CLI for Tytus by Traylinx — your private AI pod, driven from any terminal.
tytus is a Rust CLI that opens a userspace WireGuard tunnel from your laptop
to your private Tytus pod and exposes its OpenAI-compatible LLM gateway through
a stable URL + stable API key. The pair you paste into Cursor / Claude Desktop /
OpenCode / any OpenAI-compatible tool never changes — even if your pod gets
rotated, your droplet migrates, or you switch agent runtimes.
curl -fsSL https://get.traylinx.com/install.sh | bash
tytus setupThat's it. The wizard logs you in, allocates a pod, opens the tunnel, and runs a sample chat. After setup, your stable values for any AI tool are:
eval "$(tytus env --export)"
echo $OPENAI_BASE_URL # http://10.42.42.1:18080/v1 (constant forever)
echo $OPENAI_API_KEY # sk-tytus-user-<32hex> (per user, persistent)Tytus is a private AI pod product. Each Traylinx subscriber gets their own
isolated slice of a droplet — a WireGuard sidecar plus a containerised AI
agent (OpenClaw or Hermes) — and an OpenAI-compatible LLM gateway
(SwitchAILocal) that proxies to upstream providers.
your laptop ── WireGuard tunnel ── pod sidecar ── agent container
└── SwitchAILocal (OpenAI-compatible)
└── upstream LLM (MiniMax)
No customer LLM traffic ever traverses Traylinx Cloud. Prompts and responses go directly between your laptop and your pod over WireGuard. The Traylinx control plane (auth, billing, allocation) only sees that you have a pod — never the contents of your conversations.
curl -fsSL https://get.traylinx.com/install.sh | bashWhat the installer does:
- Detects your OS and architecture (macOS / Linux, x86_64 / aarch64)
- Tries to download a prebuilt binary from the latest GitHub release
- Falls back to
cargo install --gitif no release matches your platform (installs Rust via rustup with your consent if it's missing) - Sets up a tightly-scoped passwordless sudoers entry so
tytus connectnever prompts you for a password (opt-out withTYTUS_SKIP_SUDOERS=1) - Verifies and prints next steps
Override the install location with TYTUS_INSTALL_DIR=/opt/tytus/bin if you
want it somewhere other than the default.
git clone https://github.com/traylinx/tytus-cli.git
cd tytus-cli
cargo install --path cli --bin tytus --bin tytus-mcp# 1. Interactive first-run (recommended)
tytus setup
# 2. Or manually
tytus login # browser device-auth via Sentinel
tytus connect # allocate a pod + open WG tunnel
tytus test # E2E health check
tytus chat # REPL against your private podAfter connecting, use the stable env in any tool:
eval "$(tytus env --export)"
curl -sS "$OPENAI_BASE_URL/chat/completions" \
-H "Authorization: Bearer $OPENAI_API_KEY" \
-H "Content-Type: application/json" \
-d '{"model":"ail-compound","messages":[{"role":"user","content":"hello"}]}'Each subscription tier has a fixed unit budget. Agents cost units when allocated:
| Plan | Unit budget |
|---|---|
| Explorer | 1 |
| Creator | 2 |
| Operator | 4 |
| Agent | Cost | Gateway port | Description |
|---|---|---|---|
nemoclaw |
1 unit | 3000 | OpenClaw runtime with the NemoClaw sandboxing blueprint |
hermes |
2 units | 8642 | Nous Research Hermes gateway |
You can mix and match within your budget. For example, an Operator user can run 4 nemoclaws, or 2 hermes, or 2 nemoclaw + 1 hermes.
tytus connect --agent nemoclaw # default — 1 unit
tytus connect --agent hermes # 2 units| Model id | Backed by | Capabilities |
|---|---|---|
ail-compound |
MiniMax M2.7 | text, vision, audio (default chat model) |
minimax/ail-compound |
MiniMax M2.7 | text |
ail-image |
MiniMax image-01 | image generation |
minimax/ail-image |
MiniMax image-01 | image generation |
ail-embed |
mistral-embed via SwitchAI | embeddings |
Pass any of these as the model field in OpenAI-compatible requests. Other
model ids (gpt-4, claude-*, etc.) are not available on this product.
tytus login Browser device-auth via Sentinel
tytus logout Revoke all pods + clear local state
tytus status [--json] Plan, pods, units, tunnel state
tytus doctor Full diagnostic
tytus setup Interactive first-run wizard
tytus connect [--agent T] [--pod NN] Allocate pod + activate tunnel
tytus disconnect [--pod NN] Tear down tunnel, keep allocation
tytus revoke <pod_id> Free units (DESTRUCTIVE — wipes state)
tytus restart [--pod NN] Restart agent container
tytus env [--export] [--raw] Connection vars (stable by default)
tytus test E2E health check
tytus chat [--model ail-compound] Interactive REPL
tytus exec [--pod NN] "<command>" Run shell command in agent container
tytus configure Interactive overlay editor
tytus link [DIR] [--only ...] Link a project so AI CLIs in it know Tytus
tytus mcp [--format ...] Print MCP server config for an AI tool
tytus bootstrap-prompt Print the paste prompt for any AI tool
tytus llm-docs Print the full LLM-facing reference
Run tytus <command> --help for per-command details.
