Tirith is available in four tiers. The Community edition is free and open-source.
Everything you need for personal security. Full detection engine (all 80+ rules), shell hooks for Bash, Zsh, Fish, and PowerShell, MCP server for AI coding tools, local JSONL audit log, YAML policy system, and SARIF output for CI/CD. No account required.
Enhanced output for security professionals. Everything in Community, plus human-readable finding explanations, agent-optimized finding context, rendered content analysis (hidden CSS, color tricks, HTML attributes), early access to new detection rules, and priority GitHub Issues support.
Centralized security for engineering teams. Everything in Pro, plus MITRE ATT&CK technique mapping, remote policy distribution, remote audit log collection, custom DLP redaction patterns, custom detection rules, webhooks (Slack, Teams, PagerDuty), SSO/SAML (Okta, Azure AD), organization-wide license management, and a dedicated support channel.
For organizations with advanced compliance and deployment needs. Everything in Team, plus air-gapped/on-premises deployment support, custom rule development, a dedicated account manager, SLA with guaranteed response times, custom integration support, and volume discounts. Contact sales@tirith.sh.
| Feature | Community | Pro | Team | Enterprise |
|---|---|---|---|---|
| Detection Rules (80+) | ||||
| Shell Hooks (Bash, Zsh, Fish, PS) | ||||
| MCP Server | ||||
| Local JSONL Audit Log | ||||
| YAML Policy System | ||||
| SARIF Output (CI/CD) | ||||
| Human-Readable Explanations | ||||
| Agent-Optimized Context | ||||
| Rendered Content Analysis | ||||
| Early Access Rules | ||||
| MITRE ATT&CK Mapping | ||||
| Remote Policy Distribution | ||||
| Remote Audit Collection | ||||
| Custom DLP Redaction | ||||
| Custom Detection Rules | ||||
| Webhooks (Slack, Teams, PagerDuty) | ||||
| SSO / SAML | ||||
| License Management | ||||
| Air-Gapped / On-Prem | ||||
| Custom Rule Development | ||||
| Dedicated Account Manager | ||||
| SLA & Response Guarantees |