Tidesman app icon: a lit harbor lantern over a calm tide

Tidesman

A native MCP server for running, understanding, and debugging Linux containers with Apple's container tool.

A watchful guide for your local containers — it talks straight to Apple's engine, so your AI assistant can see and steer them from any MCP client.

macOS 26 · Apple Silicon Free Signed & notarized Runs locally over stdio
How it works

It speaks to Apple's engine directly

Most tools shell out to the container command line and parse its text output. Tidesman links against Apple's own Swift client library and talks to the container engine directly — fewer moving parts, faster calls, structured results instead of scraped strings.

No CLI scraping. Because Tidesman uses the same client library Apple's own container command uses, it doesn't break when output formatting changes — and it returns structured data your assistant can reason about.


Safe by default

You decide how much it can touch

One --mode flag sets what the server is allowed to do. It starts read-only. Nothing runs, stops, or gets deleted unless you opt in.

Default --mode=read-only

Read-only

Inspect everything, change nothing. The safe place to start.

  • List and inspect containers
  • Read logs
  • Ping the engine
--mode=safe

Safe

Everything in Read-only, plus the power to run and manage workloads.

  • Run and exec into containers
  • Stop and kill containers
  • No deletes
--mode=full

Full

Everything in Safe, plus destructive operations. Grant deliberately.

  • Delete containers
  • All read and write tools

Host mounts are off

Tidesman won't mount folders from your Mac into a container unless you explicitly pass --allow-host-mounts. Your filesystem stays out of reach by default.

Every call is audit-logged

Each tool invocation is written to a local audit log — what ran, when, and with which arguments — so there's always a record of what the assistant did.


Nine tools

The full surface, grouped by risk

Read tools are available in every mode. Write tools need Safe or Full. The one destructive tool needs Full.

Read

All modes
system_pingCheck the engine is up and reachable.
container_listList containers and their status.
container_inspectFull configuration and state for one container.
container_logsRead a container's stdout and stderr.

Write

Safe + Full
container_runStart a new container from an image.
container_execRun a command inside a running container.
container_stopGracefully stop a running container.
container_killForce-terminate a container immediately.

Destructive

Full only
container_deletePermanently remove a container.

Requirements

What you need

  • macOS 26 "Tahoe"

    Built for the current macOS. Apple Silicon only.

  • Apple Silicon

    M-series Mac required. Intel is not supported.

  • Apple's container engine

    Apple's container tool installed and started before you launch Tidesman.

Trust

Runs locally, verifiable

  • Signed & notarized

    Developer-ID signed and notarized by Apple, so Gatekeeper opens it without a fight.

  • Verify your download

    Every release ships a SHA256SUMS file. Check it with shasum -c before you run anything.

  • No network listener

    Tidesman speaks to your client over stdio. It opens no port and listens on no socket.

Bring a lantern to your containers

Install Tidesman, point your MCP client at it, and let your assistant see what's running.