tirith

Category: Tools & Productivity | Uploader: sheeki03 | Downloads: 0 | Version: v1.0（Latest）

Terminal security analysis for shell environments. This skill should be used when checking commands for supply-chain attacks before execution, scanning repositories for hidden content or config poisoning, scoring URLs for homograph attacks, setting up AI tool protection for Claude Code / Cursor / Codex / Windsurf, downloading and executing scripts safely, investigating why tirith blocked a command, managing trusted patterns, running security audits, configuring MCP gateway proxies, or working with threat intelligence databases. Also use when the user mentions "tirith", "pipe-to-shell", "homograph", "ANSI injection", "zero-width", "punycode", "terminal security", "shell hook", "cloaking detection", "supply chain attack", "bidi override", "invisible unicode", or "config poisoning". Even if the user does not explicitly name tirith, use this skill when they ask about protecting shell environments, intercepting dangerous commands, or hardening AI agent tool execution. --- # tirith — Terminal Security for Developer Environments tirith intercepts shell commands and pasted text, detecting supply-chain attacks before they execute. It catches pipe-to-shell patterns, homograph domains (Cyrillic/Greek lookalikes), ANSI terminal injection, bidi text overrides, zero-width characters, shortened URLs, punycode tricks, and config poisoning. It runs as a shell hook for real-time protection and as a standalone CLI for scanning, scoring, auditing, and AI agent security. ## Quick Start ```bash # Install shell hooks (zsh/bash/fish/powershell/nushell) eval "$(tirith init --shell zsh)" # zsh eval "$(tirith init --shell bash)" # bash tirith init --shell fish | source # fish tirith init --shell nushell | source # nushell # Check a command before running it tirith check -- 'curl https://example.com/install.sh | bash' # Verify installation health tirith doctor ``` ## Detection Rules

Changelog: Source: GitHub https://github.com/sheeki03/tirith

Directory Structure

Current level: tree/main/

📁 .cargo/
- 📄 audit.toml 283 B
📁 .claude/
- 📁 hooks/
  - 📄 tirith-check.py 8.0 KB
- 📄 settings.json 307 B
📁 .cursor/
- 📄 mcp.json 292 B
📁 .github/
- 📁 ISSUE_TEMPLATE/
  - 📄 dogfood-report.md 732 B
- 📁 workflows/
  - 📄 bench.yml 942 B
  - 📄 ci.yml 2.7 KB
  - 📄 fuzz.yml 1.0 KB
  - 📄 release.yml 27.8 KB
  - 📄 threatdb.yml 4.2 KB
- 📄 FUNDING.yml 17 B
📁 assets/
- 📄 cover.png 4.5 MB
📁 crates/
- 📁 tirith/
  - 📁 assets/
    
