๐Ÿบ Brewed for Apple Silicon  ยท  macOS 26+  ยท  No Docker
๐ŸŽ

Throwaway Linux VMs,
native on your Mac.

Ciderbox replaces Docker with Apple's container CLI โ€” sub-second boots, dedicated IPs, hypervisor isolation. Now with Ciderbox Console โ€” a native Mac app for managing containers through a browser UI.

Download Ciderbox Console
$ curl -LO https://github.com/mentholmike/ciderbox/releases/download/v1.2.1/Ciderbox-Console.dmg
# Open the .dmg, drag to Applications, and launch
Download v1.2.1 โ†“ Quick Start โ†’

๐Ÿ“– Overview

Ciderbox is a fork of crabbox stripped to a single provider: Apple's native container CLI. Instead of routing through Docker Desktop, OrbStack, or a remote broker, ciderbox spins up real Linux VMs directly on your Apple Silicon hardware โ€” using the same hypervisor that powers macOS virtualization.

The result is a tight local loop: init a project, write a .ciderbox.yaml, run ciderbox compile-test, and get a pass/fail result from an isolated Linux VM. Add more distros when you need a matrix โ€” no cloud account, no per-minute billing, no daemon socket to babysit.

Ciderbox is Apple Silicon only. It requires macOS 26+ for direct container IP reachability. If you need cross-platform or cloud capacity, see the upstream crabbox project.

What you get

โšก
Sub-second boots
After first image pull, VMs start in <1s
๐ŸŒ
Dedicated IPs
No port collision โ€” each VM gets its own address
๐Ÿ”’
Hypervisor isolation
Each lease is a real VM, not a container process
๐Ÿงช
Compile-test matrix
Parallel runs across distros, pass/fail grid output
๐Ÿ 
Native home mount
Your Mac $HOME is visible inside VMs
๐ŸŒฟ
Orchard swarm
Run distributed AI agent workloads across a VM fleet

โœ… Requirements

RequirementDetail
Apple SiliconM1, M2, M3, M4 โ€” any Apple Silicon Mac
macOS 26+Required for direct container IP reachability
container CLIApple's open-source VM tool โ€” see install instructions below
HomebrewRequired for adding the ciderbox tap
Go 1.22+Only if building from source

Install Apple container CLI

# Download the latest .pkg from GitHub releases
$ open https://github.com/apple/container/releases

# Install and start the system service
$ sudo installer -pkg container-*.pkg -target /
$ container system start

# Verify
$ container --version

๐Ÿ“ฆ Install

Ciderbox Console (recommended)

The easiest way to use Ciderbox. Download the Mac app with everything bundled.

$ curl -LO https://github.com/mentholmike/ciderbox/releases/download/v1.2.0/Ciderbox-Console.dmg
$ open Ciderbox-Console.dmg
# Drag Ciderbox Console.app to Applications, then open it
Ciderbox Console includes the CLI, browser UI, and bundled Apple Container installer. On first launch, it checks for Apple Container updates and asks permission to run the background service.

Homebrew

For CLI-only use or automation:

$ brew tap mentholmike/ciderbox
$ brew install ciderbox

From source

$ git clone https://github.com/mentholmike/ciderbox.git
$ cd ciderbox
$ go build -o ciderbox ./cmd/ciderbox
$ sudo install -m 0755 ciderbox /usr/local/bin/ciderbox

Verify the install

$ ciderbox doctor
# checks: Apple container CLI, SSH keys, macOS version

๐Ÿš€ Quick Start

Run this after ciderbox --version works locally from the source install above.

1 โ€” Start in any project directory

$ mkdir -p /tmp/cider-demo
$ cd /tmp/cider-demo
$ ciderbox init
# creates .ciderbox.yaml in the directory where you ran it

Ciderbox treats the current directory as the project root. During a run, it syncs that directory into the VM under a workdir like /work/ciderbox/cider-demo, then executes your command there.

