Getting Started
Quick Setup
Get Gridlock running in under 10 minutes. Our zero-config deployment means you can start protecting endpoints immediately.
# Install the Gridlock CLI npm install -g @gridlock/cli # Authenticate with your API key gridlock auth login --key glk_live_xxxxxxxxxxxx # Deploy to your first organization gridlock deploy --org "your-msp-name" # Verify all agents are running gridlock status
Pro tip: Use gridlock init for an interactive setup wizard that walks you through your first deployment step by step.
System Requirements
- Node.js: v18 or later
- RAM: 2GB minimum (4GB recommended for 500+ endpoints)
- Disk: 500MB for agent runtime
- Network: Outbound HTTPS (443) to
*.lockthegrid.com - OS: Windows Server 2019+, Ubuntu 20.04+, macOS 13+
- Browser: Chrome 100+, Firefox 100+, Edge 100+, Safari 16+
First Deployment
After authenticating, deploy your first organization:
# Create organization gridlock org create --name "Acme MSP" --tier professional # Add your first client tenant gridlock tenant create --name "Client Corp" --endpoints 150 # Generate deployment package gridlock package generate --tenant "client-corp" --output ./deploy # Deploy via RMM or manual install gridlock deploy push --rmm connectwise --tenant "client-corp"
Deployment typically completes in under 4 hours for a standard 200-endpoint environment.
Agent Configuration
Per-Agent Settings
Each agent has configurable parameters. Settings are managed through the dashboard or via the API.
# View current agent configuration gridlock config show --agent msp-hunter # Set specific agent parameters gridlock config set --agent threat-researcher \ --scan-interval 5m \ --severity-threshold medium \ --auto-quarantine true # Configure compliance framework gridlock config set --agent compliance-engine \ --frameworks soc2,hipaa \ --report-frequency weekly \ --auto-remediate low-risk
Scheduling
Control when agents run and how frequently they execute tasks.
# Set scan schedule for threat researcher gridlock schedule set --agent threat-researcher \ --cron "*/15 * * * *" \ --timezone "America/New_York" # Compliance audit schedule gridlock schedule set --agent compliance-engine \ --cron "0 2 * * 1" \ --timezone "America/New_York"
Default schedules per agent:
- MSP Hunter: Daily at 9:00 AM local time
- Threat Researcher: Every 5 minutes
- Tech Support: Continuous (event-driven)
- Compliance Engine: Weekly (Monday 2:00 AM)
- Onboarding: Event-driven (on new tenant creation)
- Account Manager: Daily health check at 8:00 AM
Escalation Rules
Define when agents should escalate to human operators.
# Configure escalation rules gridlock escalation set --agent threat-researcher \ --severity critical \ --notify "[email protected]" \ --channel slack \ --slack-channel "#security-alerts" # Tech support escalation gridlock escalation set --agent tech-support \ --after-attempts 3 \ --notify "[email protected]" \ --create-ticket true \ --psa connectwise
API Reference
Base URL: https://api.lockthegrid.com/v1
All endpoints require authentication via API key in the Authorization header: Bearer glk_live_xxxxxxxxxxxx
Rate limits: 100 requests/minute on Starter, 1000/min on Professional, unlimited on Enterprise.
Health Check
Returns platform health status and agent availability.
Response
{
"status": "healthy",
"uptime": 86400,
"agents": {
"msp-hunter": "active",
"threat-researcher": "active",
"tech-support": "active",
"compliance-engine": "active",
"onboarding": "active",
"account-manager": "active"
},
"version": "1.4.2"
}
Authentication
Authenticate and receive a JWT token.
Parameters
{
"email": "[email protected]",
"password": "********"
}
Response
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"expires": "2026-04-15T17:00:00Z",
"user": { "id": "usr_abc123", "role": "admin" }
}
Refresh an expiring JWT token.
Parameters
{ "token": "eyJhbGciOiJIUzI1NiIs..." }
Generate a new API key for programmatic access.
Parameters
{ "name": "CI/CD Pipeline", "permissions": ["read", "agents:manage"] }
Agents
List all agents and their current status.
Response
{
"agents": [
{ "id": "msp-hunter", "status": "active", "lastRun": "2026-04-14T16:00:00Z" },
{ "id": "threat-researcher", "status": "active", "lastRun": "2026-04-14T16:55:00Z" }
]
}
Get detailed status and configuration for a specific agent.
Parameters
# Path parameter
agentId: msp-hunter | threat-researcher | tech-support | compliance-engine | onboarding | account-manager
Update agent configuration.
Parameters
{
"schedule": "*/30 * * * *",
"settings": { "severityThreshold": "medium" }
}
Manually trigger an agent run.
Billing
Get current subscription details.
List all invoices. Supports ?year=2026 and ?status=paid query params.
Change subscription tier.
Parameters
{ "tier": "professional", "billingCycle": "monthly" }
Outreach
List all MSP Hunter outreach campaigns.