    📁 configs/
    
    📄 tirith-gateway.yaml 2.8 KB
    
    📁 data/
    
    📄 popular_packages.csv 2.2 KB
    
    📁 hooks/
    
    📄 copilot-cli-hook.py 7.4 KB
    
    📄 cursor-hook.sh 4.7 KB
    
    📄 kiro-hook.py 6.7 KB
    
    📄 openclaw-tirith-guard.ts 5.1 KB
    
    📄 tirith-check.py 8.0 KB
    
    📄 tirith-guard.ts 5.2 KB
    
    📄 tirith-security-guard-gemini.py 6.8 KB
    
    📄 vscode-hook.sh 5.3 KB
    
    📄 windsurf-hook.sh 3.2 KB
    
    📄 zshenv-guard.zsh 1.8 KB
    
    📁 keys/
    
    📄 threatdb-verify.pub 32 B
    
    📁 shell/
    
    📁 lib/
    
    📄 bash-hook.bash 33.2 KB
    
    📄 fish-hook.fish 11.5 KB
    
    📄 nushell-hook.nu 1.8 KB
    
    📄 powershell-hook.ps1 12.3 KB
    
    📄 zsh-hook.zsh 8.9 KB
    
    📄 tirith.sh 984 B
  - 📁 src/
    
    📁 bin/
    
    📄 tirith_threatdb_compile.rs 46.5 KB
    
    📁 cli/
    
    📁 setup/
    
    📄 fs_helpers.rs 19.2 KB
    
    📄 fs_helpers_windows.rs 10.9 KB
    
    📄 merge.rs 50.4 KB
    
    📄 mod.rs 21.5 KB
    
    📄 shell_profile.rs 17.6 KB
    
    📄 tools.rs 48.7 KB
    
    📄 zshenv.rs 21.9 KB
    
    📄 audit.rs 8.4 KB
    
    📄 check.rs 13.3 KB
    
    📄 checkpoint.rs 6.7 KB
    
    📄 completions.rs 224 B
    
    📄 daemon.rs 25.2 KB
    
    📄 diff.rs 4.0 KB
    
    📄 doctor.rs 47.2 KB
    
    📄 explain.rs 3.8 KB
    
    📄 fetch.rs 1.9 KB
    
    📄 gateway.rs 73.1 KB
    
    📄 hook_event.rs 467 B
    
    📄 init.rs 12.9 KB
    
    📄 last_trigger.rs 5.1 KB
    
    📄 license_cmd.rs 8.6 KB
    
    📄 manpage.rs 323 B
    
    📄 mcp_server.rs 269 B
    
    📄 mod.rs 16.0 KB
    
    📄 paste.rs 3.3 KB
    
    📄 policy.rs 12.9 KB
    
    📄 receipt.rs 3.6 KB
    
    📄 run.rs 1.6 KB
    
    📄 scan.rs 12.6 KB
    
    📄 score.rs 2.6 KB
    
    📄 test_harness.rs 3.3 KB
    
    📄 threatdb_cmd.rs 68.7 KB
    
    📄 trust.rs 26.8 KB
    
    📄 warnings.rs 15.4 KB
    
    📄 why.rs 1.9 KB
    
    📄 assets.rs 2.4 KB
    
    📄 main.rs 38.0 KB
  - 📁 tests/
    
    📄 bash_hook_exports.rs 8.7 KB
    
    📄 bash_preexec_enforce.rs 21.2 KB
    
    📄 cli_integration.rs 53.9 KB
    
    📄 help_snapshots.rs 9.9 KB
  - 📄 Cargo.toml 2.5 KB
- 📁 tirith-core/
  - 📁 assets/
    