2 โ€” Use one distro first

Edit .ciderbox.yaml:

project: cider-demo
compileTest:
  distros:
    - name: debian
      image: debian:bookworm
  command: "pwd && uname -a"
  parallel: false
commands:
  build: "make build"

3 โ€” Run the test environment

$ ciderbox compile-test
# sync: /tmp/cider-demo -> /work/ciderbox/cider-demo
# ubuntu โœ“ passed
# /work/ciderbox/cider-demo
# Linux ciderbox-abc123 ... aarch64 GNU/Linux

4 โ€” Run a one-off command

$ ciderbox run -- pwd
# /work/ciderbox/cider-demo

5 โ€” Knock it down

$ ciderbox chop
# terminated active ciderbox VMs

๐Ÿงช Distros Tested / Supported

Start with one distro while you are proving the loop. When the command is stable, add the rest to compileTest.distros and turn on parallel: true.

NameImagePackage manager
Debiandebian:bookwormapt-get
Ubuntuubuntu:26.04apt-get
Alpinealpine:latestapk
Fedorafedora:latestdnf
Rocky Linuxrockylinux:9dnf / yum
openSUSE Leapopensuse/leap:latestzypper
 
compileTest:
  distros:
    - name: debian
      image: debian:bookworm
    # - name: ubuntu
    #   image: ubuntu:26.04
    # - name: alpine
    #   image: alpine:latest
    # - name: fedora
    #   image: fedora:latest
    # - name: rocky
    #   image: rockylinux:9
  command: "make test"
  parallel: true

โŒจ๏ธ Command Reference

ciderbox initScaffold a .ciderbox.yaml in the current directory
ciderbox compile-testRun your test command in parallel across all configured distros. Outputs a pass/fail grid with timing.
ciderbox buildSingle-distro build using the build config block
ciderbox run -- <cmd>One-off command in a fresh VM. VM is torn down when the command exits.
ciderbox run --keep -- <cmd>Run a command and keep the VM alive for follow-up inspection or reuse
ciderbox doctorCheck that the Apple container CLI, SSH keys, and macOS version are all good
ciderbox listShow all active leases with IDs, slugs, and uptime
ciderbox stop <id>Stop a specific lease by ID or slug
ciderbox chopKill all active ciderbox VMs.
ciderbox orchard <sub>Manage AI agent swarms โ€” see the Orchard section

โš™๏ธ Configuration

All project config lives in .ciderbox.yaml at your repo root. Run ciderbox init to generate a starter file.

Starter schema

project: my-project

compileTest:
  distros:
    - name: debian
      image: debian:bookworm
  command: "make test"
  parallel: false
  dependencies: [build-essential, libssl-dev]  # optional

commands:
  build: "make build"

run:
  provider: apple-container
  image: debian:bookworm

Runtime dependencies

The dependencies key installs packages at VM boot before your command runs. Ciderbox detects the available package manager and supports apt-get, apk, dnf, yum, pacman, and zypper. On Debian/Ubuntu this translates to:

apt-get update && apt-get install -y --no-install-recommends \
  build-essential libssl-dev python3 && make test

Alpine uses apk add, Fedora/Rocky use dnf or yum, and openSUSE uses zypper. See Distros Tested / Supported when you want to expand from one image to a matrix.

๐Ÿ–ฅ๏ธ Ciderbox Console UI

Ciderbox Console is a native Mac app that provides a browser-based UI for managing your containers and orchards. No command line required โ€” everything from planting trees to harvesting results is visual.

Login

The console runs locally on 127.0.0.1:7654 with password authentication. On first launch, you set a password through the setup flow. No accounts, no cloud โ€” just your machine.

Ciderbox Console login screen

Dashboard

The main dashboard shows your orchards (swarms of containers) and individual trees (VMs). Each tree gets its own IP address, status, and quick-action buttons. The sidebar provides a hierarchical view: Datacenter โ†’ Node โ†’ Orchard โ†’ Tree.

Ciderbox Console dashboard showing running trees

Creating Orchards

Click + Plant Tree for a single container, or + Create Orchard for a managed swarm. Choose from pre-configured Linux images โ€” Debian, Ubuntu, Alpine, Fedora, Rocky, Arch โ€” or specify a custom image. Configure CPU, memory, and mesh topology per tree.

