muthr 0.1.45

Zero-trust orchestrator for local MLX inference and container-based sandbox VMs on Apple Silicon
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243

![muthr](https://raw.githubusercontent.com/tappunk/.github/refs/heads/main/assets/muthr.webp)

[![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
[![Crates.io Version](https://img.shields.io/crates/v/muthr?color=orange&cacheSeconds=3600)](https://crates.io/crates/muthr)
[![GitHub Release](https://img.shields.io/github/v/release/tappunk/muthr?color=blue)](https://github.com/tappunk/muthr/releases)
[![X Follow](https://img.shields.io/twitter/follow/tappunk?style=social)](https://x.com/tappunk)

# muthr

**Zero-trust orchestrator for local AI on Apple Silicon. Manages MLX GPU inference, per-project Linux containers, and MCP service routing.**

[Installation](#installation) • [Quick Start](#quick-start) • [Usage](#usage) • [Architecture](#architecture) • [MCP Compatibility](#mcp-compatibility) • [Configuration](#configuration)

## Features

- **GPU accelerated inference** — mlxcel-server on the host with Metal support, automatic VRAM tuning, and preset profile management
- **Per-project sandbox containers** — container-based sandboxes with workspace mounts and profile-based provisioning (base, opencode)
- **MCP services** — persistent services container with MCP server and SearXNG for agent tool access
- **Zero-trust isolation** — agents get full read-write workspace access but zero host OS, SSH key, or filesystem exposure
- **Full lifecycle**`muthr run` boots the complete stack `muthr shutdown` stops everything with timeout management
- **Model management** — mlx downloads from HuggingFace with progress bars, directory organization, and HF token auth
- **Machine readable output** — JSON and NDJSON modes for all commands to support automation and agent pipelines
- **Shell completions** — generated completions for bash, zsh, fish, and powershell

## Installation

### Homebrew

```bash
brew install tappunk/muthr/muthr
```

### Cargo

```bash
cargo install muthr
```

### Prebuilt binaries

Download from [GitHub Releases](https://github.com/tappunk/muthr/releases).

## Quick Start

```bash
muthr init                   # Clone runtime profiles and container definitions
muthr download mlx-community/Qwen3.6-35B-A3B-4bit \
               config.json  # Download a model
muthr run                    # Boot inference engine + services container
muthr sandbox start          # Create a sandbox for the current project
```

That is all you need to have a zero-trust local AI agent running.

> **Lower memory or bandwidth?** Use the efficient preset after init: `muthr engine start --profile mlxcel/efficient-qwen3.5-9b-mlx-4bit.ini`.

## Usage

### Manage the inference engine

```bash
muthr engine start           # Start mlxcel-server with preset selection
muthr engine start --profile mlxcel/quality-qwen3.6-35b-a3b-4bit.ini
muthr engine stop            # Stop mlxcel runtime
muthr engine presets         # List available preset profiles
muthr engine status          # Check engine state
```

### Provision sandbox containers

```bash
cd ~/src/myproject
muthr sandbox start          # Create sandbox with profile prompt
muthr sandbox start --profile opencode   # Create with a specific profile
muthr sandbox ls             # List all managed sandboxes
muthr sandbox stop           # Stop the active sandbox
muthr sandbox delete         # Delete the active sandbox
```

### Manage the services container

```bash
muthr services start           # Create and provision the muthr-services container
muthr services stop            # Stop the services container
muthr services status          # Check services container state
muthr services restart         # Stop and restart the services container
muthr services delete          # Delete the services container (requires --yes or --force)
```

### Full stack lifecycle

```bash
muthr run                    # Boot inference engine + services container
muthr shutdown               # Stop everything with timeout management
```

### Download models

```bash
muthr download org/model config.json
muthr download https://huggingface.co/org/model/resolve/main/config.json
muthr download mlx-community/Qwen3.6-35B-A3B-4bit
muthr download https://huggingface.co/mlx-community/Qwen3.6-35B-A3B-4bit/tree/main
```

When no filename is provided, `muthr download` downloads the full repository file set at the requested revision.

### Manage configuration

```bash
muthr config init            # Create muthr.toml (use --force to overwrite)
muthr config show            # Print resolved configuration
```

### Shell completions

```bash
muthr completion zsh         # Add to ~/.zshrc
muthr completion bash        # Add to /etc/bash_completion.d/
muthr completion fish        # Add to fish completion directory
muthr completion powershell  # Add to PowerShell profile
```