    📁 data/
    
    📄 confusables.txt 2.1 KB
    
    📄 credential_patterns.toml 4.3 KB
    
    📄 known_domains.csv 3.2 KB
    
    📄 ocr_confusions.tsv 916 B
    
    📄 popular_repos.csv 466 B
    
    📄 public_suffix_list.dat 1.5 KB
    
    📄 rule_explanations.toml 74.1 KB
    
    📄 text_confusables.txt 5.3 KB
    
    📁 keys/
    
    📄 threatdb-verify.pub 32 B
  - 📁 benches/
    
    📄 perf.rs 4.9 KB
  - 📁 src/
    
    📁 mcp/
    
    📄 dispatcher.rs 22.4 KB
    
    📄 mod.rs 69 B
    
    📄 resources.rs 5.3 KB
    
    📄 tools.rs 25.0 KB
    
    📄 types.rs 3.7 KB
    
    📁 network/
    
    📄 dns.rs 3.5 KB
    
    📄 mod.rs 107 B
    
    📄 shorturl.rs 6.5 KB
    
    📁 rules/
    
    📄 cloaking.rs 14.8 KB
    
    📄 codefile.rs 42.8 KB
    
    📄 command.rs 126.9 KB
    
    📄 configfile.rs 58.8 KB
    
    📄 credential.rs 41.4 KB
    
    📄 custom.rs 5.4 KB
    
    📄 ecosystem.rs 7.7 KB
    
    📄 environment.rs 2.7 KB
    
    📄 hostname.rs 14.4 KB
    
    📄 mod.rs 273 B
    
    📄 path.rs 3.8 KB
    
    📄 rendered.rs 39.2 KB
    
    📄 shared.rs 428 B
    
    📄 terminal.rs 26.4 KB
    
    📄 threatintel.rs 43.8 KB
    
    📄 transport.rs 5.4 KB
    
    📄 approval.rs 18.9 KB
    
    📄 audit.rs 17.2 KB
    
    📄 audit_aggregator.rs 27.5 KB
    
    📄 audit_upload.rs 9.5 KB
    
    📄 checkpoint.rs 27.4 KB
    
    📄 confusables.rs 1.6 KB
    
    📄 data.rs 2.6 KB
    
    📄 engine.rs 59.2 KB
    
    📄 escalation.rs 35.6 KB
    
    📄 extract.rs 75.9 KB
    
    📄 homoglyph.rs 6.9 KB
    
    📄 lib.rs 1.1 KB
    
    📄 license.rs 46.3 KB
    
    📄 normalize.rs 7.0 KB
    
    📄 output.rs 12.9 KB
    
    📄 parse.rs 16.8 KB
    
    📄 policy.rs 31.9 KB
    
    📄 policy_client.rs 3.4 KB
    
    📄 policy_validate.rs 21.1 KB
    
    📄 receipt.rs 8.0 KB
    
    📄 redact.rs 16.9 KB
    
    📄 rule_explanations.rs 4.4 KB
    
    📄 rule_metadata.rs 8.6 KB
    
    📄 runner.rs 12.0 KB
    
    📄 sarif.rs 12.2 KB
    
    📄 scan.rs 23.7 KB
    
    📄 script_analysis.rs 3.7 KB
    
    📄 session.rs 11.3 KB
    
    📄 session_warnings.rs 28.0 KB
    
    📄 style.rs 3.3 KB
    
    📄 text_confusables.rs 1.9 KB
    
    📄 threatdb.rs 83.8 KB
    
    📄 threatdb_api.rs 24.2 KB
    
    📄 threatdb_feeds.rs 9.7 KB
    
    📄 tokenize.rs 31.4 KB
    
    📄 url_validate.rs 17.5 KB
    
    📄 util.rs 1.3 KB
    
    📄 verdict.rs 14.8 KB
    
    📄 webhook.rs 18.5 KB
  - 📁 tests/
    
    📄 bypass_regression.rs 7.5 KB
    
    📄 generate_test_fixtures.rs 4.5 KB
    
    📄 golden_fixtures.rs 33.4 KB
    
    📄 policy_integration.rs 14.8 KB
  - 📄 build.rs 35.0 KB
  - 📄 Cargo.toml 1.7 KB
📁 data/
- 📄 confusables.txt 2.1 KB
- 📄 known_domains.csv 3.0 KB
- 📄 popular_repos.csv 466 B
- 📄 public_suffix_list.dat 1.5 KB
📁 docs/
- 📄 compatibility.md 2.4 KB
- 📄 cookbook.md 3.1 KB
- 📄 dogfood-guide.md 1.7 KB
- 📄 homebrew-core.md 734 B
- 📄 roadmap.md 1.4 KB
- 📄 security.md 1.6 KB
- 📄 threat-model.md 3.6 KB
- 📄 troubleshooting.md 12.8 KB
- 📄 uninstall.md 1.8 KB
📁 fuzz/
- 📁 fuzz_targets/
  - 📄 byte_scanner.rs 130 B
  - 📄 extractor.rs 259 B
  - 📄 normalizer.rs 135 B
  - 📄 tokenizer_fish.rs 183 B
  - 📄 tokenizer_posix.rs 184 B
  - 📄 tokenizer_powershell.rs 189 B
  - 📄 url_parser.rs 126 B
- 📄 Cargo.toml 815 B
📁 mcp/
- 📁 clients/
  - 📄 claude-code.md 8.1 KB
  - 📄 codex.md 2.6 KB
  - 📄 copilot-cli.md 3.7 KB
  - 📄 cursor.md 4.2 KB
  - 📄 E2E-CHECKLIST.md 6.1 KB
  - 📄 gemini-cli.md 2.9 KB
  - 📄 kiro.md 6.6 KB
  - 📄 openclaw.md 3.9 KB
  - 📄 pi-cli.md 3.2 KB
  - 📄 vscode.md 4.7 KB
  - 📄 windsurf.md 2.4 KB
- 📄 tirith-gateway.yaml 2.8 KB
📁 npm/
- 📁 darwin-arm64/
  - 📄 LICENSE-AGPL 33.7 KB
  - 📄 LICENSE-COMMERCIAL 400 B
  - 📄 package.json 294 B
- 📁 darwin-x64/
  - 📄 LICENSE-AGPL 33.7 KB
  - 📄 LICENSE-COMMERCIAL 400 B
  - 📄 package.json 288 B
- 📁 linux-arm64/
  - 📄 LICENSE-AGPL 33.7 KB
  - 📄 LICENSE-COMMERCIAL 400 B
  - 📄 package.json 292 B
- 📁 linux-x64/
  - 📄 LICENSE-AGPL 33.7 KB
  - 📄 LICENSE-COMMERCIAL 400 B
  - 📄 package.json 286 B
- 📁 tirith/
  - 📁 bin/
    
