Complete reference for all tirith CLI commands.
| 0 | Allow — no issues found |
| 1 | Block — high/critical severity findings |
| 2 | Warn — medium/low severity findings |
| 3 | Warn-ack — acknowledgement required (shell-hook strict-warn protocol) |
tirith check -- <cmd>Analyze a command without executing it. Useful for testing what tirith would flag.
Supports --json, --non-interactive, --shell, and --suggest-safe-command (adds a concrete safer rewrite).
tirith pasteReads from stdin and analyzes pasted content for ANSI escapes, bidi controls, zero-width characters, and hidden content. The shell hook calls this automatically when you paste into the terminal.
tirith score <url>Breaks down a URL's trust signals — TLS, domain age heuristics, known shorteners, Unicode analysis.
tirith diff <url>Byte-level comparison showing exactly where suspicious characters are hiding.
tirith whyExplains the last rule that triggered — what it detected, why it matters, and what to do about it.
tirith explain --rule <id>Show documentation, examples, and remediation for any detection rule. Every Rule ID on the Detection Rules page works here.
Pair with the Detection Rules reference to look up any of the 200+ rule IDs.
tirith run <url>Safe replacement for curl | bash. Downloads to a temp file, shows SHA256, runs static analysis, opens in a pager for review, and executes only after you confirm. Creates a receipt for later verification.
tirith receipt {last,list,verify}Track and verify scripts you've run through tirith run. Each execution creates a receipt with the script's SHA256 hash for auditing.
tirith checkpoint {create,list,restore,diff,purge}Snapshot files before risky operations, then roll back if something goes wrong.
tirith scan [path]Scan files and directories for hidden content, config poisoning, invisible Unicode, and MCP configuration issues. Supports SARIF output for CI integration.
Prioritizes and scans 50+ known AI config file patterns including .cursorrules, CLAUDE.md, .mcp.json, and more.
tirith fetch <url>Check a URL for server-side cloaking — detects when a server returns different content to AI bots vs browsers. Compares responses across 6 user-agents (Chrome, ClaudeBot, ChatGPT-User, PerplexityBot, Googlebot, curl).
tirith ai {scan,diff,quarantine,explain-config,snapshot}Inspect AI agent config files (CLAUDE.md, .cursorrules, agent/skill definitions) for drift. snapshot records a baseline; diff flags hidden-instruction additions and tool-use escalations against it; quarantine isolates a suspect file (copies by default — --move to relocate).
Drift rules (ai_config_hidden_instruction_added, ai_config_tool_use_escalation) are diff-triggered — they need a snapshot and don't fire on a single buffer.
tirith lspRun tirith as a Language Server (LSP) over stdio for editor integration. Publishes diagnostics as you open and edit AI configs, install docs, and source files — picking a per-file-type analysis profile automatically.
Powers the editor experience — see the IDE & Editors guide for VS Code / JetBrains setup.
tirith mcp-serverRun tirith as an MCP server over JSON-RPC stdio. Provides 7 security tools that AI coding agents can call on demand.
See the MCP Integration docs for per-tool setup guides.
tirith gateway {run,validate-config}MCP gateway proxy that intercepts AI agent shell tool calls for security analysis before execution.
tirith setup <tool>One-command setup for AI coding tools. Configures shell hooks, MCP server registration, and zshenv guards.
tirith onboardDetect your repo and environment (shell, IDE configs, AI-config files, package managers on PATH, lockfiles, CI, MCP configs, tirith install state) and recommend a shipping policy template. Read-only by default.
--apply refuses to run non-interactively and never overwrites an existing policy without consent.
tirith policy {init,validate,test,tune}Generate and manage your .tirith/policy.yaml. init scaffolds a starter policy (with --template presets); validate checks syntax/schema/conflicts; test dry-runs a command or file with a match trace; tune --from-audit suggests conservative adjustments from your audit log (suggest-only).
Templates: individual (alias personal), ci-strict, ai-agent-heavy, oss-maintainer, startup, enterprise, mcp-strict. See Configuration for details.
tirith rule {test,validate,explain}Author and check custom detection rules — either a regex custom_rule or a semantic when: DSL (all/any/not over 13 predicates). A rule is regex XOR DSL.
validate rejects a DSL rule whose predicates don't map to its declared context, so a rule can't be silently dead. See the Policy Reference for the DSL.
tirith trust {add,list,explain,diff,remove,gc}Manage trusted patterns without hand-editing policy YAML. Trust is narrow and expiring by default — entries are scoped tightly and expire after 30 days unless you opt out. Broad scopes (domain / wildcard / bare-TLD) require --broad.
tirith threat-db {update,status,explain,sources,health,diff}Manage the signed local threat database (malicious packages, hostnames, and IPs). Verified on download and load. Every subcommand supports --format json; threatdb works as an alias.
By default, shell hooks and tirith check trigger a cheap background refresh at most once every 24h. Suppress per-invocation with --offline or TIRITH_OFFLINE=1.
tirith initPrints the shell hook for your current shell. Add the eval line to your shell profile to activate tirith.
tirith doctorDiagnostic check — shows detected shell, hook status, policy file location, and configuration. Run this if something isn't working.
--quick emits only {schema_version, protection_mode, policy_path_used, hook_active}, skipping the expensive probes.
tirith dashboard {export,serve}Build a local security dashboard from your audit log. Export-by-default writes a self-contained static HTML file (mode 0600). The opt-in serve binds 127.0.0.1 only, with an ephemeral in-memory token (TTL ≤ 1h, never written to disk).
Zero telemetry, zero network beyond the bound loopback port. Every interpolated value is HTML-escaped.
tirith warningsShow accumulated session warnings and suggested trust entries. On shell exit, a one-line summary is printed if any warnings were recorded.
tirith audit {export,stats,report}Audit log management for compliance and analysis.
tirith updateUpdate tirith to the latest release. Defers to your package manager for PM installs; uses an atomic verified self-replace for install.sh / standalone installs.
tirith verify-selfVerify the running binary is the genuine, unmodified official release (checksum + cosign signature). Reports honestly when it cannot verify.
tirith version --provenanceShow version, build info, detected install method, and verification status.
tirith daemon startStart a background daemon for faster checks and warm threat-intel enrichment (Unix). Opt-in — tirith otherwise runs per-command and exits immediately.
tirith activate <key>Activate a license key for Team/Enterprise features.
tirith licenseShow or manage license status. Subcommands: deactivate, refresh.