Tidesman: Native MCP server for Apple Container's Linux container workflows

JeronimoColon1 pts0 comments

Tidesman — a native MCP server for Apple's container tool

Skip to content

Tidesman

A native MCP server for running, understanding, and debugging Linux containers with Apple's container tool.

A watchful guide for your local containers — it talks straight to Apple's engine, so your AI assistant can see and steer them from any MCP client.

Install Tidesman

View on GitHub

macOS 26 · Apple Silicon<br>Free<br>Signed & notarized<br>Runs locally over stdio

How it works<br>It speaks to Apple's engine directly

Most tools shell out to the container command line and parse its text output. Tidesman links against Apple's own Swift client library and talks to the container engine directly — fewer moving parts, faster calls, structured results instead of scraped strings.

AI client

Claude · Codex · any MCP client

MCP<br>over stdio

Tidesman

native MCP server

Swift client<br>library

Apple's container engine

runs Linux containers

No CLI scraping. Because Tidesman uses the same client library Apple's own container command uses, it doesn't break when output formatting changes — and it returns structured data your assistant can reason about.

Safe by default<br>You decide how much it can touch

One --mode flag sets what the server is allowed to do. It starts read-only. Nothing runs, stops, or gets deleted unless you opt in.

Default<br>--mode=read-only<br>Read-only

Inspect everything, change nothing. The safe place to start.

List and inspect containers

Read logs

Ping the engine

--mode=safe<br>Safe

Everything in Read-only, plus the power to run and manage workloads.

Run and exec into containers

Stop and kill containers

No deletes

--mode=full<br>Full

Everything in Safe, plus destructive operations. Grant deliberately.

Delete containers

All read and write tools

Host mounts are off

Tidesman won't mount folders from your Mac into a container unless you explicitly pass --allow-host-mounts. Your filesystem stays out of reach by default.

Every call is audit-logged

Each tool invocation is written to a local audit log — what ran, when, and with which arguments — so there's always a record of what the assistant did.

Nine tools<br>The full surface, grouped by risk

Read tools are available in every mode. Write tools need Safe or Full. The one destructive tool needs Full.

Read

All modes

system_pingCheck the engine is up and reachable.

container_listList containers and their status.

container_inspectFull configuration and state for one container.

container_logsRead a container's stdout and stderr.

Write

Safe + Full

container_runStart a new container from an image.

container_execRun a command inside a running container.

container_stopGracefully stop a running container.

container_killForce-terminate a container immediately.

Destructive

Full only

container_deletePermanently remove a container.

Requirements<br>What you need

macOS 26 "Tahoe"<br>Built for the current macOS. Apple Silicon only.

Apple Silicon<br>M-series Mac required. Intel is not supported.

Apple's container engine<br>Apple's container tool installed and started before you launch Tidesman.

Trust<br>Runs locally, verifiable

Signed & notarized<br>Developer-ID signed and notarized by Apple, so Gatekeeper opens it without a fight.

Verify your download<br>Every release ships a SHA256SUMS file. Check it with shasum -c before you run anything.

No network listener<br>Tidesman speaks to your client over stdio. It opens no port and listens on no socket.

Bring a lantern to your containers

Install Tidesman, point your MCP client at it, and let your assistant see what's running.

Get started<br>View on GitHub

container apple tidesman containers client read

Related Articles