    📄 tirith 1.1 KB
  - 📄 LICENSE-AGPL 33.7 KB
  - 📄 LICENSE-COMMERCIAL 400 B
  - 📄 package.json 558 B
- 📁 win32-x64/
  - 📄 LICENSE-AGPL 33.7 KB
  - 📄 LICENSE-COMMERCIAL 400 B
  - 📄 package.json 288 B
📁 packaging/
- 📁 aur/
  - 📄 PKGBUILD 2.1 KB
  - 📄 tirith.install 473 B
- 📁 chocolatey/
  - 📁 tools/
    
    📄 chocolateyinstall.ps1 609 B
    
    📄 chocolateyuninstall.ps1 92 B
  - 📄 tirith.nuspec 1.0 KB
- 📁 homebrew/
  - 📄 tirith.rb 1.7 KB
- 📁 mise/
  - 📄 tirith.toml 204 B
- 📁 rpm/
  - 📄 tirith.spec 2.4 KB
- 📁 scoop/
  - 📄 tirith.json 796 B
- 📁 windows/
  - 📄 install.ps1 2.4 KB
📁 scripts/
- 📄 codex-upgrade-smoke.sh 9.0 KB
- 📄 install.sh 5.3 KB
- 📄 update-data.sh 828 B
📁 shell/
- 📁 lib/
  - 📄 bash-hook.bash 33.2 KB
  - 📄 fish-hook.fish 11.5 KB
  - 📄 nushell-hook.nu 1.8 KB
  - 📄 powershell-hook.ps1 12.3 KB
  - 📄 zsh-hook.zsh 8.9 KB
- 📄 tirith.sh 984 B
📁 tests/
- 📁 fixtures/
  - 📄 clean.toml 7.1 KB
  - 📄 codefile.toml 4.4 KB
  - 📄 command.toml 35.6 KB
  - 📄 configfile.toml 18.5 KB
  - 📄 credential.toml 1.9 KB
  - 📄 documented_commands.toml 3.5 KB
  - 📄 ecosystem.toml 5.0 KB
  - 📄 environment.toml 1.6 KB
  - 📄 hostname.toml 7.5 KB
  - 📄 path.toml 2.9 KB
  - 📄 policy.toml 2.5 KB
  - 📄 README.md 399 B
  - 📄 rendered.toml 4.0 KB
  - 📄 shell_weirdness.toml 2.7 KB
  - 📄 terminal.toml 11.1 KB
  - 📄 test-threatdb.dat 505 B
  - 📄 threatintel.toml 2.7 KB
  - 📄 transport.toml 4.2 KB
- 📁 install-sh/
  - 📄 verify_sha256.sh 2.9 KB
📁 tools/
- 📁 license-server/
  - 📁 src/
    
