CI reviewer, PR triage, deployment agent, log analyst
- Security — Alert triage, phishing analyst, malware researcher, compliance checker
- Finance — Expense categorizer, invoice processor, procurement assistant
- Support — Ticket router, knowledge-base assistant, customer summarizer
- HR — Onboarding agent, PTO approver, handbook Q&A
- Sales — Lead researcher, RFP responder, CRM updater
- Data — ETL orchestrator, schema inspector, metric explainer
- Ops — Incident commander, runbook executor, status page updater
Each persona has a realistic tool catalog, a behavioral baseline, a policy footprint, and a traffic pattern (low-variance 9-5 vs 24/7 burst vs long-running workflows).
The 30-day seed
backend/behavry/adversarial/service.py + seed scripts under tests/fixtures/demo/ generate 30 days of audit history backdated to the seed-run timestamp:
- 150,000–250,000 audit events
- 2,000–3,000 behavioral baseline updates
- 500–1,500 DLP hits
- 40–80 HITL escalations (most already resolved)
- 5–10 red-team scenario runs (see below)
The seed is idempotent: running it twice doesn't double the data, and running it against an empty tenant is safe.
Traffic generator
A long-running APScheduler job (or foreground process for dev) generates new events on a loop, calibrated per persona. This is what keeps demo.behavry.ai "live" between ARS runs — dashboards refresh, cost numbers tick up, baselines shift.
Disable with BEHAVRY_DX_TRAFFIC_GENERATOR=false.
Red-team scenarios
Five preconfigured attack scenarios run as scheduled demos:
- Prompt injection from a scraped URL — exercises the inbound scanner
- Cross-session trust reset — exercises Sprint AOC-4 detection
- Delegation chain abuse — a sub-agent tries to elevate privilege via a forged wf_token
- DLP exfiltration — agent attempts to email customer data to an external address
- Behavioral drift — slowly increasing rate of write operations on a read-only agent
Each scenario writes an "attack banner" event so demos can call out the moment the detection fires.
Running the demo
Local dev
cd backend
poetry run python -m behavry.cli.demo seed --tenant default
poetry run python -m behavry.cli.demo traffic --tenant default
Docker Compose
docker compose -f docker/docker-compose.yml run backend \
python -m behavry.cli.demo seed --tenant default
The demo commands are also wired into an "ARS Control" page on demo.behavry.ai for operators.
Related
- Adversarial Red Team Swarm — ARS runs against the demo fleet
- Docker Compose setup