The following subcommands are considered stable. Their flags, exit codes, and output format will not change in a backwards-incompatible way within a major version:
check— analyze a command before executionpaste— analyze pasted contentscore— risk score a URLdiff— compare URL against known-goodwhy— explain last triggered rulereceipt— manage execution receiptsinit— initialize shell hooks
These subcommands may change without notice:
run— safe script download/executescan— file and directory scanning for hidden content and config poisoningfetch— server-side cloaking detectioncheckpoint— file checkpoint and rollbackgateway— MCP gateway proxy for AI agent securitysetup— configure tirith for AI coding toolsaudit— audit log export, stats, and compliance reportsactivate— license key activationlicense— license status and managementmcp-server— MCP server mode (JSON-RPC over stdio)doctor— diagnostic outputcompletions— shell completion generation (hidden)manpage— man page generation (hidden)
Exit codes are stable:
| Code | Meaning |
|---|---|
| 0 | Allow (no issues found) |
| 1 | Block (high/critical severity findings) |
| 2 | Warn (medium/low severity findings) |
schema_versionis emitted in all JSON output (currently version 3)- Version 3 changes: added
Infoseverity level (maps toAllowaction), addedhttpie_pipe_shellandxh_pipe_shellrule IDs - JSON fields are additive only: new fields may appear in any release
- Existing fields will not be removed or change type within a major version
- The
findingsarray structure is stable - Evidence types may be extended (e.g.,
homoglyph_analysiswith detailed character info)
- Rule IDs (e.g.,
curl_pipe_shell,punycode_domain) are stable identifiers - Rule wording (title, description) may change
- New rules may be added in any release
- Rules will not be removed within a major version (they may be deprecated)
- Both
policy.yamlandpolicy.ymlextensions are accepted (.yamlpreferred) - Policy format is additive: new keys may appear
- Existing keys will not change semantics within a major version