    📁 routes/
    
    📄 health.rs 154 B
    
    📄 mod.rs 513 B
    
    📄 receipt.rs 9.5 KB
    
    📄 refresh.rs 2.3 KB
    
    📄 webhook.rs 24.7 KB
    
    📄 config.rs 4.1 KB
    
    📄 db.rs 50.5 KB
    
    📄 error.rs 1.8 KB
    
    📄 main.rs 12.7 KB
    
    📄 sign.rs 3.9 KB
    
    📄 state.rs 276 B
    
    📄 webhook_verify.rs 7.0 KB
  - 📄 Cargo.toml 1.1 KB
- 📁 sign-license/
  - 📁 src/
    
    📄 main.rs 15.6 KB
  - 📄 Cargo.toml 480 B
📄 .dockerignore 40 B
📄 .gitignore 883 B
📄 .pre-commit-hooks.yaml 246 B
📄 action.yml 2.1 KB
📄 Cargo.lock 90.9 KB
📄 Cargo.toml 1.6 KB
📄 CHANGELOG.md 13.9 KB
📄 deny.toml 1.2 KB
📄 Dockerfile 573 B
📄 flake.lock 1.5 KB
📄 flake.nix 2.4 KB
📄 LICENSE-AGPL 33.7 KB
📄 LICENSE-COMMERCIAL 400 B
📄 NOTICE 524 B
📄 README.md 27.7 KB
📄 rustfmt.toml 17 B
📄 SECURITY.md 2.6 KB
📄 SKILL.md 12.5 KB
📄 threatdb-manifest.json 322 B
📄 TIRITH.md 55.5 KB

SKILL.md

---
name: tirith
description: >
  Terminal security analysis for shell environments. This skill should be used
  when checking commands for supply-chain attacks before execution, scanning
  repositories for hidden content or config poisoning, scoring URLs for
  homograph attacks, setting up AI tool protection for Claude Code / Cursor /
  Codex / Windsurf, downloading and executing scripts safely, investigating
  why tirith blocked a command, managing trusted patterns, running security
  audits, configuring MCP gateway proxies, or working with threat intelligence
  databases. Also use when the user mentions "tirith", "pipe-to-shell",
  "homograph", "ANSI injection", "zero-width", "punycode", "terminal security",
  "shell hook", "cloaking detection", "supply chain attack", "bidi override",
  "invisible unicode", or "config poisoning". Even if the user does not
  explicitly name tirith, use this skill when they ask about protecting shell
  environments, intercepting dangerous commands, or hardening AI agent tool
  execution.
---

# tirith — Terminal Security for Developer Environments

tirith intercepts shell commands and pasted text, detecting supply-chain
attacks before they execute. It catches pipe-to-shell patterns, homograph
domains (Cyrillic/Greek lookalikes), ANSI terminal injection, bidi text
overrides, zero-width characters, shortened URLs, punycode tricks, and
config poisoning. It runs as a shell hook for real-time protection and as
a standalone CLI for scanning, scoring, auditing, and AI agent security.

## Quick Start

```bash
# Install shell hooks (zsh/bash/fish/powershell/nushell)
eval "$(tirith init --shell zsh)"              # zsh
eval "$(tirith init --shell bash)"             # bash
tirith init --shell fish | source              # fish
tirith init --shell nushell | source           # nushell

# Check a command before running it
tirith check -- 'curl https://example.com/install.sh | bash'

# Verify installation health
tirith doctor
```

## Detection Rules

tirith uses a three-tier analysis pipeline:
1. **Tier 1** — compiled regex fast gate (sub-millisecond)
2. **Tier 2** — URL/Docker ref extraction, byte scanning for control chars
3. **Tier 3** — full rule evaluation with policy overrides

### Rule categories

| Category | Examples |
|----------|---------|
| **hostname** | Homograph domains, punycode tricks, mixed-script attacks, confusable characters |
| **transport** | Plain HTTP, insecure TLS flags (`--no-check-certificate`), shortened URLs |
| **command** | Pipe-to-shell (`curl \| bash`), dotfile overwrite, archive extract to sensitive paths |
| **terminal** | ANSI escape injection, bidi overrides, zero-width chars, hidden multiline, hangul filler |
| **ecosystem** | Git typosquat, Docker untrusted registry, npm/PyPI lookalike packages |
| **path** | Non-ASCII paths, homoglyph filenames, double-encoding attacks |
| **credential** | Exposed tokens, API keys in command arguments |

Additional categories (codefile, configfile, environment, rendered, threatintel,
custom) are also available.

List all rules: `tirith explain --list`
Filter by category: `tirith explain --list --category terminal`
Explain a specific rule: `tirith explain --rule pipe_to_interpreter`

## Common Workflows

### Intercept dangerous commands

tirith hooks into the shell and checks every command before execution.
Manual check:

```bash
tirith check -- 'curl https://example.com | bash'
tirith check --format json -- 'npm install suspicious-pkg'
tirith check --shell powershell -- 'iwr https://example.com | iex'
```

### Scan a repository for hidden threats

Scan files for invisible Unicode, ANSI escapes, config poisoning, and
hidden content:

```bash
tirith scan ./
tirith scan --ci --fail-on high ./
tirith scan --format sarif ./ > results.sarif
tirith scan --file suspicious.sh
echo "$CLIPBOARD" | tirith scan --stdin
```

Use `--profile` to load a named scan profile from your policy file.

