Tidesman
A native MCP server for running, understanding, and debugging Linux containers with Apple's container tool.
A watchful guide for your local containers — it talks straight to Apple's engine, so your AI assistant can see and steer them from any MCP client.
It speaks to Apple's engine directly
Most tools shell out to the container command line and parse its text output. Tidesman links against Apple's own Swift client library and talks to the container engine directly — fewer moving parts, faster calls, structured results instead of scraped strings.
No CLI scraping. Because Tidesman uses the same client library Apple's own container command uses, it doesn't break when output formatting changes — and it returns structured data your assistant can reason about.
You decide how much it can touch
One --mode flag sets what the server is allowed to do. It starts read-only. Nothing runs, stops, or gets deleted unless you opt in.
Read-only
Inspect everything, change nothing. The safe place to start.
- List and inspect containers
- Read logs
- Ping the engine
Safe
Everything in Read-only, plus the power to run and manage workloads.
- Run and exec into containers
- Stop and kill containers
- No deletes
Full
Everything in Safe, plus destructive operations. Grant deliberately.
- Delete containers
- All read and write tools
Host mounts are off
Tidesman won't mount folders from your Mac into a container unless you explicitly pass --allow-host-mounts. Your filesystem stays out of reach by default.
Every call is audit-logged
Each tool invocation is written to a local audit log — what ran, when, and with which arguments — so there's always a record of what the assistant did.
The full surface, grouped by risk
Read tools are available in every mode. Write tools need Safe or Full. The one destructive tool needs Full.
Read
All modessystem_pingCheck the engine is up and reachable.container_listList containers and their status.container_inspectFull configuration and state for one container.container_logsRead a container's stdout and stderr.Write
Safe + Fullcontainer_runStart a new container from an image.container_execRun a command inside a running container.container_stopGracefully stop a running container.container_killForce-terminate a container immediately.Destructive
Full onlycontainer_deletePermanently remove a container.What you need
-
macOS 26 "Tahoe"
Built for the current macOS. Apple Silicon only.
-
Apple Silicon
M-series Mac required. Intel is not supported.
-
Apple's container engine
Apple's
containertool installed and started before you launch Tidesman.
Runs locally, verifiable
-
Signed & notarized
Developer-ID signed and notarized by Apple, so Gatekeeper opens it without a fight.
-
Verify your download
Every release ships a
SHA256SUMSfile. Check it withshasum -cbefore you run anything. -
No network listener
Tidesman speaks to your client over stdio. It opens no port and listens on no socket.
Bring a lantern to your containers
Install Tidesman, point your MCP client at it, and let your assistant see what's running.