Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Tidesman

БесплатноНе проверен

A free native MCP server for running and debugging Linux containers with Apple's container tool.

GitHubEmbed

Описание

A free native MCP server for running and debugging Linux containers with Apple's container tool.

README

Tidesman logo

Tidesman

A free native MCP server for running, understanding, and debugging Linux containers with Apple's container tool.

Latest release Homebrew tap version macOS 26 · Apple Silicon MCP server License: EULA

Website · Downloads

It lets an AI assistant (Claude Desktop, Claude Code, or any MCP-compatible client) list, run, inspect, and clean up Linux containers on your Mac, safely and with a full audit trail.

This repository is the public download and documentation home for Tidesman. The source is maintained privately; the binaries published here are signed with an Apple Developer ID certificate and notarized by Apple.

Demo

Demo coming with the first release.

What it is

How Tidesman works: an AI client speaks MCP over stdio to Tidesman, which talks directly to Apple's container apiserver over XPC to run Linux containers in lightweight VMs.

MCP (Model Context Protocol) is an open standard that lets an AI assistant call external tools: small functions that do real work, such as listing or starting containers. Tidesman is the server side of that standard: it offers a set of container tools, and the AI is the client that calls them.

Apple's container is Apple's tool for running Linux containers on macOS. Normally you drive it by typing commands in a terminal. Tidesman instead talks straight to the background service that container relies on (its "apiserver"), using Apple's own Swift client library. Going directly to that service is faster and sturdier than wrapping the command line.

Requirements

  • An Apple Silicon Mac running macOS 26 (Apple's container runtime requires both).
  • Apple's container installed and started: container system start.

Install

Tidesman is a signed, notarized binary. Pick whichever channel suits you.

Homebrew (recommended)

brew install JeronimoColon/tidesman/tidesman

This adds the tap and installs tidesman to /opt/homebrew/bin.

Installer package (.pkg)

Download tidesman-<version>.pkg from the latest release, double-click it, and follow the prompts. It installs tidesman to /usr/local/bin. The package is signed, notarized, and stapled, so it verifies even offline.

Direct binary (zip)

Download tidesman-<version>-macos-arm64.zip, unzip it, and move tidesman onto your PATH. Because the bare binary is not stapled, macOS checks it online the first time you run it.

Claude Desktop one-click (.mcpb)

Download tidesman-<version>.mcpb and open it with Claude Desktop (Settings → Extensions). The bundle embeds the signed binary and registers the server for you in read-only mode.

Verify your download

Every release ships a SHA256SUMS file. From the folder holding your downloads:

shasum -c SHA256SUMS

Configure your MCP client

Tidesman runs as a local command your client launches over standard input/output. Point the client at the binary and pass an access mode with --mode (omit it for read-only).

Claude Desktop, edit ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "tidesman": {
      "command": "/opt/homebrew/bin/tidesman",
      "args": ["--mode=safe"]
    }
  }
}

Claude Code:

claude mcp add --transport stdio --scope user tidesman \
  -- /opt/homebrew/bin/tidesman --mode=safe

Any stdio MCP client (OpenAI Codex and others) works the same way: point it at the binary and pass the flags as arguments.

What it does

Nine container tools, each tagged by what it can do (Read, Write, or Destructive):

Tool Capability What it does
system_ping Read check the container service is reachable
container_list Read list containers
container_inspect Read show a container's full details
container_logs Read fetch a container's recent output
container_run Write create and start a container from an image
container_exec Write run a command inside a running container
container_stop Write gracefully stop a running container
container_kill Write stop a container by sending it a signal (SIGKILL by default)
container_delete Destructive remove a container

What the capability tags mean: a Read tool observes state and changes nothing. A Write tool changes a container's state but never removes it; the container survives and can be inspected or restarted. Destructive is reserved for removing the container itself. Your MCP client may separately mark some write tools (exec, stop, kill) as destructive, based on the MCP hints each tool carries: those tools can end work or change data inside a container, even though the container itself survives. In every mode, all nine tools stay visible to your assistant; a tool the mode locks says so in its description and refuses until you raise the mode.

Access modes: safe by default

Tidesman runs at one of three authority levels, set with --mode=, and it starts in the safest one. If no --mode is given, it is read-only. Every tool is always listed to your assistant; the mode controls which of them may run.

Mode Allows Tools callable
read-only (default) Read ping, list, inspect, logs (4)
safe Read + Write the above, plus run, exec, stop, kill (8)
full Read + Write + Destructive all nine, including delete

A separate flag, --allow-host-mounts, is required before container_run may mount a folder from your Mac into a container; it is off by default because a host mount reaches outside the container's isolation onto your real files.

Security and trust

  • Signed and notarized. The binary is signed with an Apple Developer ID certificate and notarized by Apple, so Gatekeeper runs it without a warning.
  • Safe by default. Unset mode is read-only; destructive operations require full; host mounts require an explicit flag.
  • Audited. Every tool call is recorded to ~/Library/Logs/tidesman/audit.log and the macOS unified log: its name, its arguments (with secret-like values redacted), and its outcome.
  • Honest tool annotations. Every tool declares MCP read-only and destructive hints that match what it can actually touch, so your client knows the stakes and can ask before anything risky runs.
  • Guard your client config. Tidesman's tools cannot change the access mode; it is pinned by the --mode argument in your MCP client's configuration file. That file lives outside Tidesman's control, so protect it accordingly: a client that grants its assistant broad filesystem access would let the assistant edit its own mode. Every audit-log line records the mode the call ran under, so any change leaves a visible trail.

Privacy Policy

Tidesman collects nothing about you and sends nothing to us: no telemetry, no analytics, no crash reporting, no accounts. Everything it does happens on your Mac.

  • The audit log (tool calls, arguments with secret-like values redacted, outcomes) is written only to your Mac (~/Library/Logs/tidesman/audit.log and the macOS unified log) and stays there unless you share it yourself. Delete it whenever you like.
  • Tidesman opens no network ports. Its only outbound connection is to a container registry (such as Docker Hub) when you or your assistant asks it to pull an image; that request shares the image name and your network address with the registry, like any container tool.
  • Nothing is shared with, sold to, or retained by anyone else.

The full policy lives at tidesman.dev/privacy.html. Privacy questions: [email protected].

License

Tidesman is proprietary software, provided free of charge under the end-user license in EULA.txt. It bundles open-source components whose notices are preserved in THIRD-PARTY-LICENSES.

Links

from github.com/JeronimoColon/tidesman-mcp

Установка Tidesman

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/JeronimoColon/tidesman-mcp

FAQ

Tidesman MCP бесплатный?

Да, Tidesman MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Tidesman?

Нет, Tidesman работает без API-ключей и переменных окружения.

Tidesman — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Tidesman в Claude Desktop, Claude Code или Cursor?

Открой Tidesman на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Tidesman with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development