Getting started

Up and running in a couple of minutes

Install the binary, point your MCP client at it, and start in read-only mode. Everything below is copy-pasteable. Tidesman needs macOS 26 on Apple Silicon, with Apple's container engine installed and started.

Install

Four ways to install

Pick whichever fits your setup. Homebrew is the simplest to keep updated.

1

Homebrew

Tap and install in one command. Upgrades come through brew upgrade.

Terminal
$ brew install JeronimoColon/tidesman/tidesman
2

.pkg installer

Prefer a graphical install? Download the signed .pkg, double-click it, and follow the prompts. It places tidesman on your PATH for you.

Download the .pkg
3

Zip archive

Grab the .zip from the releases page, unzip it, and move the binary somewhere on your PATH.

Terminal
$ unzip tidesman-0.1.0-macos-arm64.zip
$ sudo mv tidesman /usr/local/bin/
$ command -v tidesman
/usr/local/bin/tidesman
4

.mcpb bundle

For Claude Desktop and other clients that support MCP bundles: download the .mcpb file and open it. The client installs and registers the server in one step — no terminal required.

Download the .mcpb

Configure your client

Point your MCP client at Tidesman

Add a server entry keyed tidesman. Set the access level with --mode; start with read-only and raise it when you're ready.

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json and add the server, then restart Claude Desktop. Use the binary's full path — Claude Desktop doesn't inherit your shell PATH. Homebrew installs it to /opt/homebrew/bin/tidesman (the .pkg to /usr/local/bin/tidesman); run command -v tidesman to print yours.

claude_desktop_config.json
{
  "mcpServers": {
    "tidesman": {
      "command": "/opt/homebrew/bin/tidesman",
      "args": ["--mode=read-only"]
    }
  }
}

Claude Code

Register it from the terminal, or commit a .mcp.json to share it with your project.

Terminal
$ claude mcp add --transport stdio --scope user tidesman -- /opt/homebrew/bin/tidesman --mode=safe
.mcp.json
{
  "mcpServers": {
    "tidesman": {
      "command": "/opt/homebrew/bin/tidesman",
      "args": ["--mode=safe"]
    }
  }
}

Reference

The nine tools

Read tools work in every mode. Write tools require Safe or Full. The destructive tool requires Full.

ToolWhat it doesModes
system_pingCheck that Apple's container engine is up and reachable.Read · all modes
container_listList containers and their current status.Read · all modes
container_inspectReturn the full configuration and state of one container.Read · all modes
container_logsRead a container's stdout and stderr.Read · all modes
container_runStart a new container from an image.Write · safe + full
container_execRun a command inside a running container.Write · safe + full
container_stopGracefully stop a running container.Write · safe + full
container_killForce-terminate a container immediately.Write · safe + full
container_deletePermanently remove a container.Destructive · full only

Launch flags

The flags

Two flags control what Tidesman can do and what it can reach.

--mode=read-only | safe | full

Sets the access level. read-only (the default) exposes read tools only; safe adds run, exec, stop and kill; full adds delete.

--allow-host-mounts

Off unless you pass it. When set, containers may mount folders from your Mac. Leave it off to keep your filesystem out of reach.

Example
$ tidesman --mode=safe --allow-host-mounts

Verify your download

Check the checksum before you run it

Every release ships a SHA256SUMS file. Download it alongside the binary and verify, from the same folder:

Terminal
$ shasum -c SHA256SUMS
tidesman: OK

A line ending in OK means the download matches. Tidesman is also Developer-ID signed and notarized, so Gatekeeper will let it run without extra steps.

That's the whole setup

Start in read-only, watch what your assistant does in the audit log, and raise the mode when you trust it.