
muthr
[!NOTE] Experimental not for production use
Zero-trust orchestrator for MLX inference, container-based sandboxes, and MCP services on Apple Silicon.
Installation · Quick Start · Usage · Architecture · MCP Compatibility · Configuration
Features
- MLX host inference — manages
mlxcel-serverlifecycle on macOS with OpenAI-compatible API surface - Per-project sandbox containers — container-based sandboxes with workspace mounts and profile-based provisioning (
base,opencode) - MCP services — persistent services containers with MCP bridge and SearXNG for agent tool access
- Zero-trust isolation — agents get workspace access without host OS, SSH keys, or home directory exposure
- Full lifecycle —
muthr runboots engine + services,muthr shutdowntears down owned components - Machine-readable output — JSON and NDJSON support on status/list commands for automation
- Shell completions — generated completions for bash, zsh, fish, and powershell
Installation
Homebrew
Cargo
Prebuilt binaries
Download from GitHub Releases.
Quick Start
Usage
Manage the inference engine
Provision sandbox containers
Manage the services container
Full stack lifecycle
Manage configuration
Shell completions
Architecture
┌────────────────────────── macOS Host ──────────────────────────┐
│ │
│ ┌──────────────┐ ┌────────────────────┐ │
│ │ mlxcel-server│ │ muthr-services │ │
│ │ (Metal GPU) │ │ │ │
│ └──────┬───────┘ │ ┌──────────────┐ │ │
│ │ │ │ MCP Bridge │ │ │
│ │ │ │ SearXNG │ │ │
│ ┌──────┴───────┐ │ └──────────────┘ │ │
│ │ Sandboxes │ └────────────────────┘ │
│ │ (container) │ │
│ └──────────────┘ │
│ │
│ Agent access: workspace mount + OpenAI URL + MCP tools only │
│ Host secrets/SSH keys/home remain outside sandbox boundary │
│ │
└────────────────────────────────────────────────────────────────┘
muthr orchestrates three layers: host inference (mlxcel-server), persistent services containers, and per-project sandbox containers for agent execution.
Engine Runtime
muthr is mlxcel-only.
Runtime selection precedence (highest to lowest):
- CLI flag (
--runtimeonmuthr run, must bemlxcel) - Environment variable (
MUTHR_ENGINE_RUNTIME, must bemlxcel) - Config value (
default_engine_runtimeinmuthr.toml, must bemlxcel) - Built-in fallback (
mlxcel)
muthr engine start does not accept a runtime flag.
MCP Compatibility
muthr-services provides the persistent MCP + SearXNG integration layer used by sandboxed agents.
- SearXNG endpoint (host):
http://127.0.0.1:18766 - MCP access: stdio bridge through
muthr-servicescontainer
Configuration
muthr stores config in ~/.config/muthr/ and runtime state in ~/.cache/muthr/.
Configuration files:
~/.config/muthr/muthr.toml— server port, workspace root, model dir, default provision profile, engine runtime, default engine profile~/.config/muthr/sandbox.d/container/manifests/— container profile metadata~/.config/muthr/sandbox.d/container/provision.d/— profile provisioning scripts~/.config/muthr/clients/— reference templates
Model identity is a Hugging Face repository ID end-to-end (for example mlx-community/Qwen3.5-9B-MLX-4bit).
Environment variable overrides:
Profile system:
base— minimal Debian 13 container with shell accessopencode— opencode setup with MCP integration
All profile assets are managed via muthr-specs. Run muthr init to refresh local config.