Question 1

What is tirith?

Accepted Answer

Tirith is an open-source terminal security tool written in Rust that intercepts and analyzes shell commands and pasted text in real-time, detecting homograph attacks, pipe-to-shell patterns, ANSI injection, and 80+ other threats across 15 categories before they execute.

Question 2

Does tirith require an internet connection?

Accepted Answer

No. Tirith runs entirely offline with zero network calls. All detection logic is compiled into the binary. There is no telemetry, no cloud dependency, and no data leaves your machine.

Question 3

How fast is tirith?

Accepted Answer

Tirith processes clean commands in under 0.1ms via its Tier 1 fast gate. Full analysis across all 80+ rules completes in under 2ms. The shell hook adds negligible latency to command execution.

Question 4

How does tirith detect homograph attacks?

Accepted Answer

Tirith analyzes hostnames character-by-character, detecting non-ASCII characters, mixed-script usage (e.g., Cyrillic characters mixed with Latin), punycode encoding, and confusable Unicode characters that visually mimic legitimate domain names.

Question 5

Is tirith free?

Accepted Answer

Yes. The Community tier is free forever and includes all 80+ detection rules, shell hooks, MCP server, local audit log, YAML policy system, and SARIF output. Team/Enterprise pricing is available for organizations needing centralized management.

Question 6

How does tirith work with AI coding agents?

Accepted Answer

Tirith includes an MCP (Model Context Protocol) server with 7 tools that AI coding agents like Claude Code, Cursor, Codex, and VS Code Copilot call to check commands, URLs, and files for security threats before executing them. Setup is one command: tirith setup claude-code --with-mcp.

Question 7

What shells does tirith support?

Accepted Answer

Tirith supports Bash, Zsh, Fish, and PowerShell on macOS, Linux, and Windows. Shell hooks are installed by adding eval "$(tirith init --shell <shell>)" to your shell configuration file.

Feature	Community	Team / Enterprise
Detection Rules (80+)
Shell Hooks (Bash, Zsh, Fish, PS)
MCP Server
Local JSONL Audit Log
YAML Policy System
SARIF Output (CI/CD)
MITRE ATT&CK Mapping
Remote Policy Distribution
Remote Audit Collection
Custom DLP Redaction
Custom Detection Rules
Webhooks (Slack, Teams, PagerDuty)
SSO / SAML
License Management
Air-Gapped / On-Prem
Custom Rule Development
Dedicated Account Manager
SLA & Response Guarantees

Tiers & Features

Community (Free forever)

Team / Enterprise (Contact us)

Feature Comparison