Create a new outreach campaign.
Parameters
{
"name": "Q2 Northeast MSPs",
"targetIcp": { "region": "northeast", "minEndpoints": 100 },
"sequence": ["email-intro", "email-followup-3d", "email-followup-7d"]
}
Events
Stream platform events. Supports SSE and polling. Query params: ?type=threat|compliance|agent, ?since=timestamp, ?tenant=id.
Compliance
List compliance assessments. Query params: ?framework=soc2, ?tenant=id, ?status=pass|fail.
Trigger a new compliance assessment.
Parameters
{
"framework": "soc2",
"tenant": "client-corp",
"type": "continuous"
}
Threat / WP Audit
Run a WordPress security audit for a given URL.
Parameters
{ "url": "https://client-site.com", "depth": "full" }
Response
{
"score": 72,
"issues": [
{ "severity": "high", "type": "outdated-plugin", "detail": "WP Super Cache v1.6 - CVE-2024-12345" },
{ "severity": "medium", "type": "exposed-api", "detail": "REST API enabled without auth" }
],
"recommendations": ["Update WP Super Cache to v1.9+", "Disable REST API or require authentication"]
}
Integrations
Slack Integration
Receive real-time alerts, agent status updates, and threat notifications directly in Slack channels.
# Configure Slack integration gridlock integration add slack \ --webhook "https://hooks.slack.com/services/T..." \ --channel "#security-alerts" \ --events threat,critical,compliance # Or use OAuth flow gridlock integration add slack --oauth
Microsoft Teams Integration
Same capabilities as Slack, delivered to Teams channels via incoming webhooks.
gridlock integration add teams \ --webhook "https://outlook.office.com/webhook/..." \ --channel "Security Alerts"
PSA Tools
Sync tickets, client data, and billing between Gridlock and your PSA.
# ConnectWise PSA gridlock integration add connectwise \ --server "your-psa.connectwisedev.com" \ --company-id "acme" \ --api-key "..." --api-secret "..." # Autotask PSA gridlock integration add autotask \ --server "your-psa.autotask.net" \ --api-user "[email protected]" \ --api-secret "..."
RMM Platforms
Push Gridlock agents to endpoints via your RMM tool.
# ConnectWise RMM (formerly N-central) gridlock rmm push --platform connectwise --tenant "client-corp" # Datto RMM gridlock rmm push --platform datto --tenant "client-corp" # NinjaOne gridlock rmm push --platform ninjaone --tenant "client-corp" # Atera gridlock rmm push --platform atera --tenant "client-corp"
Webhooks
Get real-time HTTP callbacks when events occur in Gridlock.
Setup
# Register a webhook endpoint
gridlock webhook add \
--url "https://your-app.com/api/gridlock-webhook" \
--events "threat.detected,compliance.assessment.complete,agent.alert" \
--secret "whsec_xxxxxxxxxxxx"
Webhook Payload
{
"id": "evt_abc123",
"type": "threat.detected",
"timestamp": "2026-04-14T16:30:00Z",
"tenant": "client-corp",
"data": {
"severity": "critical",
"threat_type": "ransomware",
"endpoint": "WS-ACME-042",
"action_taken": "quarantined"
}
}
Verification
Every webhook includes a X-Gridlock-Signature header. Verify with HMAC-SHA256 using your webhook secret:
// Node.js verification example const crypto = require('crypto'); function verifyWebhook(payload, signature, secret) { const expected = crypto .createHmac('sha256', secret) .update(payload) .digest('hex'); return crypto.timingSafeEqual( Buffer.from(signature), Buffer.from(`sha256=${expected}`) ); }
Retry Policy
Failed webhooks are retried up to 5 times with exponential backoff (1min, 5min, 15min, 1hr, 6hr). After 5 failures, the webhook is disabled and you'll receive an email notification.
Lemon Squeezy Billing Integration
Gridlock uses Lemon Squeezy for subscription management, invoicing, and payment processing.
How It Works
- Subscriptions are created and managed through Lemon Squeezy
- Billing events (creation, renewal, cancellation, failure) trigger webhooks to Gridlock
- Your subscription tier is automatically synced to agent availability
- Invoices are generated monthly or annually based on your billing cycle
Customer Portal
Manage your subscription at https://lockthegrid.com/billing or through the Gridlock dashboard under Settings → Billing.
Webhook Events from Lemon Squeezy
# Gridlock handles these Lemon Squeezy events:
subscription_created → Activate tenant and enable agents
subscription_updated → Sync tier changes to agent config
subscription_cancelled → Grace period (7 days) then deactivate
subscription_expired → Full deactivation, data retained 30 days
payment_failed → Alert admin, 3-day grace period
payment_recovered → Resume normal operations
Note: Downgrading from Professional to Starter will disable agents not included in the Starter tier. Data is retained but agents stop processing.