Install Thirsty-Lang
The official toolchain for the Thirsty-Lang governance language. Install with pip, run from Docker, and evaluate programs from the tl CLI. Source is UTF-8; authority is modeled in six tiers (AC0–AC5), and admissibility is decided before execution.
One command gets you the interpreter, the conformance checker, the Shadow → Canonical compiler, and the tl CLI.
$ pip install thirsty-lang==0.8.1$ tl run --demoLive now: package thirsty-lang on PyPI, CLI tl (Thirsty-Lang v0.8.1), and multi-arch images on Docker Hub (thirstyoftp/thirsty-lang) and GHCR (ghcr.io/tp-iamsothirsty/thirsty-lang), both tagged :0.8.1 and :latest.
Installation methods
The reference toolchain ships as a Python package. Installs the `tl` CLI, the conformance checker, and the Shadow → Canonical compiler.
$ pip install thirsty-lang==0.8.1Live on PyPI. Installs the toolchain and the `tl` CLI.
$ tl --versionPrints: Thirsty-Lang 0.8.1
$ tl run --demoRuns the bundled demo: hello, thirsty world!
Install the CLI in an isolated environment so it never collides with project dependencies.
$ pipx install thirsty-langIsolated, globally-available `tl`.
$ tl replOpen an interactive governance REPL.
Run the toolchain hermetically — pinned interpreter, deterministic verdicts, nothing installed on the host. Multi-arch images on Docker Hub and GHCR.
$ docker pull thirstyoftp/thirsty-lang:0.8.1Docker Hub (public, multi-arch). Or :latest.
$ docker pull ghcr.io/tp-iamsothirsty/thirsty-lang:0.8.1GitHub Container Registry mirror (multi-arch).
$ docker run --rm -v $(pwd):/work thirstyoftp/thirsty-lang tl run /work/policy.tlMount the current directory and evaluate a program.
intent "send_outbound_mail";
capability OUT_MAIL { scope: 200, class: AC2 }
action "outbound" {
gate "capability" {
require scope <= 12000 else deny "scope exceeds cap"
require authority >= AC2 else deny "insufficient authority"
}
commit; // ALLOW
}Your first program
Save the program as hello.tl and evaluate it. The CLI prints the terminal verdict, a gate-by-gate audit trace, and a deterministic decision hash you can re-verify later.
$ tl run hello.tlVERDICT ALLOW gate "capability" ⊢ scope <= 12000 pass ⊢ authority >= AC2 pass commit reached hash b3f1…a907
CLI reference
The tl command is the entry point for the whole toolchain.
| Command | Description |
|---|---|
| tl run <file.tl> | Evaluate a program; emit the verdict, audit trace, and decision hash. |
| tl check <file.tl> | Static analysis — parse, type, and conformance checks without executing. |
| tl repl | Interactive governance REPL with the default context loaded. |
| tl compile <file.tl> -o <out.tscgb> | Lower Shadow source to the TSCG-B canonical binary form. |
| tl hash <file.tl> | Print the deterministic decision hash for a program + context. |
| tl fmt <file.tl> | Format source to the canonical style. |
The 6-tier governance model
Every action is classified into one of six authority tiers. The tier a program requests determines which gates must pass before commit is reachable. Higher tiers demand stricter, non-bypassable scrutiny.
No effect. Read-only inspection, documentation, pure evaluation.
Low-footprint, reversible actions within a single capability.
Routine governed execution — the default class for outbound actions.
Cross-capability effects requiring continuity and ledger readiness.
Changes to governing logic. Quorum and matching shadow required.
Root-of-trust operations. Maximum scrutiny; SAFE_HALT on conflation.
- Python 3.10+ for the pip/pipx toolchain; Docker 24+ for the container image.
- The browser playground runs the same reference semantics with no install required.
- LIVE The packaged toolchain is published on PyPI, Docker Hub, and GHCR at v0.8.1; the in-browser interpreter mirrors the same reference semantics.