Filter config files
The standalone TOML files for filter-specific data — paths, secrets, egress, canaries, and more.
Some filters carry too much data to live inline in config.toml. Those filters get
dedicated TOML files in config/filters/, referenced by path from the main config.
The files
| File | Filter | What it carries |
|---|---|---|
paths.toml | 2: Static path matching | Curated deny/allow path patterns. |
capabilities.toml | 6: Capability enforcement | Capability classes per profile. |
secrets.toml | 7: Secret scanning | 1,600+ regex patterns for credential shapes. |
commands.toml | 8: Command structure analysis | Dangerous-command patterns. |
egress.toml | 9: Egress policy | Allow/deny hostnames and IP ranges. |
dlp.toml | 10: DLP gate | PII/credit-card patterns, custom data shapes. |
canary.toml | 11: Canary detection | Registered canary tokens (auto-managed by grith canary). |
domains.toml | 12: Destination reputation | Initial reputation seeds. |
containment.toml | 15: Session containment | Zone definitions. |
meta_rules.toml | (scoring engine) | Composite scoring overrides. |
File locations
The shipping default copies live in config/filters/ inside the grith install.
User overrides live in ~/.config/grith/filters/. When a user file is present,
grith layers it on top of the default — entries with the same key replace,
new entries add.
/usr/local/share/grith/config/filters/paths.toml # shipping defaults
~/.config/grith/filters/paths.toml # user layer (optional)
Edit the user layer; leave the shipping defaults alone. grith init regenerates
the user layer if you delete it.
Reload after edit
The filter configs are loaded on daemon start and not watched. After editing:
grith config reload # if daemon running
# OR
grith daemon stop && grith daemon start
For standalone grith exec invocations, the next invocation picks up changes.
Schema per file
Each file's schema is documented on the corresponding filter page (see the table above). The common shape is:
[[allow]]
key = "..."
score = -1.0
reason = "why we allow this"
[[deny]]
key = "..."
score = 4.0
reason = "why we deny this"
Where key varies per filter (path glob, command pattern, host, regex, etc).
Pro: centralised configs
A Pro team can centrally manage these files via the dashboard and sync to every device. See Centralised policies.
See also
- Configuration overview
- Per-filter pages under Filter reference.