JJames Gault / AI × Developer
Home / Work / 04 · MockShield

MockShield — a configurable target for SiteProbe.

A FastAPI app that pretends to be a real website with real WAF, rate-limit, and bot-detection rules — so the exact failure modes SiteProbe is supposed to catch can be reproduced on demand.

Role
Solo — companion build
Timeline
Mar 2026
Stack
Python 3.11+, FastAPI, Docker
Status
Live at mockshield.james-gault.com

The problem

Demoing SiteProbe is awkward. You can't point it at a live customer site in a pitch. Services like httpbin don't return different responses based on request profile — they'll cheerfully echo whatever you send. There's no way to show the core feature (detect profile-dependent divergence) without a target that actually has profile-dependent behavior.

Approach

Build a multi-page mock site with a rule engine. Each rule inspects the incoming request (headers, IP, user agent, rate, cookies) and returns a chosen status code — 200, 403, 429, 503. Load a preset scenario JSON and instantly get "this site aggressively blocks bots," "this site rate-limits too tightly," or "this site fingerprints on missing Accept-Language."

Architecture

  • Rule engine (rules/engine.py, rules/evaluators.py, rules/types.py) inspects each request against the active scenario.
  • Stateless — no database. Rules, request logs, and rate counters live in memory.
  • Scenario swaps, rule toggles, and request-log inspection happen through an internal interface (not exposed in the public demo).
  • Preset scenarios ship in-repo: aggressive_bot_detection, strict_rate_limiting, overzealous_fraud_rules, header_fingerprinting, combo_realistic, permissive.

Status & links

Live at mockshield.james-gault.com. Tight-scope companion to SiteProbe — stateless, no database, boots fresh in seconds.

Next project →
05 · MyAssistant