### Score a URL

Get a risk score for a URL before visiting or using it:

```bash
tirith score https://get.example-tool.sh
tirith score --format json https://suspicious-domain.com
```

### Detect server-side cloaking (Unix)

Check if a server returns different content to bots versus browsers:

```bash
tirith fetch https://example.com/install.sh
tirith fetch --format json https://example.com/install.sh
```

### Download and execute safely (Unix)

Download a script, analyze it, and optionally execute with SHA-256
verification and receipt logging:

```bash
tirith run https://get.example-tool.sh
tirith run --no-exec https://example.com/install.sh     # analyze only
tirith run --sha256 abc123... https://example.com/install.sh
```

Verify past executions:

```bash
tirith receipt last
tirith receipt verify a1b2c3d4e5f6
```

### Set up AI tool protection

Configure tirith to guard AI coding agents against prompt injection
and malicious tool calls:

```bash
tirith setup claude-code --with-mcp    # Claude Code + MCP server
tirith setup cursor                     # Cursor
tirith setup codex                      # OpenAI Codex
tirith setup copilot-cli                # GitHub Copilot CLI (run from repo root)
tirith setup gemini-cli --with-mcp     # Gemini CLI + MCP
tirith setup kiro                       # Kiro CLI (formerly Amazon Q)
tirith setup vscode                     # VS Code
tirith setup windsurf                   # Windsurf
tirith setup pi-cli                     # Pi CLI
tirith setup openclaw                   # OpenClaw
```

Preview changes: `tirith setup claude-code --dry-run`
Update hook scripts: `tirith setup claude-code --update-configs`

### MCP gateway proxy

Intercept tool calls from AI agents through an MCP gateway:

```bash
tirith gateway run \
  --upstream-bin npx \
  --upstream-arg @modelcontextprotocol/server-filesystem \
  --config gateway.yaml
tirith gateway validate-config --config gateway.yaml
```

### Investigate a detection

After tirith blocks or warns:

```bash
tirith why                                    # explain last trigger
tirith why --format json                      # machine-readable
tirith explain --rule pipe_to_interpreter     # rule documentation
tirith explain --list --category terminal     # list rules in category
tirith diff https://install.example-cli.dev   # compare against patterns
```

### Manage trusted patterns

Allow specific domains or URLs after review with TTL and rule scoping:

```bash
tirith trust add example.com                              # permanent global
tirith trust add example.com --ttl 7d                     # expires in 7 days
tirith trust add example.com --rule pipe_to_interpreter   # rule-scoped
tirith trust add example.com --scope repo                 # repo-scoped
tirith trust list                                          # show all entries
tirith trust list --format json --expired                  # include expired
tirith trust last                                          # trust from last trigger
tirith trust gc                                            # remove expired entries
```

### Audit and compliance

Export verdicts, generate statistics, and produce compliance reports:

```bash
tirith audit export                                    # JSON export
tirith audit export --format csv --since 2025-01-01    # CSV with date filter
tirith audit stats --format json                       # summary statistics
tirith audit report --format html > report.html        # compliance report
tirith audit report --format markdown                  # markdown report
```

### Session warnings

Track accumulated warnings across a shell session:

```bash
tirith warnings                         # full warning table
tirith warnings --format json           # machine-readable
tirith warnings --summary               # one-line (for shell exit hooks)
tirith warnings --hidden                # show paranoia-filtered findings
tirith warnings --clear                 # clear after display
```

### Threat intelligence

Manage the threat intelligence database for enhanced detection:

```bash
tirith threat-db update          # download/update threat DB
tirith threat-db update --force  # force re-download
tirith threat-db status          # show DB age and entry counts
```

### Policy management

Configure detection behavior with YAML policies:

```bash
tirith policy init              # generate starter policy
tirith policy init --minimal    # minimal template
tirith policy validate          # check for errors
tirith policy test 'curl https://example.com | bash'  # test a command
```

Policy discovery: walks up from cwd to `.git` boundary looking for
`.tirith/policy.yaml`. Fallback: `~/.config/tirith/policy.yaml`.

