tirith-config
Installation
SKILL.md
tirith-config
Tirith intercepts shell commands and pasted content to catch homograph URLs (Cyrillic lookalikes, mixed scripts), ANSI escape injection, and curl | bash–style pipe-to-shell patterns. This skill encodes operating procedure — decision logic, verification rituals, and inherent gotchas. The current allowlist and tool version are not encoded here; query them at runtime.
Operating model
Tirith has four moving parts. Treat the live config as source of truth, not memory:
- Shell hook — sourced via
eval "$(tirith init --shell zsh)"in the user's shell profile. This is what wires per-command interception. Hook source files at~/.local/share/tirith/shell/are inert until the eval line is added to the profile. - Policy file —
~/.config/tirith/policy.yaml(global) and.tirith/policy.yaml(per-project, walks up from cwd). The per-project file wins when present. - Audit log —
~/.local/share/tirith/log.jsonl. Redacted previews, not full commands. - Receipts — created by
tirith run <url>. Verifiable later withtirith receipt verify <sha256>.
tirith doctor is the canonical health check; it surfaces hook status, policy detection, and bypass mode in one shot.
Decision tree: a command was blocked
Three responses, each appropriate for a different shape of problem: