{"id":43093200,"url":"https://github.com/safedep/gryph","last_synced_at":"2026-02-24T09:25:45.938Z","repository":{"id":335678860,"uuid":"1144804405","full_name":"safedep/gryph","owner":"safedep","description":"The AI coding agent audit trail tool","archived":false,"fork":false,"pushed_at":"2026-02-03T18:30:49.000Z","size":2211,"stargazers_count":17,"open_issues_count":3,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-04T07:38:59.954Z","etag":null,"topics":["ai-agents","ai-developer-tools","claude-code","gemini-cli","security"],"latest_commit_sha":null,"homepage":"https://safedep.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/safedep.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security/placeholder.go","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-01-29T04:14:21.000Z","updated_at":"2026-02-04T04:04:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/safedep/gryph","commit_stats":null,"previous_names":["safedep/gryph"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/safedep/gryph","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safedep%2Fgryph","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safedep%2Fgryph/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safedep%2Fgryph/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safedep%2Fgryph/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/safedep","download_url":"https://codeload.github.com/safedep/gryph/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safedep%2Fgryph/sbom","scorecard":{"id":1242795,"data":{"date":"2026-02-01T10:01:19Z","repo":{"name":"github.com/safedep/gryph","commit":"3baf93bb4a22bb1dc17efb73cb6c38d01ffbccea"},"scorecard":{"version":"v5.1.1","commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198"},"score":5.1,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project was created in last 90 days. please review its contents carefully","details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:30","Info: jobLevel 'actions' permission set to 'read': .github/workflows/goreleaser.yml:55","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-npm.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/golangci-lint.yml:7","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/golangci-lint.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/goreleaser.yml:11","Warn: no topLevel permission defined: .github/workflows/publish-npm.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/secret_scan.yml:8","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"}},{"name":"CI-Tests","score":-1,"reason":"no pull request found","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"}},{"name":"SAST","score":10,"reason":"SAST tool detected: CodeQL","details":["Info: SAST configuration detected: CodeQL","Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/safedep/gryph/publish-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/safedep/gryph/publish-npm.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/safedep/gryph/publish-npm.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/publish-npm.yml:94","Info:  19 out of  22 GitHub-owned GitHubAction dependencies pinned","Info:   6 out of   6 third-party GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yml:38"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"}},{"name":"Dependency-Update-Tool","score":0,"reason":"no update tool detected","details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.2.1 not signed: https://api.github.com/repos/safedep/gryph/releases/281895874","Warn: release artifact v0.2.0 not signed: https://api.github.com/repos/safedep/gryph/releases/281885270","Warn: release artifact v0.1.1 not signed: https://api.github.com/repos/safedep/gryph/releases/281792005","Warn: release artifact v0.1.0 not signed: https://api.github.com/repos/safedep/gryph/releases/281790276","Warn: release artifact v0.2.1 does not have provenance: https://api.github.com/repos/safedep/gryph/releases/281895874","Warn: release artifact v0.2.0 does not have provenance: https://api.github.com/repos/safedep/gryph/releases/281885270","Warn: release artifact v0.1.1 does not have provenance: https://api.github.com/repos/safedep/gryph/releases/281792005","Warn: