Task ID: t124 | Estimate: ~20m (ai:15m test:3m read:2m) | Logged: 2026-02-03
Tags: security tools terminal
Notes
Tirith (1,300 stars, Rust, AGPL-3.0) - also see t104 plan: Tirith's tirith run command provides verified download-then-execute as the implementation vehicle for curl|sh hardening. - terminal security tool that catches attacks browsers block but terminals don't. 30 rules across 7 categories: 1) Homograph attacks (Cyrillic/Greek lookalikes, punycode, mixed-script). 2) Terminal injection (ANSI escapes, bidi overrides, zero-width chars). 3) Pipe-to-shell (curl|bash, wget|sh, eval $(wget ...)). 4) Dotfile attacks (downloads targeting ~/.bashrc, ~/.ssh/authorized_keys). 5) Insecure transport (HTTP piped to shell, curl -k). 6) Ecosystem threats (git clone typosquats, untrusted Docker registries, pip/npm URL installs). 7) Credential exposure (userinfo tricks, shortened URLs). Integration options: 1) Add to aidevops setup/onboarding as recommended install. 2) Create tirith.md subagent at tools/security/. 3) Document shell hook setup (eval "$(tirith init)"). 4) Consider MCP wrapper for tirith check command validation. Key features: Sub-millisecond overhead, local-only (no network calls), YAML policy config, bypass with TIRITH=0 prefix. Install: brew install sheeki03/tap/tirith or npm install -g tirith or cargo install tirith.
Synced from TODO.md by issue-sync-helper.sh
Task ID:
t124| Estimate:~20m (ai:15m test:3m read:2m)| Logged: 2026-02-03Tags:
securitytoolsterminalNotes
Tirith (1,300 stars, Rust, AGPL-3.0) - also see t104 plan: Tirith's
tirith runcommand provides verified download-then-execute as the implementation vehicle for curl|sh hardening. - terminal security tool that catches attacks browsers block but terminals don't. 30 rules across 7 categories: 1) Homograph attacks (Cyrillic/Greek lookalikes, punycode, mixed-script). 2) Terminal injection (ANSI escapes, bidi overrides, zero-width chars). 3) Pipe-to-shell (curl|bash,wget|sh,eval $(wget ...)). 4) Dotfile attacks (downloads targeting ~/.bashrc, ~/.ssh/authorized_keys). 5) Insecure transport (HTTP piped to shell,curl -k). 6) Ecosystem threats (git clone typosquats, untrusted Docker registries, pip/npm URL installs). 7) Credential exposure (userinfo tricks, shortened URLs). Integration options: 1) Add to aidevops setup/onboarding as recommended install. 2) Create tirith.md subagent at tools/security/. 3) Document shell hook setup (eval "$(tirith init)"). 4) Consider MCP wrapper fortirith checkcommand validation. Key features: Sub-millisecond overhead, local-only (no network calls), YAML policy config, bypass withTIRITH=0prefix. Install:brew install sheeki03/tap/tirithornpm install -g tirithorcargo install tirith.Synced from TODO.md by issue-sync-helper.sh