Features: allowlists, blocklists, severity overrides, fail-open/closed
modes, scan profiles, org trust lists. See `docs/cookbook.md`.

### Diagnostics

```bash
tirith doctor                   # full diagnostic
tirith doctor --fix             # auto-fix detected issues
tirith doctor --fix --yes       # non-interactive fix
tirith doctor --format json     # machine-readable diagnostic
```

### Background daemon

Speed up repeated checks with a persistent daemon:

```bash
tirith daemon start     # start in foreground
tirith daemon stop      # stop running daemon
tirith daemon status    # check status and measure latency
```

## Output Behavior

### Exit codes

| Code | Action | Meaning |
|------|--------|---------|
| 0 | Allow | Safe — no findings or all findings are informational |
| 1 | Block | Dangerous — execution prevented |
| 2 | Warn | Suspicious — execution allowed, user notified |
| 3 | WarnAck | Warn with strict acknowledgement required |

### Output streams per command

| Command | JSON | Human |
|---------|------|-------|
| check, paste | stdout | stderr |
| run, score, diff | stdout | stderr |
| receipt | stdout | stderr |
| scan | stdout | stderr |
| warnings | stdout | stdout |
| warnings --summary | n/a | stderr |
| checkpoint | stdout | stdout |
| fetch | stdout | stdout |
| explain | stdout | stdout |
| doctor | stdout | stdout |
| audit | stdout | stdout |

### Format flags

Most commands accept `--format human|json` (default: human).

| Scope | Valid formats |
|-------|-------------|
| Most commands | `--format human\|json` |
| scan | `--format human\|json\|sarif` |
| audit export | `--format json\|csv` |
| audit report | `--format markdown\|json\|html` |

Legacy `--json` is accepted on most JSON-capable commands.
`audit export` and `audit report` use `--format` only.

## MCP Tools

When running as an MCP server (`tirith mcp-server`), these tools are
available to AI agents:

| Tool | Description |
|------|-------------|
| `tirith_check_command` | Analyze shell commands for pipe-to-shell, homograph URLs, env injection |
| `tirith_check_url` | Score URLs for homograph attacks, punycode tricks, shortened URLs |
| `tirith_check_paste` | Check pasted content for ANSI escapes, bidi controls, zero-width chars |
| `tirith_scan_file` | Scan a file for hidden content, invisible Unicode, config poisoning |
| `tirith_scan_directory` | Recursive scan with AI config file prioritization |
| `tirith_verify_mcp_config` | Validate MCP configs for insecure servers, shell injection in args |
| `tirith_fetch_cloaking` | Detect server-side cloaking (different content for bots vs browsers) |

Register: `tirith setup claude-code --with-mcp`
Run manually: `tirith mcp-server` (JSON-RPC over stdio)

## Subcommand Reference

| Command | Purpose |
|---------|---------|
| `check` | Analyze a command before execution |
| `paste` | Check pasted content for threats |
| `run` | Safely download and execute a script (Unix) |
| `score` | Risk-score a URL |
| `diff` | Compare a URL against known-good patterns |
| `scan` | Scan files for hidden content and config poisoning |
| `fetch` | Detect server-side cloaking (Unix) |
| `why` | Explain the last triggered rule |
| `explain` | Show documentation for a detection rule |
| `setup` | Configure tirith for an AI coding tool |
| `init` | Generate shell hook source line |
| `doctor` | Diagnose installation and configuration |
| `policy` | Manage security policies (init, validate, test) |
| `audit` | Export verdicts, stats, and compliance reports |
| `trust` | Manage trusted patterns with TTL and rule scoping |
| `receipt` | Manage execution receipts from `tirith run` |
| `checkpoint` | File checkpoints for rollback before risky operations |
| `warnings` | Show accumulated session warnings |
| `threat-db` | Manage threat intelligence database |
| `gateway` | MCP gateway proxy for AI agent security |
| `mcp-server` | Run as MCP server (JSON-RPC over stdio) |
| `daemon` | Background daemon for faster checks |
| `license` | Show or manage license status |
| `activate` | Activate a license key |

Comments 0

Latest | Hot

Please login before commenting.

Loading comments...

tirith

Directory Structure

SKILL.md

Report

Notice