grith.aidocs

[server]

Daemon HTTP server settings — host, port, TLS, rate limits.

The [server] section controls the daemon's HTTP API and dashboard server. Only relevant when running grith daemon.

[server]

KeyTypeDefaultDescription
auto_open_dashboardbooleantrueOpen the dashboard in your browser on startup, handing off the auth token via the URL fragment (never printed to the terminal). Auto-skipped on headless/SSH sessions. When false or unavailable, the CLI prints a single-use pairing URL instead. Override per-run with GRITH_AUTO_OPEN_DASHBOARD=0.
dashboard_dirstring"dashboard/dist"
enabledbooleantrue
hoststring"127.0.0.1"
portinteger3141

[server.rate_limit]

KeyTypeDefaultDescription
enabledbooleantrue
general_rpsinteger100
proxy_test_rpsinteger20
write_rpsinteger10

TLS

By default the daemon binds to 127.0.0.1 only — there is no remote attack surface. To expose the API beyond loopback, either configure native TLS:

[server]
host = "0.0.0.0"

[server.tls]
cert_path = "/etc/grith/cert.pem"
key_path  = "/etc/grith/key.pem"

— or front the daemon with a reverse proxy that terminates TLS. The reverse-proxy path is usually simpler and more secure (centralised cert management, modern cipher suite policies, etc).

See Reverse proxy & TLS.

Rate limits

The rate limits apply per-source-IP. Defaults are conservative; tighten for shared deployments, loosen for high-traffic local use:

  • general_rps — most GET endpoints.
  • write_rps — POST/PUT/DELETE on non-IPC routes.
  • proxy_test_rps/proxy/test specifically. The dry-run endpoint is cheap, so the limit can be relatively generous, but it does run the full filter pipeline.

IPC endpoints (/ipc/*) are not rate-limited at this layer; they're already loopback-restricted.

Dashboard

dashboard_dir points at the static dashboard bundle. The grith binary ships with its dashboard at dashboard/dist. If you build a custom dashboard, point at your bundle here.

Auto-open & browser authorisation

auto_open_dashboard (default true) controls whether grith dashboard start, grith run, and grith exec open the dashboard in your browser on startup. The auth token is handed off through the URL fragment and never printed to the terminal; auto-open is skipped automatically on headless / SSH sessions, where the CLI prints a single-use pairing link instead.

[server]
auto_open_dashboard = false   # never auto-open; always print a pairing link

Override for a single run with the environment variable:

GRITH_AUTO_OPEN_DASHBOARD=0 grith dashboard start

The dashboard is authenticated on loopback by a per-server token even though it binds 127.0.0.1 only — see grith dashboard → Browser authorisation and Trust boundaries.

See also

Last updated: 2026-05-14Edit this page on GitHub →
© 2026 grith. All rights reserved.