Tytus is designed so that any AI CLI on your laptop can drive it. Two patterns are supported.
Copy this prompt into Claude Code, OpenCode, Cursor, KiloCode, or any AI tool that can read URLs:
tytus bootstrap-promptOutput:
Read https://raw.githubusercontent.com/traylinx/tytus-cli/main/.agents/skills/tytus/SKILL.md
and follow the instructions to drive Tytus natively. ...
Paste it once. The agent fetches the hosted skill file and learns the full command surface, the model catalog, the stable URL/key model, the recipes, and the error catalog. Then it can drive Tytus end-to-end on its own.
If you want the integration files dropped directly into a project (so the AI tool sees them without a URL fetch), run:
cd your-project
tytus link .This drops:
| File | Used by |
|---|---|
CLAUDE.md (appended) |
Claude Code |
AGENTS.md (appended) |
OpenCode, Codex, Gemini CLI, generic agents |
.claude/commands/tytus.md |
Claude Code /tytus slash command |
.kilo/command/tytus.md |
KiloCode / OpenCode /tytus command |
.kilo/mcp.json |
KiloCode MCP config |
.archon/commands/tytus.md |
Archon /tytus command |
.mcp.json |
Claude Code MCP config (auto-allows safe tools) |
.tytus-env.sh |
Shell hook (source .tytus-env.sh) |
Filter what gets dropped:
tytus link . --only claude # only Claude Code files
tytus link . --only kilocode,shell # KiloCode + shell hooktytus-mcp is a stdio-based MCP server
that exposes Tytus to any MCP-compatible AI tool as native tools:
| Tool | Purpose |
|---|---|
tytus_docs |
Returns the full LLM-facing reference (call this first) |
tytus_status |
Login state, plan, pods, tunnel — call this second |
tytus_env |
Stable + raw connection details |
tytus_models |
Live model list from the pod gateway |
tytus_chat |
Send chat completions through the user's pod |
tytus_revoke |
Free a pod's units (destructive) |
tytus_setup_guide |
What to tell the user when nothing is connected |
Print the MCP config block for your tool:
tytus mcp # Claude Code format
tytus mcp --format kilocode # KiloCode / OpenCode
tytus mcp --format archon # Archon
tytus mcp --format json # generic JSONcrates/
├── cli Binary: `tytus` command
├── mcp Binary: `tytus-mcp` MCP server
├── core HTTP client (retry/backoff), error types, device fingerprint
├── auth Sentinel device auth, OS keychain, token refresh
├── pods Provider API: allocation, status, config, agent control
└── tunnel WireGuard via boringtun (userspace, cross-platform)
The tunnel uses boringtun for
the Noise protocol and the tun crate for
the OS-level TUN device. No wg-quick, no kernel module. Privilege
escalation for opening the TUN device is handled transparently via a
three-strategy chain: sudo -n (passwordless via the sudoers entry the
installer adds) → osascript (macOS GUI dialog) → interactive sudo.
| Surface | How it's handled |
|---|---|
| State file | ~/.config/tytus/state.json (Linux) or ~/Library/Application Support/tytus/state.json (macOS), mode 0o600 |
| Refresh tokens | OS keychain (com.traylinx.atomek service) — never in plain files |
| WireGuard private keys | Parsed in memory only, never written to disk; WireGuardConfig implements Zeroize and zeroes on drop |
| Sentinel pass | WannolotPassResponse is Zeroize + ZeroizeOnDrop |
| TUN privilege | Tightly-scoped sudoers: only tytus tunnel-up * and tytus tunnel-down * (the tunnel-down helper internally validates the target PID against /tmp/tytus/tunnel-*.pid so it cannot be abused to SIGTERM other processes) |
| Tunnel daemon | Runs as root only for the lifetime of the WG socket; deletes its temp config file before opening the tunnel; auto-cleans PID + iface files on shutdown |
| HTTP client | reqwest with rustls + WebPKI roots + HTTP/2 + macOS SystemConfiguration; no native-tls, no plaintext fallback |
A full pre-public-release security audit is in
docs/SECURITY-AUDIT.md.
| Symptom | Likely cause | Fix |
|---|---|---|
No pods. Run: tytus connect |
No allocation | tytus setup (or tytus connect) |
Tunnel daemon already running |
Stale PID file | tytus disconnect then retry |
401 Invalid API key from gateway |
Stable key map sync race during first connect | Wait 2s and retry; tytus restart if persistent |
403 plan_limit_reached |
Unit budget would be exceeded | Revoke an existing pod or upgrade your plan |
503 no_capacity |
All droplets full | Wait or contact support |
Tunnel up but curl times out |
Routing collision with another VPN on macOS | Disconnect other VPNs, then tytus connect |
| Anything weird | — | Run tytus doctor first |
For deep AI-agent troubleshooting, run tytus llm-docs and feed the output
to your assistant.
cargo build -p atomek-cli -p tytus-mcp # debug build
cargo build --release # release build
cargo test --workspace # run all tests
cargo clippy --workspace --all-targets # lint
cargo audit # vulnerability scanWorkspace dependencies are pinned in Cargo.toml. The Cargo.lock is
checked in.
MIT — Traylinx