Know what your AI coding agent did. Query, filter, and review every action.
Installation • Quick Start • Commands • Supported Agents
Gryph is a local-first audit trail for AI coding agents. It hooks into your agents, logs every action to a local SQLite database, and gives you powerful querying capabilities to understand, review, and debug agent activity.
- Transparency - See exactly what files were read, written, and what commands were run
- Audit Trail - See exactly what your AI coding agent did
- Debugging - Replay sessions to understand what went wrong
- Privacy - All data stays local. No cloud, no telemetry
# Install with Homebrew on MacOS and Linux
brew install safedep/tap/gryph
# Install using npm
npm install -g @safedep/gryph
# Install using Go
go install github.com/safedep/gryph/cmd/gryph@latest# Install hooks for all detected agents
gryph install
# Verify installation
gryph status
# Start using your AI coding agent
# ...
# Review what happened
gryph logsTip
Set logging.level to full in your gryph config to see file diffs and raw events.
You can do this by running gryph config set logging.level full. See Configuration for more details.
Files Modified During Installation
For transparency, here are the files Gryph modifies when you run gryph install:
| Agent | File Modified | Description |
|---|---|---|
| Claude Code | ~/.claude/settings.json |
Adds hook entries to the hooks section |
| Cursor | ~/.cursor/hooks.json |
Creates or updates hooks configuration |
| Gemini CLI | ~/.gemini/settings.json |
Adds hook entries to the hooks section |
| OpenCode | ~/.config/opencode/plugins/gryph.mjs |
Installs JS plugin that bridges to gryph |
| Windsurf | ~/.codeium/windsurf/hooks.json |
Creates or updates hooks configuration |
Existing files are automatically backed up before modification. Backups are stored in the Gryph data directory:
| Platform | Backup Location |
|---|---|
| macOS | ~/Library/Application Support/gryph/backups/ |
| Linux | ~/.local/share/gryph/backups/ |
| Windows | %LOCALAPPDATA%\gryph\backups\ |
Backup files are named with timestamps (e.g., settings.json.backup.20250131120000).
For a complete reference of all commands and flags, see CLI Reference.
# Install hooks for all detected agents
gryph install
# Preview what would be installed
gryph install --dry-run
# Install for a specific agent
gryph install --agent claude-code
# Remove hooks from all agents
gryph uninstall
# Remove hooks and purge all data
gryph uninstall --purge
# Restore original hook config from backup
gryph uninstall --restore-backup# Show last 24 hours
gryph logs
# Today's activity
gryph logs --today
# Filter by agent
gryph logs --agent claude-code
# Stream events in real-time
gryph logs --follow
# Output as JSON
gryph logs --format json# Find all writes to specific files
gryph query --file "src/auth/**" --action file_write
# Commands run in the last week
gryph query --action command_exec --since "1w"
# Activity from a specific session
gryph query --session abc123
# Count matching events
gryph query --action file_write --today --count
# Filter by command pattern
gryph query --command "npm *" --since "1w"
# Include file diffs in output
gryph query --action file_write --show-diff# List all sessions
gryph sessions
# View detailed session history
gryph session <session-id>
# View session with file diffs
gryph session <session-id> --show-diff# See what changed in a specific write event
gryph diff <event-id># Export last hour (default) as JSONL to stdout
gryph export
# Export last week to file
gryph export --since "1w" -o audit.jsonl
# Export a specific agent, including sensitive events
gryph export --agent claude-code --sensitive
# Pipe to jq for ad-hoc analysis
gryph export --since 1d | jq -r '.action_type' | sort | uniq -c | sort -rnNote: The export sub-command outputs raw events as schema-verifiable JSONL.
Each line includes a $schema field pointing to event.schema.json.
Sensitive events are excluded by default; use --sensitive to include them.
See CLI Automation for more jq recipes.
# View retention policy and stats
gryph retention status
# Clean up events older than retention period
gryph retention cleanup
# Preview what would be deleted
gryph retention cleanup --dry-run
# View gryph's own audit trail (installs, config changes)
gryph self-log# Launch interactive stats TUI
gryph stats
# Stats for the last 7 days
gryph stats --since 7d
# Filter by agent
gryph stats --since 30d --agent claude-code# Check installation status
gryph status
# Diagnose issues
gryph doctor| Agent | Status | Hook Support |
|---|---|---|
| Claude Code | Supported | Full (PreToolUse, PostToolUse, Notification) |
| Cursor | Supported | Full (file read/write, shell execution, MCP tools) |
| Gemini CLI | Supported | Full (BeforeTool, AfterTool, Notification) |
| OpenCode | Supported | Full (tool.execute, session events) |
| Windsurf | Supported | Full (file read/write, commands, MCP tools) |
Gryph works out of the box with sensible defaults. Configuration is optional.
# View current config
gryph config show
# Get a specific value
gryph config get logging.level
# Set logging level (minimal, standard, full)
gryph config set logging.level full
# Reset to defaults
gryph config resetLogging levels:
minimal- Action type, file path, timestamp (default)standard- + diff stats, exit codes, truncated outputfull- + file diffs, raw events, conversation context
Sensitive files (.env, *.pem, *secret*, etc.) are detected automatically - actions are logged but content is never stored.
Gryph is designed with privacy as a core principle. All data stays on your machine. There is no cloud component or telemetry.
- Sensitive file detection — Files matching patterns like
.env,*.pem,*.key,*secret*,.ssh/**,.aws/**, and others are automatically detected. Actions on these files are logged but their content is never stored. - Content redaction — Passwords, API keys, tokens, bearer credentials, and AWS keys are automatically redacted from any logged output using pattern matching.
- Content hashing — File contents are stored as SHA-256 hashes by default (
logging.content_hash: true), allowing you to verify file identity without storing the actual content. - Configurable logging levels — Control how much detail is captured with
minimal,standard, orfulllogging levels. - Local-only storage — All audit data is stored in a local SQLite database with configurable retention (default 90 days).
Sensitive path patterns and redaction rules are fully configurable via gryph config.
Gryph installs lightweight hooks into your AI agents. When the agent performs an action (read file, write file, execute command), the hook sends a JSON event to Gryph, which stores it locally. You can then query this audit trail anytime.
Questions, feedback, or want to discuss AI agent security? Join us on Discord.
Apache 2.0 - See LICENSE for details.
