muthr
muthr is a zero-trust orchestrator for local AI on Apple Silicon. It runs inference engines on the host, isolates agent runtimes inside per-project containers, and provides stable service endpoints for MCP and search tooling.
muthr follows Unix design principles:
- subcommands grouped by lifecycle domain
- scriptable output (
text,json,ndjson) - explicit defaults you must override intentionally
- safe behavior when context is missing
Why this exists
Agent stacks execute package installers, shell commands, generated scripts, and network clients with broad filesystem access. A compromised dependency gives an attacker access to your credentials, keys, and system files.
muthr reduces that risk through enforced boundaries:
- run agent execution inside sandbox containers
- keep host-only assets outside container mounts
- gate runtime context with explicit env contracts
- log every sandbox session for audit and incident review
Core model
- Host inference runtime
mlxcel-server,llama-server, orvllm-mlxmanaged bymuthr engine
- Persistent services plane
muthr-services+muthr-searxngmanaged bymuthr services
- Per-project sandbox
- one container per project directory, managed by
muthr sandbox
- one container per project directory, managed by
The default muthr run path boots engine + services, then you enter project sandboxes as needed.
Read next
Acknowledgements
muthr depends on these projects:
See also: Quickstart · Concepts · Security