## Architecture

```
┌────────────────────────── macOS Host ──────────────────────────┐
│                                                                │
│  ┌──────────────┐        ┌────────────────────┐                │
│  │ mlxcel-server│        │ muthr-services     │                │
│  │  (Metal GPU) │        │                    │                │
│  └──────┬───────┘        │  ┌──────────────┐  │                │
│         │                │  │ MCP Server   │  │                │
│         │                │  │ SearXNG      │  │                │
│         │                │  └──────────────┘  │                │
│  ┌──────┴───────┐        │  (runs contin.)    │                │
│  │ Containers   │        └────────────────────┘                │
│  │              │                                              │
│  │ ┌──────────┐ │                                              │
│  │ │ Agent    │ │                                              │
│  │ │ code     │ │                                              │
│  │ │          │ │                                              │
│  │ │ workspace│ │── read-write mount ────────┐                 │
│  │ │ inference│ │── read-only API call ──────┤                 │
│  │ │ MCP tools│ │── read-only RPC call ──────┤                 │
│  │ └──────────┘ │                            │                 │
│  └──────────────┘                            │                 │
│                                              │                 │
│  ┌──────────────────────────────────────────────────────────┐  │
│  │  ZERO-TRUST BOUNDARY                                     │  │
│  │                                                          │  │
│  │  Host OS / SSH keys / secrets  ────  NOT accessible      │  │
│  │                                          to agent        │  │
│  └──────────────────────────────────────────────────────────┘  │
│                                                                │
└────────────────────────────────────────────────────────────────┘
```

muthr orchestrates three layers: the inference engine on the host, a persistent services container for MCP tool access, and per-project sandbox containers for agent execution. Agents connect to the host inference server and services container over the container network. The workspace directory is mounted read-write into each sandbox container so agents can read and modify project files. The host OS, SSH keys, and sensitive files are never mounted into any sandbox.

## MCP Compatibility

The `muthr-services` container provides a persistent MCP server and SearXNG instance for agent tool access:

```
mcp://  →  MCP server for tool calling
searxng →  web search via SearXNG
```

The services container is provisioned during `muthr run` and runs continuously until `muthr shutdown`. Agents connect to it from their sandbox containers over the container network.

## Configuration

muthr stores configuration in `~/.config/muthr/` and runtime state in `~/.cache/muthr/`.

**Configuration files:**

- `~/.config/muthr/muthr.toml` — main config file (server port, workspace root, model directory, default profile, default engine runtime)
- `~/.config/muthr/provider.d/mlxcel/*.ini` — mlxcel preset profiles (model paths and sampling defaults)
- `~/.config/muthr/sandbox.d/container/manifests/` — container profile metadata
- `~/.config/muthr/sandbox.d/container/provision.d/` — profile-specific boot scripts
- `~/.config/muthr/clients/` — client config templates (reference only)

For `mlxcel`, muthr currently maps these preset keys to CLI flags:

- global: `host`, `port`
- slot: `model`, `max-output-tokens`, `temp`, `top-p`, `top-k`, `min-p`, `repeat-penalty`

Known-good `mlxcel` preset for `mlx-community/Qwen3.6-35B-A3B-4bit` (`mlxcel/quality-qwen3.6-35b-a3b-4bit.ini`):

```ini
[*]
host = 0.0.0.0
port = 8080

[01-qwen3-6-35b-a3b-4bit]
model = /Users/user/opt/models/mlx-community/Qwen3.6-35B-A3B-4bit
max-output-tokens = 131072
```

Equivalent command:

```bash
mlxcel-server -m /Users/user/opt/models/mlx-community/Qwen3.6-35B-A3B-4bit \
  --port 8080 \
  --host 0.0.0.0 \
  --predict 131072
```

**Runtime selection precedence (highest to lowest):**

1. CLI flag (`--runtime`, currently only `mlxcel`)
2. Environment variable (`MUTHR_ENGINE_RUNTIME`, must be `mlxcel`)
3. Config value (`default_engine_runtime` in `muthr.toml`, must be `mlxcel`)
4. Built-in fallback (`mlxcel`)

Example:

```bash
MUTHR_ENGINE_RUNTIME=mlxcel muthr run
```

**Environment variable overrides:**

```bash
MUTHR_SERVER_PORT          # Override server port (default: 8080)
MUTHR_WORKSPACE_ROOT       # Override workspace root directory
MUTHR_MODEL_DIR            # Override model storage directory
MUTHR_PROVISION_PROFILE    # Override default provision profile
MUTHR_ENGINE_RUNTIME       # Override default engine runtime (mlxcel)
MUTHR_CONTAINER_HOST_GATEWAY  # Optional override for container host gateway
```

**Profile system:**

Profiles define container resources and boot scripts. Available profiles:

- `base` — Minimal Debian 13 container with shell access only
- `opencode` — Full opencode AI setup with MCP service integration

Profile manifests are optional — create `<profile>.yaml` only if you need different container resources. muthr falls back to `base-sandbox.yaml` for profiles without a specific manifest.

All profile configs, sandbox manifests, and provision scripts are managed via [muthr-specs](https://github.com/tappunk/muthr-specs). Run `muthr init` to pull the latest profiles.