What is grith

AI agents are making security decisions. That's the problem.

Claude, Codex, Aider, Cline, Goose — they all decide what's safe to run on your machine using probabilistic models. Auto-approve modes don't remove the risk; they just remove the prompts. A malicious README, a poisoned dependency, a clever prompt injection — and suddenly the agent is reading your SSH keys or exfiltrating credentials, with you out of the loop.

grith sits underneath the agent and intercepts every syscall before it runs.

What grith does

• Intercepts every file read, file write, command, and network call your agent makes, using OS-level syscall interception (ptrace + seccomp on Linux). The agent doesn't need to be modified, recompiled, or even cooperative.
• Scores each call against 17 independent security filters running in three phases — static checks, pattern matching, and contextual analysis. Total budget: ~15ms per call.
• Decides automatically when the composite score is unambiguous. Routes the ambiguous middle to a quarantine digest for human review. Blocks the obvious threats outright.

The model never sees a security gate. The filters are deterministic, run outside the model's trust boundary, and don't depend on the model behaving honestly.

What grith is not

• Not a model. grith doesn't generate code, doesn't replace your agent, doesn't decide what your agent should do.
• Not a sandbox. grith runs the real syscall on the real filesystem when it allows; it doesn't redirect or mock. Containment is opt-in per session.
• Not a managed service. The community edition is fully local — no cloud calls, no telemetry. Pro adds optional team sync; Enterprise adds optional SSO and SIEM.

Where to go next

• Installation — install the v0.1 Linux binary
• Quickstart — five-minute walkthrough
• Choose your agent — supervisor profile for Claude Code, Codex, Aider, …
• The threat model — what grith protects against (and what it doesn't)
• Three-phase pipeline — how the 17 filters compose