tidesman-mcp
Health Uyari
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 6 GitHub stars
Code Gecti
- Code scan — Scanned 2 files during light audit, no dangerous patterns found
Permissions Gecti
- Permissions — No dangerous permissions requested
Bu listing icin henuz AI raporu yok.
Tidesman — a free native MCP server for running, understanding, and debugging Linux containers with Apple's container tool. Public downloads + docs.
Tidesman
A free native MCP server for running, understanding, and debugging Linux containers with Apple's container tool.
It lets an AI assistant (Claude Desktop, Claude Code, or any MCP-compatible client) list,
run, inspect, and clean up Linux containers on your Mac, safely and with a full audit trail.
This repository is the public download and documentation home for Tidesman. The source is
maintained privately; the binaries published here are signed with an Apple Developer ID
certificate and notarized by Apple.
Demo
Demo coming with the first release.
What it is
MCP (Model Context Protocol) is an open standard that lets an AI assistant call external
tools: small functions that do real work, such as listing or starting containers. Tidesman is
the server side of that standard: it offers a set of container tools, and the AI is the client
that calls them.
Apple's container is Apple's tool for running Linux containers on macOS. Normally you drive
it by typing commands in a terminal. Tidesman instead talks straight to the background service
that container relies on (its "apiserver"), using Apple's own Swift client library. Going
directly to that service is faster and sturdier than wrapping the command line.
Requirements
- An Apple Silicon Mac running macOS 26 (Apple's container runtime requires both).
- Apple's
containerinstalled and started:container system start.
Install
Tidesman is a signed, notarized binary. Pick whichever channel suits you.
Homebrew (recommended)
brew install JeronimoColon/tidesman/tidesman
This adds the tap and installs tidesman to /opt/homebrew/bin.
Installer package (.pkg)
Download tidesman-<version>.pkg from the
latest release, double-click
it, and follow the prompts. It installs tidesman to /usr/local/bin. The package is signed,
notarized, and stapled, so it verifies even offline.
Direct binary (zip)
Download tidesman-<version>-macos-arm64.zip, unzip it, and move tidesman onto your PATH.
Because the bare binary is not stapled, macOS checks it online the first time you run it.
Claude Desktop one-click (.mcpb)
Download tidesman-<version>.mcpb and open it with Claude Desktop (Settings → Extensions). The
bundle embeds the signed binary and registers the server for you in read-only mode.
Verify your download
Every release ships a SHA256SUMS file. From the folder holding your downloads:
shasum -c SHA256SUMS
Configure your MCP client
Tidesman runs as a local command your client launches over standard input/output. Point the
client at the binary and pass an access mode with --mode (omit it for read-only).
Claude Desktop, edit ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"tidesman": {
"command": "/opt/homebrew/bin/tidesman",
"args": ["--mode=safe"]
}
}
}
Claude Code:
claude mcp add --transport stdio --scope user tidesman \
-- /opt/homebrew/bin/tidesman --mode=safe
Any stdio MCP client (OpenAI Codex and others) works the same way: point it at the binary and
pass the flags as arguments.
What it does
Nine container tools, each tagged by what it can do (Read, Write, or Destructive):
| Tool | Capability | What it does |
|---|---|---|
system_ping |
Read | check the container service is reachable |
container_list |
Read | list containers |
container_inspect |
Read | show a container's full details |
container_logs |
Read | fetch a container's recent output |
container_run |
Write | create and start a container from an image |
container_exec |
Write | run a command inside a running container |
container_stop |
Write | gracefully stop a running container |
container_kill |
Write | stop a container by sending it a signal (SIGKILL by default) |
container_delete |
Destructive | remove a container |
What the capability tags mean: a Read tool observes state and changes nothing. A Write
tool changes a container's state but never removes it; the container survives and can be
inspected or restarted. Destructive is reserved for removing the container itself. Your MCP
client may separately mark some write tools (exec, stop, kill) as destructive, based on the MCP
hints each tool carries: those tools can end work or change data inside a container, even
though the container itself survives. In every mode, all nine tools stay visible to your
assistant; a tool the mode locks says so in its description and refuses until you raise the
mode.
Access modes: safe by default
Tidesman runs at one of three authority levels, set with --mode=, and it starts in the
safest one. If no --mode is given, it is read-only. Every tool is always listed to your
assistant; the mode controls which of them may run.
| Mode | Allows | Tools callable |
|---|---|---|
read-only (default) |
Read | ping, list, inspect, logs (4) |
safe |
Read + Write | the above, plus run, exec, stop, kill (8) |
full |
Read + Write + Destructive | all nine, including delete |
A separate flag, --allow-host-mounts, is required before container_run may mount a folder
from your Mac into a container; it is off by default because a host mount reaches outside the
container's isolation onto your real files.
Security and trust
- Signed and notarized. The binary is signed with an Apple Developer ID certificate and
notarized by Apple, so Gatekeeper runs it without a warning. - Safe by default. Unset mode is read-only; destructive operations require
full; host mounts
require an explicit flag. - Audited. Every tool call is recorded to
~/Library/Logs/tidesman/audit.logand the macOS
unified log: its name, its arguments (with secret-like values redacted), and its outcome. - Honest tool annotations. Every tool declares MCP read-only and destructive hints that match
what it can actually touch, so your client knows the stakes and can ask before anything
risky runs. - Guard your client config. Tidesman's tools cannot change the access mode; it is pinned by
the--modeargument in your MCP client's configuration file. That file lives outside
Tidesman's control, so protect it accordingly: a client that grants its assistant broad
filesystem access would let the assistant edit its own mode. Every audit-log line records
the mode the call ran under, so any change leaves a visible trail.
Privacy Policy
Tidesman collects nothing about you and sends nothing to us: no telemetry, no analytics, no
crash reporting, no accounts. Everything it does happens on your Mac.
- The audit log (tool calls, arguments with secret-like values redacted, outcomes) is written
only to your Mac (~/Library/Logs/tidesman/audit.logand the macOS unified log) and stays
there unless you share it yourself. Delete it whenever you like. - Tidesman opens no network ports. Its only outbound connection is to a container registry
(such as Docker Hub) when you or your assistant asks it to pull an image; that request shares
the image name and your network address with the registry, like any container tool. - Nothing is shared with, sold to, or retained by anyone else.
The full policy lives at tidesman.dev/privacy.html.
Privacy questions: [email protected].
License
Tidesman is proprietary software, provided free of charge under the end-user license in
EULA.txt. It bundles open-source components whose notices are preserved in
THIRD-PARTY-LICENSES.
Links
- Website: https://tidesman.dev
- Report an issue: https://github.com/JeronimoColon/tidesman-mcp/issues
- Contact: [email protected]
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi