tirith

tirith is a local, open-source, pre-execution security layer written in Rust. It inspects a command, paste, package install, or AI-agent/MCP tool call BEFORE it executes - the exact moment modern supply-chain and social-engineering attacks land (malicious and typosquatted packages, pipe-to-shell installers, poisoned CI, and prompt-injected AI coding agents). It flags homograph/IDN-spoofed URLs, terminal-injection (ANSI/bidi/zero-width) and steganographic deception, pipe-to-shell and base64 decode-execute chains, credential exfiltration, malicious packages and infrastructure, and unsafe AI-agent or MCP configurations. It installs as a shell hook (bash, zsh, fish, PowerShell; nushell warn-only) and as an inspection engine callable from the CLI, CI, and AI agents. A three-tier pipeline (sub-millisecond fast gate, then a tokenizer, then 110+ detection rules across 16 categories) is backed by a daily Ed25519-signed local threat database built from OpenSSF Malicious Packages, Datadog Security Labs, abuse.ch, ecosyste.ms, and CISA KEV. It also ships an MCP gateway that vets AI-agent shell tool calls and a verified download-and-execute alternative to 'curl | bash'. It runs offline by default and sends no telemetry. No other widely used open-source tool combines pre-execution inspection across shells, pastes, package installs (nine ecosystems), and AI-agent/MCP configs in a single signed, offline, AGPL binary. Traction is organic and unsolicited: 2,400+ GitHub stars, 80+ releases, distribution across nine packaging channels with cosign-signed releases, and integration into Nous Research's Hermes Agent (180k+ stars) as its pre-execution command-vetting layer. FLOSS/fund support sustains ongoing development, expanded AI-agent and MCP detection, and security maintenance for a tool that stays free for everyone.