Tidesman — a native MCP server for Apple's container tool
Skip to content
Tidesman
A native MCP server for running, understanding, and debugging Linux containers with Apple's container tool.
A watchful guide for your local containers — it talks straight to Apple's engine, so your AI assistant can see and steer them from any MCP client.
Install Tidesman
View on GitHub
macOS 26 · Apple Silicon<br>Free<br>Signed & notarized<br>Runs locally over stdio
How it works<br>It speaks to Apple's engine directly
Most tools shell out to the container command line and parse its text output. Tidesman links against Apple's own Swift client library and talks to the container engine directly — fewer moving parts, faster calls, structured results instead of scraped strings.
AI client
Claude · Codex · any MCP client
MCP<br>over stdio
Tidesman
native MCP server
Swift client<br>library
Apple's container engine
runs Linux containers
No CLI scraping. Because Tidesman uses the same client library Apple's own container command uses, it doesn't break when output formatting changes — and it returns structured data your assistant can reason about.
Safe by default<br>You decide how much it can touch
One --mode flag sets what the server is allowed to do. It starts read-only. Nothing runs, stops, or gets deleted unless you opt in.
Default<br>--mode=read-only<br>Read-only
Inspect everything, change nothing. The safe place to start.
List and inspect containers
Read logs
Ping the engine
--mode=safe<br>Safe
Everything in Read-only, plus the power to run and manage workloads.
Run and exec into containers
Stop and kill containers
No deletes
--mode=full<br>Full
Everything in Safe, plus destructive operations. Grant deliberately.
Delete containers
All read and write tools
Host mounts are off
Tidesman won't mount folders from your Mac into a container unless you explicitly pass --allow-host-mounts. Your filesystem stays out of reach by default.
Every call is audit-logged
Each tool invocation is written to a local audit log — what ran, when, and with which arguments — so there's always a record of what the assistant did.
Nine tools<br>The full surface, grouped by risk
Read tools are available in every mode. Write tools need Safe or Full. The one destructive tool needs Full.
Read
All modes
system_pingCheck the engine is up and reachable.
container_listList containers and their status.
container_inspectFull configuration and state for one container.
container_logsRead a container's stdout and stderr.
Write
Safe + Full
container_runStart a new container from an image.
container_execRun a command inside a running container.
container_stopGracefully stop a running container.
container_killForce-terminate a container immediately.
Destructive
Full only
container_deletePermanently remove a container.
Requirements<br>What you need
macOS 26 "Tahoe"<br>Built for the current macOS. Apple Silicon only.
Apple Silicon<br>M-series Mac required. Intel is not supported.
Apple's container engine<br>Apple's container tool installed and started before you launch Tidesman.
Trust<br>Runs locally, verifiable
Signed & notarized<br>Developer-ID signed and notarized by Apple, so Gatekeeper opens it without a fight.
Verify your download<br>Every release ships a SHA256SUMS file. Check it with shasum -c before you run anything.
No network listener<br>Tidesman speaks to your client over stdio. It opens no port and listens on no socket.
Bring a lantern to your containers
Install Tidesman, point your MCP client at it, and let your assistant see what's running.
Get started<br>View on GitHub