release artifact v0.1.0 does not have provenance: https://api.github.com/repos/safedep/gryph/releases/281790276"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"}},{"name":"Contributors","score":10,"reason":"project has 4 contributing companies or organizations","details":["Info: found contributions from: 3SLabs, boringtools, null-open-security-community, safedep"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/safedep/.github/SECURITY.md:1","Info: Found linked content: github.com/safedep/.github/SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: github.com/safedep/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"}}]},"last_synced_at":"2026-02-01T11:17:36.355Z","repository_id":335678860,"created_at":"2026-02-01T11:17:36.355Z","updated_at":"2026-02-01T11:17:36.355Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29096329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-04T21:00:18.276Z","status":"ssl_error","status_checked_at":"2026-02-04T20:59:11.235Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","ai-developer-tools","claude-code","gemini-cli","security"],"created_at":"2026-01-31T16:18:31.864Z","updated_at":"2026-02-12T11:17:26.301Z","avatar_url":"https://github.com/safedep.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://safedep.io\"\u003e\n    \u003cpicture\u003e\n      \u003csource srcset=\"docs/assets/gryph-banner-dark.svg\" media=\"(prefers-color-scheme: dark)\"\u003e\n      \u003csource srcset=\"docs/assets/gryph-banner-light.svg\" media=\"(prefers-color-scheme: light)\"\u003e\n      \u003cimg src=\"docs/assets/gryph-banner-light.svg\" alt=\"Gryph - AI Coding Agent Audit Trail\" width=\"100%\"\u003e\n    \u003c/picture\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eKnow what your AI coding agent did. Query, filter, and review every action.\u003c/strong\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e •\n  \u003ca href=\"#quick-start\"\u003eQuick Start\u003c/a\u003e •\n  \u003ca href=\"#commands\"\u003eCommands\u003c/a\u003e •\n  \u003ca href=\"#supported-agents\"\u003eSupported Agents\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Website](https://img.shields.io/badge/Website-safedep.io-3b82f6?style=flat-square)](https://safedep.io)\n[![Discord](https://img.shields.io/discord/1090352019379851304?style=flat-square)](https://discord.gg/kAGEj25dCn)\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/safedep/gryph)](https://goreportcard.com/report/github.com/safedep/gryph)\n![License](https://img.shields.io/github/license/safedep/gryph)\n![Release](https://img.shields.io/github/v/release/safedep/gryph)\n[![CodeQL](https://github.com/safedep/gryph/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/safedep/gryph/actions/workflows/codeql.yml)\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \u003cpicture\u003e\n    \u003cimg src=\"docs/assets/gryph-demo-livelogs.png\" alt=\"Gryph - AI Coding Agent Audit Trail - Live Logs\" width=\"90%\"\u003e\n  \u003c/picture\u003e\n\u003c/div\u003e\n\n---\n\n**Gryph** is a local-first audit trail for AI coding agents. It hooks into your agents, logs every action to a local SQLite database, and gives you powerful querying capabilities to understand, review, and debug agent activity.\n\n## Why Gryph?\n\n- **Transparency** - See exactly what files were read, written, and what commands were run\n- **Audit Trail** - See exactly what your AI coding agent did\n- **Debugging** - Replay sessions to understand what went wrong\n- **Privacy** - All data stays local. No cloud, no telemetry\n\n## Installation\n\n```bash\n# Install with Homebrew on MacOS and Linux\nbrew install safedep/tap/gryph\n\n# Install using npm\nnpm install -g @safedep/gryph\n\n# Install using Go\ngo install github.com/safedep/gryph/cmd/gryph@latest\n```\n\n## Quick Start\n\n```bash\n# Install hooks for all detected agents\ngryph install\n\n# Verify installation\ngryph status\n\n# Start using your AI coding agent\n# ...\n\n# Review what happened\ngryph logs\n```\n\n\u003e [!TIP]\n\u003e Set `logging.level` to `full` in your `gryph config` to see file diffs and raw events.\n\u003e You can do this by running `gryph config set logging.level full`. See [Configuration](#configuration) for more details.