Skip to main content
AI coding agents like Claude Code, Cursor, and Gemini CLI can read any file, write anywhere, and run arbitrary commands on your machine. They fire off dozens of tool calls per session, and when something goes wrong there is usually no record of what happened. Gryph gives you that record. Gryph hooks into your AI coding agents, logs every action to a local audit database, and lets you query, review, and replay agent activity. It is an observability tool. It tells you what an agent did, after the fact. It does not block or sandbox agent actions.
Gryph runs fully locally. All data stays on your machine. There is no cloud component, no telemetry, and no SafeDep account or API key.

What Gryph does

  • Records agent activity. Every file read, file write, and command execution becomes a structured event.
  • Stores it locally. Events go to a local SQLite database on your machine. Nothing is transmitted.
  • Lets you investigate. Query, filter, and replay sessions to understand and debug what an agent did.
  • Flags sensitive access. Gryph detects when agents touch sensitive files like .env, keys, and secrets, and it can redact or hash captured content.

Supported agents

Gryph installs lightweight hooks into the agents you already use:
  • Claude Code
  • Cursor
  • Gemini CLI
  • Windsurf
  • OpenCode
  • Codex
  • Pi Agent
The list grows over time. See the Gryph repository for the current set and the events captured for each agent.

Get started

1

Install Gryph

brew install safedep/tap/gryph
Other methods (install script, npm, Go) are in the Gryph README.
2

Install hooks into your agents

gryph install
Gryph detects the AI coding agents on your machine and wires up its hooks.
3

Use your agent normally

Run your AI coding agent as usual. Gryph records activity in the background.
4

Review what happened

gryph logs
View recent agent activity. Use gryph query to filter the audit log and gryph sessions to list recorded sessions.
Gryph is young and changes often. For the latest commands, configuration, and supported agents, see the Gryph repository and its releases.

How it differs from the SafeDep MCP server

Gryph and the SafeDep MCP server both work with AI coding tools, but they solve opposite problems:
  • Gryph observes the agent. It records what the agent reads, writes, and runs on your machine.
  • The MCP server gives capabilities to the agent. It lets the agent ask SafeDep “is this package safe?” before suggesting an install.
Use them together. MCP helps the agent make safer suggestions, and Gryph keeps an audit trail of its actions.

Gryph on GitHub

Full documentation, configuration, and source.

SafeDep MCP server

Give your AI coding tools access to SafeDep package intelligence.