Creating an orchard with Linux flavor selection

Console & Terminal

Every tree has a Terminal button that opens a real inline terminal. Commands run directly inside the VM as root โ€” no SSH needed. The terminal features:

  • Real inline terminal โ€” dark terminal with proper prompt, input line at bottom, output above
  • No re-renders โ€” output appends to the terminal, page never refreshes, focus stays on input
  • Real-time streaming โ€” stdout, stderr, and system messages appear instantly as they arrive
  • ANSI color support โ€” colored output from commands is preserved in the terminal
  • Command history โ€” press โ†‘/โ†“ to navigate previous commands, persistent across sessions
  • Busy indicator โ€” spinner on submit button, "running" status, input disabled during execution
  • Auto-scroll โ€” terminal automatically scrolls to show latest output

Orchard Mechanics

The orchard commands follow a gardening metaphor. Each action maps to a specific lifecycle operation:

๐ŸŒฑ PlantCreate a new orchard or tree. Spins up VMs from the chosen Linux image, assigns IPs, and starts the container runtime. The dashboard shows real-time progress as each tree boots.
โœ‚๏ธ TendHealth check โ€” verify all trees in the orchard are running and responsive. Restarts any that have stopped. Run this after waking your Mac or resuming work. Visual feedback shows a spinner while checking and a toast when complete.
๐ŸŒพ HarvestCollect results from a completed task across all trees. Gathers output files, logs, and any artifacts the agents produced. Downloads everything to your local machine for review. A toast notification confirms when harvest is complete.
๐ŸŽ PressAggregate and summarize harvested results into a single report. Useful when you ran the same task across multiple trees and want a unified view โ€” like a "press" extracting juice from many apples. Results appear in the Command Output panel with a completion toast.
๐Ÿ”ช ChopDestroy the entire orchard and all its trees. Cleans up containers, releases IPs, and removes state. Irreversible โ€” use when you're done with the swarm or want to start fresh. Requires confirmation.
๐Ÿชœ GraftInstall the OpenClaw agent runtime onto a tree. After planting, each tree is just a bare Linux VM. Grafting installs the agent software that lets it accept tasks, run skills, and communicate with the mesh. Do this once per tree after planting. The UI shows a โœ“ when grafted and a ๐Ÿชœ Graft button when not. Use "Graft All" to install on every tree at once.

Visual Feedback & Notifications

The console provides clear visual feedback for all operations:

  • Toast notifications โ€” bottom-left popups for success, error, and info messages
  • Loading spinners โ€” buttons show spinners during operations, disabled until complete
  • Graft status indicators โ€” โœ“ on grafted trees, ๐Ÿชœ button on ungrafted trees, banner when orchard needs grafting
  • Command Output panel โ€” bottom panel shows stdout, stderr, and timing for all operations
  • Live status dots โ€” green for running, amber for provisioning, red for errors

๐ŸŒฟ Orchard โ€” AI Agent Swarm

Orchard is a swarm management layer built on top of ciderbox VMs. It spins up a fleet of identical Linux VMs ("trees"), installs an AI agent runtime on each, and coordinates distributed workloads across them.

Orchard is experimental (v1.0). See ORCHID.md for the full spec.

Demo โ€” start to finish

$ mkdir -p /tmp/orchard-demo
$ cd /tmp/orchard-demo
$ ciderbox orchard init
$ ciderbox orchard plant
# Planted 1/1 trees.

$ ciderbox orchard graft --all
# installs Node 22 + OpenClaw, writes identity + openclaw.json
# validates OpenClaw config inside each tree

$ ciderbox orchard run --task "inspect this tree"
$ ciderbox orchard run -- "inspect this tree"
$ ciderbox orchard harvest --output results.json
$ ciderbox orchard press --input results.json

$ ciderbox orchard chop --yes
# Chopped 1/1 trees.

.orchard.yaml

name: my-orchard
trees: 1
template:
  image: debian:bookworm
  cpus: 2
  memory: 2G
agent:
  identity: archimedes-clone
  skills: []
  model: CHANGE_ME
  command: cd "${ORCHARD_WORKSPACE:-/root/.openclaw/workspace}" && openclaw --log-level silent agent --local --agent main --message "$ORCHARD_TASK"
secrets:
  envFile: .orchid.env
  required: []
workspace:
  sync: true
  path: /work/ciderbox

What we verified

The v1.0 smoke planted a Debian tree through Apple Container, grafted Node 22 and OpenClaw 2026.6.5, generated openclaw.json, ran openclaw config validate inside the tree, then chopped the tree cleanly.