\n\n\u003cdetails\u003e\n  \u003csummary\u003eFiles Modified During Installation\u003c/summary\u003e\n  \n### Files Modified During Installation\n\nFor transparency, here are the files Gryph modifies when you run `gryph install`:\n\n| Agent       | File Modified                          | Description                              |\n| ----------- | -------------------------------------- | ---------------------------------------- |\n| Claude Code | `~/.claude/settings.json`              | Adds hook entries to the `hooks` section |\n| Cursor      | `~/.cursor/hooks.json`                 | Creates or updates hooks configuration   |\n| Gemini CLI  | `~/.gemini/settings.json`              | Adds hook entries to the `hooks` section |\n| OpenCode    | `~/.config/opencode/plugins/gryph.mjs` | Installs JS plugin that bridges to gryph |\n| Windsurf    | `~/.codeium/windsurf/hooks.json`       | Creates or updates hooks configuration   |\n\n### Backups\n\nExisting files are automatically backed up before modification. Backups are stored in the Gryph data directory:\n\n| Platform | Backup Location                                |\n| -------- | ---------------------------------------------- |\n| macOS    | `~/Library/Application Support/gryph/backups/` |\n| Linux    | `~/.local/share/gryph/backups/`                |\n| Windows  | `%LOCALAPPDATA%\\gryph\\backups\\`                |\n\nBackup files are named with timestamps (e.g., `settings.json.backup.20250131120000`).\n\n\u003c/details\u003e\n\n## Commands\n\n\u003e For a complete reference of all commands and flags, see [CLI Reference](docs/cli-reference.md).\n\n### Install \u0026 Uninstall Hooks\n\n```bash\n# Install hooks for all detected agents\ngryph install\n\n# Preview what would be installed\ngryph install --dry-run\n\n# Install for a specific agent\ngryph install --agent claude-code\n\n# Remove hooks from all agents\ngryph uninstall\n\n# Remove hooks and purge all data\ngryph uninstall --purge\n\n# Restore original hook config from backup\ngryph uninstall --restore-backup\n```\n\n### View Recent Activity\n\n```bash\n# Show last 24 hours\ngryph logs\n\n# Today's activity\ngryph logs --today\n\n# Filter by agent\ngryph logs --agent claude-code\n\n# Stream events in real-time\ngryph logs --follow\n\n# Output as JSON\ngryph logs --format json\n```\n\n### Query Historical Data\n\n```bash\n# Find all writes to specific files\ngryph query --file \"src/auth/**\" --action file_write\n\n# Commands run in the last week\ngryph query --action command_exec --since \"1w\"\n\n# Activity from a specific session\ngryph query --session abc123\n\n# Count matching events\ngryph query --action file_write --today --count\n\n# Filter by command pattern\ngryph query --command \"npm *\" --since \"1w\"\n\n# Include file diffs in output\ngryph query --action file_write --show-diff\n```\n\n### Session Details\n\n```bash\n# List all sessions\ngryph sessions\n\n# View detailed session history\ngryph session \u003csession-id\u003e\n\n# View session with file diffs\ngryph session \u003csession-id\u003e --show-diff\n```\n\n### View File Diffs\n\n```bash\n# See what changed in a specific write event\ngryph diff \u003cevent-id\u003e\n```\n\n### Export for Analysis\n\n```bash\n# Export last hour (default) as JSONL to stdout\ngryph export\n\n# Export last week to file\ngryph export --since \"1w\" -o audit.jsonl\n\n# Export a specific agent, including sensitive events\ngryph export --agent claude-code --sensitive\n\n# Pipe to jq for ad-hoc analysis\ngryph export --since 1d | jq -r '.action_type' | sort | uniq -c | sort -rn\n```\n\n**Note:** The `export` sub-command outputs raw events as schema-verifiable JSONL.\nEach line includes a `$schema` field pointing to [event.schema.json](./schema/event.schema.json).\nSensitive events are excluded by default; use `--sensitive` to include them.\nSee [CLI Automation](./docs/cli-automation.md) for more `jq` recipes.