Run the server on your Mac, connect the apps, and reach it from anywhere. Fifteen minutes, no Docker, no cloud account.
The server is the engine — it holds your data and gardens and talks to the models. It runs on a Mac you own. Two ways to get it:
.pkg) and open it.http://localhost:3001. Config lives in ~/.maurice/.Needs Bun.
git clone https://github.com/ckemmler/chez-maurice.git
cd chez-maurice/server
bun install
bun run index.ts # → http://localhost:3001
http://localhost:3001/admin in a browser. You'll be sent to a one-time setup page — create the admin account./admin, add a model:
/admin (each member gets their own space and a PIN).Install the Mac or iOS app (TestFlight, or build from app/ in Xcode). On first launch it asks for a server address:
http://localhost:3001.Then tap your member, enter your PIN, and you're in.
Phones can't reach localhost, and the apps expect HTTPS. So the server needs a real hostname with a valid certificate. Two good ways — pick one. Both keep your data on your Mac; they only create a private, encrypted path to it.
A private network between your own devices. Maurice serves HTTPS directly on your tailnet name.
mac-mini.tail1234.ts.net.tailscale cert mac-mini.tail1234.ts.net
It writes mac-mini.tail1234.ts.net.crt and .key.~/.maurice/.env (create it):
MAURICE_TLS_CERT=/Users/you/mac-mini.tail1234.ts.net.crt
MAURICE_TLS_KEY=/Users/you/mac-mini.tail1234.ts.net.key
MAURICE_PUBLIC_HOST=mac-mini.tail1234.ts.netmaurice restart, or re-run bun run index.ts).https://mac-mini.tail1234.ts.net:3001.Reach it over the public internet on a domain you own. Cloudflare terminates TLS, so Maurice can stay plain-HTTP on localhost.
cloudflared and log in:
brew install cloudflared
cloudflared tunnel logincloudflared tunnel create maurice
cloudflared tunnel route dns maurice \
maurice.example.com~/.cloudflared/config.yml:
tunnel: <tunnel-id>
credentials-file: ~/.cloudflared/<id>.json
ingress:
- hostname: maurice.example.com
service: http://localhost:3001
- service: http_status:404launchd for production):
cloudflared tunnel run mauricehttps://maurice.example.com.Settings go in ~/.maurice/.env (installed server) or the repo-root .env (from source). Model API keys are not here — set those in /admin so they stay in the database.
| Variable | What it does |
|---|---|
PORT | Server port. Default 3001. |
MAURICE_TLS_CERTMAURICE_TLS_KEY | Paths to a cert + key to serve HTTPS. If unset, the server runs plain HTTP on localhost. |
MAURICE_PUBLIC_HOST | The host the apps reach the server on (used in its self URL). Default localhost. |
GARDEN | Which garden the web engine serves (folder under web/gardens/). Default demo. |
MAURICE_GARDENS_DIR | Absolute gardens root in production. |
curl -k https://your-host:3001/api/health should return {"status":"ok"}.localhost.No usable model. Open /admin and either add a cloud API key or start Ollama with a model pulled, then make sure your member is allowed to use it.
Push needs an APNs key in ~/.maurice/secrets/ and, for TestFlight/App Store builds, APNS_PRODUCTION=1.