๐Ÿ” How It Works

Ciderbox is a Go CLI that wraps Apple's container binary. There is no broker, no cloud account, no daemon socket โ€” just your Mac's hypervisor.

/tmp/cider-demo (where you ran ciderbox init) โ”‚ โ”‚ ciderbox CLI โ”‚ โ–ผ Apple container CLI โ”‚ โ””โ”€โ”€โ–ถ VM: debian:bookworm โ”‚ โ”œโ”€โ”€ tar sync โŸถ /work/ciderbox/cider-demo โ”œโ”€โ”€ exec โŸถ run your command there โ””โ”€โ”€ collect โŸถ stdout, stderr, exit code, timing โ”‚ โ–ผ pass/fail grid + timing โ”€โ”€โ–ถ back to your terminal

Each VM gets its own IP address (no port mapping), boots from a cached image, receives your project files via a tar stream, runs your command, and is torn down on exit. The directory name becomes the default project workdir; if you run it from /Users/alice/src/api, the VM side is effectively /work/ciderbox/api. The run --keep flag keeps a VM alive for repeated checks or inspection.

๐Ÿฆ€ vs Crabbox

Ciderbox is a focused fork โ€” it does less, but does it without dependencies.

Featurecrabboxciderbox
RuntimeDocker / OrbStack / Colima / cloudApple container CLI
NetworkingPort publishingDirect VM IPs
Target hardwareCloud + local (x86 + ARM)Apple Silicon Macs only
Broker requiredโœ“ for cloud providersโœ— fully local
Compile-test matrixnot built-inโœ“ first-class
Config formatflags / env.ciderbox.yaml
Cleanupper-leasechop โ€” all at once
AI agent swarmโ€”โœ“ Orchard (v1.0)

๐Ÿ›  Troubleshooting

"apple-container provider not found"

The Apple container CLI isn't installed or the system service hasn't started.

$ sudo installer -pkg container-*.pkg -target /
$ container system start
$ ciderbox doctor   # should pass now

"container stopped before network address assigned"

The image exited before Ciderbox could prepare the workspace. Try a standard base image first, then add project dependencies through dependencies.

"No active ciderbox containers found" after chop

$ ciderbox chop
# terminates active ciderbox VMs

๐Ÿ“‹ Changelog

v1.2.0 โ€” Ciderbox Console

Introducing Ciderbox Console โ€” a native Mac app that wraps the CLI in a guided setup experience.

  • Ciderbox Console.app โ€” Native Mac app with bundled Apple Container installer
  • Guided setup flow โ€” Checks for runtime updates, asks background service permission, prompts to open UI
  • Browser-based UI โ€” Manage containers, orchards, and trees through a local web interface
  • Linux image selection โ€” Choose from Debian, Ubuntu, Alpine, Fedora, Rocky, Arch
  • Live dashboard โ€” Real-time updates for container status and health

v1.0.0 โ€” Ciderbox is Born

Forked from crabbox to focus exclusively on Apple Silicon native containers. No Docker, no cloud brokers, no SSH bootstrap โ€” just container run and go.

  • Apple container CLI provider for sub-second Linux VM boots
  • Direct container IP networking โ€” no port collision, no port publishing
  • compile-test command for first-class multi-distro testing
  • orchard command suite for AI agent swarms
  • .ciderbox.yaml project configuration format
  • Homebrew tap: brew tap mentholmike/ciderbox

v0.2.0 โ€” Orchid

Added the orchard command suite for distributed AI agent workloads. Uses container exec (no SSH required for tree management). Supports swarm manifests via .orchard.yaml.

v0.1.0 โ€” Initial Fork

Forked from crabbox, stripped to apple-container provider only. Added compile-test for multi-distro testing, build for single-distro builds, and chop cleanup. Fixed shell command parsing and added macOS 26 version gate.