alt Hacker NewsBuilding grith — OS-level syscall interception for AI coding agents.
The problem: every agent (Cline, Aider, Codex, Claude Code) has unrestricted access to your filesystem, shell, and network. When they process untrusted content — a cloned repo, a dependency README — they’re prompt injection vectors with full machine access. No existing tool evaluates what the agent actually does at the syscall level.
grith wraps any CLI agent without modification. OS-level interception captures every file open, network call, and process spawn, then runs it through 17 independent security filters in parallel across three phases (~15ms total). Composite score routes each call: auto-allow, auto-deny, or queue for async review. Most will auto approve - which eliminates approval fatigue.
Also does per-session cost tracking and audit trails as a side effect of intercepting everything.
Each syscall taking 15ms on top of the normal considered costly time taken for context switching to the kernel seems excessivly slow, no?