[supervisor]
OS-level supervisor settings — interception mechanism, default profile, noise reduction.
The [supervisor] section controls how grith exec intercepts syscalls and how
noisy a session looks to the filters.
[supervisor]
| Key | Type | Default | Description |
|---|---|---|---|
| default_profile | string | "generic" | — |
| enabled | boolean | true | — |
| freeze_timeout_seconds | integer | 300 | — |
| max_concurrent_sessions | integer | 4 | — |
| pty_forwarding | boolean | true | — |
| require_sandbox | boolean | false | — |
[supervisor.platform]
| Key | Type | Default | Description |
|---|---|---|---|
| linux_mechanism | string | "ptrace" | — |
| macos_mechanism | string | "endpoint-security" | — |
| seccomp_pre_filter | boolean | false | — |
[supervisor.noise_reduction]
| Key | Type | Default | Description |
|---|---|---|---|
| batch_rapid_reads | boolean | true | — |
| batch_window_ms | integer | 50 | — |
| ignore_read_only | boolean | true | — |
[supervisor.dns_inspection]
| Key | Type | Default | Description |
|---|---|---|---|
| enabled | boolean | true | — |
Notes
enabled— whenfalse,grith execfalls back to a no-op pass-through (useful for testing wrapper compatibility without enforcing). Audit log still records calls.default_profile— applied when--profileisn't passed togrith exec. Conservative default:generic.freeze_timeout_seconds— how long a frozen process can wait for a digest decision before grith auto-denies. Should match (or be slightly less than)[proxy] review_timeout_seconds.max_concurrent_sessions— soft cap on simultaneous supervised sessions. Exceeding it returns an error fromgrith execrather than degrading performance.pty_forwarding— required for interactive agents. Disabling breaks agent TUIs.require_sandbox— whentrue, refuses to supervise unless the process is running inside a container or user namespace. Belt-and-braces.
Platform mechanisms
The supervisor uses different OS mechanisms per platform. v0.1 supports ptrace + seccomp on Linux x86_64; other platforms ship in v2.0. See Syscall interception for mechanism details.
Noise reduction
The most useful knobs are:
ignore_read_only— skip filter pipeline forreadsyscalls on already-open fds (theopenwas already scored). Defaulttrue.batch_rapid_reads— coalesce rapid reads from the same fd into a single filter pass perbatch_window_ms. Default 50ms window.
Both are safe to leave on. Disable only for forensic recording where you want
every syscall captured raw (use --trace-syscalls-jsonl on grith exec for that).
See also
Last updated: 2026-05-14Edit this page on GitHub →