TartarusAI CLI: An Unfiltered AI Agent for Security Research

TartarusAI CLI — Practical Guide

What it does

tartarusai-cli is the official terminal client for TartarusAI, an uncensored AI coding agent. It solves the problem of mainstream AI models refusing to help with legitimate but “sensitive” development work: security research, penetration testing exercises (e.g., writing a port scanner for your own lab), deobfuscation of scripts from incident response, credential‑rotation tools that involve leaked tokens, and other routine tasks that typical agents block as “unsafe.”

The CLI gives you direct access to the TartarusAI model with no policy filter, no credit‑card requirement (billing is crypto‑only), and a 256K token context window — enough to feed entire repositories into a single prompt. It is designed for professionals who are tired of getting “I can’t help with that” when the work is standard practice in security and development.

How to get started

Prerequisites

• A TartarusAI account. Create one at dash.tartarusai.dev/account.
• A CLI token generated from that dashboard.
• A supported operating system: Linux x86_64 or Windows x86_64. macOS and ARM builds require emailing team@tartarusai.dev to request.

Installation

1. Download the binary for your platform from the latest release.

   Linux x86_64

curl -L -o tartarusai-cli https://github.com/Tartarus-AI/tartarusai-cli/releases/latest/download/tartarusai-cli-linux-x64
chmod +x tartarusai-cli && sudo mv tartarusai-cli /usr/local/bin/

Windows x86_64 (PowerShell)

iwr https://github.com/Tartarus-AI/tartarusai-cli/releases/latest/download/tartarusai-cli-windows-x64.exe -OutFile tartarusai-cli.exe

2. Create the configuration file with your token.

   On Linux/macOS: ~/.tartarus/cli-token.json
   On Windows: %USERPROFILE%\.tartarus\cli-token.json

   The file must contain exactly:

{
  "endpoint":   "https://api.tartarusai.dev",
  "token":      "<paste-here>",
  "user_email": "you@example.com"
}

Replace <paste-here> with the token from your dashboard, and you@example.com with your account email.

3. Run tartarusai-cli from your terminal. No further setup is required.

Activation and billing

• Billing is crypto‑only. You do not need to provide a credit card or set up a recurring payment.
• After payment, the network confirms and the CLI activates within approximately 30 seconds.
• There is a 14‑day refund policy: if the tool does not meet your needs, you can request a full refund within that period.

Practical usage

The README does not provide detailed command‑line examples or workflow descriptions beyond stating that you run tartarusai-cli. Based on the product description, typical use cases include:

• Providing a prompt describing a coding task — e.g., “write a proof‑of‑concept scanner for CVE‑2021‑44228 (Log4Shell) for my lab environment” — and receiving the code directly without refusal.
• Feeding an entire repository (up to 256K tokens of context) into the agent for large‑scale refactoring, analysis, or documentation generation.
• Automating security‑research scripts, credential rotation, or deobfuscation tasks that mainstream models block.

The exact interaction interface (whether it is a REPL, pipeable, or accepts arguments) is not documented in the README. Users should run the binary with --help for flags and usage details, or consult the repository’s other documentation.

Configuration and options

The only documented configuration is the token file:

• File location: ~/.tartarus/cli-token.json (Linux/macOS) or %USERPROFILE%\.tartarus\cli-token.json (Windows).
• Required fields:
  • "endpoint" — must be set to "https://api.tartarusai.dev".
  • "token" — your CLI token from the dashboard.
  • "user_email" — the email address associated with your account.
• No environment variables, additional CLI flags, or alternative configuration files are mentioned.

Known constraints and limitations

The README explicitly states what the tool is not intended for (under the “What this is not” collapsible section):

• It is not a malware factory — no weaponized payloads, stealers, spyware, or exploit kits that attack systems you do not own. Writing proof‑of‑concept code for patched, public CVEs for your own lab is considered standard pentest material and is supported.
• It is not a piracy tool — no DRM bypass, keygens for others’ software, or license cracking.
• It is not a politics bot — it is a coding agent; it ships code, not opinion essays.

No other technical limitations (e.g., maximum file size, offline mode, rate limits) are disclosed in the README. The 256K context window is the only capacity figure given.

Best practices

• Use the tool for legitimate professional work only — security research on systems you own, CTFs, penetration testing with authorization, and everyday development tasks.
• Do not attempt to generate malware, exploit kits targeting others, piracy tools, or any other illegal content. The creators draw a clear ethical line: “The line is what every professional pentest course and CTF runs on.”
• Because the model is uncensored, you are solely responsible for the code it produces and how you apply it. Treat the output as you would any AI‑generated code — review it, test it, and ensure compliance with applicable laws and policies.

Notable procedures

• Upgrade path: not documented. Check the latest release page for new binaries; download and replace your existing binary.
• Migration: no data or settings persist beyond the token file. Re‑creating the token file in the correct location is the only setup step.
• Support and community: if you encounter issues, you can reach out via:
  • Website: tartarusai.dev
  • Discord: https://discord.gg/GfzePawBBd
  • X / Twitter: @TartarusAIDev
  • Reddit: r/TartarusAI
  • Blog: https://tartarusai.dev/blog
  • Email: team@tartarusai.dev (also for requesting macOS/ARM builds)
• No special deployment steps (Docker, cloud, etc.) are mentioned.