\n\n### Manage Data\n\n```bash\n# View retention policy and stats\ngryph retention status\n\n# Clean up events older than retention period\ngryph retention cleanup\n\n# Preview what would be deleted\ngryph retention cleanup --dry-run\n\n# View gryph's own audit trail (installs, config changes)\ngryph self-log\n```\n\n### Statistics Dashboard\n\n```bash\n# Launch interactive stats TUI\ngryph stats\n\n# Stats for the last 7 days\ngryph stats --since 7d\n\n# Filter by agent\ngryph stats --since 30d --agent claude-code\n```\n\n### Health Check\n\n```bash\n# Check installation status\ngryph status\n\n# Diagnose issues\ngryph doctor\n```\n\n## Supported Agents\n\n| Agent           | Status    | Hook Support                                       |\n| --------------- | --------- | -------------------------------------------------- |\n| **Claude Code** | Supported | Full (PreToolUse, PostToolUse, Notification)       |\n| **Cursor**      | Supported | Full (file read/write, shell execution, MCP tools) |\n| **Gemini CLI**  | Supported | Full (BeforeTool, AfterTool, Notification)         |\n| **OpenCode**    | Supported | Full (tool.execute, session events)                |\n| **Windsurf**    | Supported | Full (file read/write, commands, MCP tools)        |\n\n## Configuration\n\nGryph works out of the box with sensible defaults. Configuration is optional.\n\n```bash\n# View current config\ngryph config show\n\n# Get a specific value\ngryph config get logging.level\n\n# Set logging level (minimal, standard, full)\ngryph config set logging.level full\n\n# Reset to defaults\ngryph config reset\n```\n\n**Logging levels:**\n- `minimal` - Action type, file path, timestamp (default)\n- `standard` - + diff stats, exit codes, truncated output\n- `full` - + file diffs, raw events, conversation context\n\nSensitive files (`.env`, `*.pem`, `*secret*`, etc.) are detected automatically - actions are logged but content is never stored.\n\n## Privacy\n\nGryph is designed with privacy as a core principle. All data stays on your machine. There is no cloud component or telemetry.\n\n- **Sensitive file detection** — Files matching patterns like `.env`, `*.pem`, `*.key`, `*secret*`, `.ssh/**`, `.aws/**`, and others are automatically detected. Actions on these files are logged but their content is never stored.\n- **Content redaction** — Passwords, API keys, tokens, bearer credentials, and AWS keys are automatically redacted from any logged output using pattern matching.\n- **Content hashing** — File contents are stored as SHA-256 hashes by default (`logging.content_hash: true`), allowing you to verify file identity without storing the actual content.\n- **Configurable logging levels** — Control how much detail is captured with `minimal`, `standard`, or `full` logging levels.\n- **Local-only storage** — All audit data is stored in a local SQLite database with configurable retention (default 90 days).\n\nSensitive path patterns and redaction rules are fully configurable via `gryph config`.\n\n## How It Works\n\n\u003cpicture\u003e\n  \u003csource srcset=\"docs/assets/gryph-architecture-dark.svg\" media=\"(prefers-color-scheme: dark)\"\u003e\n  \u003csource srcset=\"docs/assets/gryph-architecture-light.svg\" media=\"(prefers-color-scheme: light)\"\u003e\n  \u003cimg src=\"docs/assets/gryph-architecture-light.svg\" alt=\"Gryph Architecture\" width=\"100%\"\u003e\n\u003c/picture\u003e\n\nGryph installs lightweight hooks into your AI agents. When the agent performs an action (read file, write file, execute command), the hook sends a JSON event to Gryph, which stores it locally. You can then query this audit trail anytime.\n\n## Community\n\nQuestions, feedback, or want to discuss AI agent security? Join us on Discord.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://discord.gg/kAGEj25dCn\"\u003e\u003cstrong\u003eJoin the SafeDep Discord\u003c/strong\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## License\n\nApache 2.0 - See [LICENSE](LICENSE) for details.\n\n---\n\n\u003cp align=\"center\"\u003e\n  Built by \u003ca href=\"https://safedep.io\"\u003eSafeDep\u003c/a\u003e · \u003ca href=\"https://discord.gg/kAGEj25dCn\"\u003eDiscord\u003c/a\u003e\n\u003c/p\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsafedep%2Fgryph","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsafedep%2Fgryph","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsafedep%2Fgryph/lists"}