grith.aidocs

Team setup

pro

Roll out grith across a team — single dashboard, shared policies, per-developer audit.

Pro

A team-wide grith deployment looks like this:

  • Each developer runs grith on their own machine (no shared daemon — that would defeat the local trust model).
  • A central dashboard at grith.ai/teams or self-hosted, used for policy authoring, license management, and team-scope analytics.
  • Centralised policies distributed signed to every developer's machine.
  • Notification channels routed to team-shared destinations (Slack, PagerDuty).

This guide walks through the onboarding flow for a new team.

1. Create a team

In the dashboard at grith.ai/teams:

  1. Create team. Pick a name.
  2. Pick a billing plan (annual recommended; saves ~17% over monthly).
  3. Invite teammates via email.

Each invited teammate gets an email with a one-time link. They click → sign in → join the team. The dashboard provisions their seat.

2. Each developer installs

On every developer machine:

curl -fsSL https://grith.ai/install | sh
grith init
grith pro login              # device auth, opens browser

grith pro login walks the developer through the device-auth flow, links the machine to their dashboard account, and pulls down the initial license.

3. Author shared policies

In the dashboard:

  1. Policies → New policy.
  2. Author a profile, threshold overrides, channel mappings.
  3. Publish.

The policy is signed and made available to team devices.

4. Apply on devices

On every device:

grith pro sync

Pulls the published policies, applies signed profiles and filter configs to ~/.config/grith/. Subsequent runs use the team policies automatically.

grith pro sync --dry-run previews changes before applying.

5. Set up channels centrally

In the dashboard:

  1. Channels → Add channel.
  2. Configure Slack / PagerDuty / Telegram / etc. once.
  3. Map severities (canary → critical, queue → warning).

Channel configs sync to every device. Each device delivers its own events to the shared channels — no central event aggregator in the v0.1 design.

6. Verify

On a device:

grith pro status

Should show the team, the latest sync, the active license.

grith notifications test slack

Should land a test message in the team channel.

7. Onboard ongoing

Adding new teammates later: invite from the dashboard, they install, they grith pro login and grith pro sync. They're in. No per-developer cert or key distribution to manage.

Boundaries

  • Audit data stays local by default. Setting general.audit_sync = true opts in to sending summarised audit data to grith.ai for team analytics — even then, raw audit records don't leave the developer's machine.
  • Trust tables stay local. Each developer accumulates their own reputation. Pro can opt into shared reputation per profile; see Team sync.
  • API keys stay local unless explicitly shared via the encrypted keystore (Encrypted team key sync).

See also

PreviousReverse proxy & TLSNextEncrypted team key sync
Last updated: 2026-05-14Edit this page on GitHub →
© 2026 grith. All rights reserved.