muthr
Zero-trust orchestrator for local AI on Apple Silicon. Manages MLX GPU inference, per-project Linux containers, and MCP service routing.
Installation • Quick Start • Usage • Architecture • MCP Compatibility • Configuration
Features
- GPU accelerated inference — mlxcel-server on the host with Metal support, automatic VRAM tuning, and preset profile management
- Per-project sandbox containers — container-based sandboxes with workspace mounts and profile-based provisioning (base, opencode)
- MCP services — persistent services container with MCP server and SearXNG for agent tool access
- Zero-trust isolation — agents get full read-write workspace access but zero host OS, SSH key, or filesystem exposure
- Full lifecycle —
muthr runboots the complete stackmuthr shutdownstops everything with timeout management - Model management — mlx downloads from HuggingFace with progress bars, directory organization, and HF token auth
- Machine readable output — JSON and NDJSON modes for all commands to support automation and agent pipelines
- Shell completions — generated completions for bash, zsh, fish, and powershell
Installation
Homebrew
Cargo
Prebuilt binaries
Download from GitHub Releases.
Quick Start
That is all you need to have a zero-trust local AI agent running.
Lower memory or bandwidth? Use the efficient preset after init:
muthr engine start --profile mlxcel/efficient-qwen3.5-9b-mlx-4bit.ini.
Usage
Manage the inference engine
Provision sandbox containers
Manage the services container
Full stack lifecycle
Download models
When no filename is provided, muthr download downloads the full repository file set at the requested revision.
Manage configuration
Shell completions
Architecture
┌────────────────────────── macOS Host ──────────────────────────┐
│ │
│ ┌──────────────┐ ┌────────────────────┐ │
│ │ mlxcel-server│ │ muthr-services │ │
│ │ (Metal GPU) │ │ │ │
│ └──────┬───────┘ │ ┌──────────────┐ │ │
│ │ │ │ MCP Server │ │ │
│ │ │ │ SearXNG │ │ │
│ │ │ └──────────────┘ │ │
│ ┌──────┴───────┐ │ (runs contin.) │ │
│ │ Containers │ └────────────────────┘ │
│ │ │ │
│ │ ┌──────────┐ │ │
│ │ │ Agent │ │ │
│ │ │ code │ │ │
│ │ │ │ │ │
│ │ │ workspace│ │── read-write mount ────────┐ │
│ │ │ inference│ │── read-only API call ──────┤ │
│ │ │ MCP tools│ │── read-only RPC call ──────┤ │
│ │ └──────────┘ │ │ │
│ └──────────────┘ │ │
│ │ │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ ZERO-TRUST BOUNDARY │ │
│ │ │ │
│ │ Host OS / SSH keys / secrets ──── NOT accessible │ │
│ │ to agent │ │
│ └──────────────────────────────────────────────────────────┘ │
│ │
└────────────────────────────────────────────────────────────────┘
muthr orchestrates three layers: the inference engine on the host, a persistent services container for MCP tool access, and per-project sandbox containers for agent execution. Agents connect to the host inference server and services container over the container network. The workspace directory is mounted read-write into each sandbox container so agents can read and modify project files. The host OS, SSH keys, and sensitive files are never mounted into any sandbox.
MCP Compatibility
The muthr-services container provides a persistent MCP server and SearXNG instance for agent tool access:
mcp:// → MCP server for tool calling
searxng → web search via SearXNG
The services container is provisioned during muthr run and runs continuously until muthr shutdown. Agents connect to it from their sandbox containers over the container network.
Configuration
muthr stores configuration in ~/.config/muthr/ and runtime state in ~/.cache/muthr/.
Configuration files:
~/.config/muthr/muthr.toml— main config file (server port, workspace root, model directory, default profile, default engine runtime)~/.config/muthr/provider.d/mlxcel/*.ini— mlxcel preset profiles (model paths and sampling defaults)~/.config/muthr/sandbox.d/container/manifests/— container profile metadata~/.config/muthr/sandbox.d/container/provision.d/— profile-specific boot scripts~/.config/muthr/clients/— client config templates (reference only)
For mlxcel, muthr currently maps these preset keys to CLI flags:
- global:
host,port - slot:
model,max-output-tokens,temp,top-p,top-k,min-p,repeat-penalty
Known-good mlxcel preset for mlx-community/Qwen3.6-35B-A3B-4bit (mlxcel/quality-qwen3.6-35b-a3b-4bit.ini):
[*]
host = 0.0.0.0
port = 8080
[01-qwen3-6-35b-a3b-4bit]
model = /Users/user/opt/models/mlx-community/Qwen3.6-35B-A3B-4bit
max-output-tokens = 131072
Equivalent command:
Runtime selection precedence (highest to lowest):
- CLI flag (
--runtime, currently onlymlxcel) - Environment variable (
MUTHR_ENGINE_RUNTIME, must bemlxcel) - Config value (
default_engine_runtimeinmuthr.toml, must bemlxcel) - Built-in fallback (
mlxcel)
Example:
MUTHR_ENGINE_RUNTIME=mlxcel
Environment variable overrides:
Profile system:
Profiles define container resources and boot scripts. Available profiles:
base— Minimal Debian 13 container with shell access onlyopencode— Full opencode AI setup with MCP service integration
Profile manifests are optional — create <profile>.yaml only if you need different container resources. muthr falls back to base-sandbox.yaml for profiles without a specific manifest.
All profile configs, sandbox manifests, and provision scripts are managed via muthr-specs. Run muthr init to pull the latest profiles.