tartarus-api 0.1.1

Structured API for sandboxing system (currently utilizing `bubblewrap`)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

# tartarus

Tartarus is tool designed to make it easier to launch processes in sandboxes.

The primary rationale for the development was frustration around agents (including within editors) not having particularly robust configurations for permissions local to a project.

## Why "Tartarus"?

From [Wikipedia](https://en.wikipedia.org/wiki/Tartarus) (on June 6, 2026 at least):

> In Greek mythology, Tartarus is the deep abyss that is used as a dungeon of torment and suffering for the wicked and as the prison for the Titans

Whether AI tools belong here or not is a question that we all have to decide for ourselves.

## CLI

The most straightforward way to use Tartarus is via the CLI tool, which has built-in logic for several common use cases.

### Installation

`tartarus` can be installed via `cargo`:

```bash
cargo install tartarus
```

### Usage

```bash
Usage: tartarus <COMMAND>

Commands:
  list  List all sandboxes in the configuration file
  exec  Execute a process inside a sandbox
  help  Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version
```

```bash
Usage: tartarus exec [OPTIONS] <PROCESS> [ARGS]...

Arguments:
  <PROCESS>  The process to invoke inside the sandbox
  [ARGS]...  The arguments to pass to the sandboxed process

Options:
  -n, --dry-run            Print out the full command that would have been executed instead of running it
  -s, --sandbox <SANDBOX>  The name of the configuration to use
  -h, --help               Print help
```

### Configuration

Sandboxes can be configured via `~/.config/tartarus/config.toml`.

```toml
# `sandboxes.<name>` declares a sandbox with the given name.
[sandboxes.zed_rust_dev]
# Currently, the only supported type of sandbox is "bubblewrap".
# In the future, other sandbox types are planned (e.g. `sandbox-exec` for MacOS).
type = "bubblewrap"
# Optional (default: false)
allow_network_access = true
# The directory to run the sandbox from.
#
# Optional (default: the directory where `tartarus` was invoked from)
working_dir = "/home/user/projects/some-rust-project"
# Directories to make writable inside the sandbox. The root directory is mounted as read-only, so any changes outside of
# the directory where `tartarus` is invoked from or one of the directories specified in `writable_dirs` will fail with permission errors.
#
# Optional (default: [])
writable_dirs = [
    "/home/user/log-files",
]

# Directories to pass through directly from the host to a fake home directory used by the sandbox.
#
# Each entry is a path relative to the home directory of the user invoking the sandbox.
#
# Optional (default: [])
passthrough_home_dirs = [
    ".cache",
    ".local/share",
    ".cargo",
    ".rustup",
]

## Section: overrides
#
# Declares a set of overrides for files under the home directory.
#
# Per TOML specification, using `[[...]]` allows multiple separate instances to concatenate into a single array.
# The path relative to the home directory of the user invoking the sandbox.
#
# The directory will be copied into the sandbox's fake home directory as-is, with potential
# modifications made via overrides below. Specific files can be overridden with custom settings to overwrite the ones
# in the real home directory.

# Zed configuration: override the tool permissions to allow arbitrary usage in the sandbox.

[[sandboxes.zed_rust_dev.override_home_dirs]]
subpath = ".config/zed"

[[sandboxes.zed_rust_dev.override_home_dirs.overrides]]
file = "settings.json"

[sandboxes.zed_rust_dev.override_home_dirs.overrides.type.Zed]
tool_permission = "Allow"

# OpenCode configuration: allow arbitrary access to external directories in the sandbox.

[[sandboxes.zed_rust_dev.override_home_dirs]]
subpath = ".config/opencode"

[[sandboxes.zed_rust_dev.override_home_dirs.overrides]]
file = "opencode.jsonc"

[sandboxes.zed_rust_dev.override_home_dirs.overrides.type.OpenCode]
external_directories = "Allow"

# Arbitrary overrides can be specified via a custom shell commands.
#
# External tool override commands should accept the path to a file with the contents of the original file, which should be modified
# to reflect the state the file should have inside the sandbox.
#
# Note that this does *not* affect the contents of the file outside the sandbox; the file being modified is a temporary copy of the original file.

[[sandboxes.zed_rust_dev.override_home_dirs]]
subpath = ".config/nushell"

[[sandboxes.zed_rust_dev.override_home_dirs.overrides]]
file = "config.nu"

[sandboxes.zed_rust_dev.override_home_dirs.overrides.type.ExternalTool]
name = "add-some-stuff"

[[sandboxes.zed_rust_dev.override_home_dirs.overrides]]
file = "env.nu"

[sandboxes.zed_rust_dev.override_home_dirs.overrides.type.ExternalTool]
name = "add-some-other-stuff"

# Default command to run when no command is specified
[sandboxes.zed_rust_dev.default_command]
name = "zed"
# Optional (default: [])
args = ["."]
```

## Rust API

`tartarus` can also be used as a Rust library via the `tartarus-api` crate. The APIs provide the ability to configure and execute sandboxes above, but with the additional ability to specify arbitrary overrides via implementation of the `Override` trait.

* [crates.io link](https://crates.io/crates/tartarus-api)
* [API documentation](https://docs.rs/tartarus-api)