MIDAS
Local-first AI agent for approval-gated automation and verifiable LLM workflows.
README
MIDAS
Demo (15 s): coming — see tools/record_demo.md to record it locally and drop the file at
docs/assets/midas-demo.gif.
Local-first AI agent for approval-gated automation and verifiable LLM workflows.
MIDAS is a self-hosted AI agent with a local dashboard, CLI, signed receipts, budget controls, Ollama support, and MCP tooling. It helps you draft, review, and verify agent actions before they change files, call services, publish content, or use external tools.
For non-developers: download the repo, open the folder, then double-click
Launch MIDAS.bat on Windows. On macOS, use Launch MIDAS.command. On Linux,
run ./launch-midas.sh. See docs/INSTALL_FOR_EVERYONE.md.
Read DISCLAIMER.md before using MIDAS with external accounts, generated content, automation, or third-party tools.
Who It Is For
- Users who want a local-first AI agent with a dashboard instead of terminal-only setup.
- Developers building LLM workflows that need approvals, receipts, and budget controls.
- Operators who want an audit trail before connecting email, files, MCP tools, or external APIs.
- Teams testing Ollama, cloud model providers, and self-hosted agent workflows.
What It Does
- Plans and drafts work through a bounded LLM agent loop.
- Stores every step as an Ed25519-signed receipt in a hash chain.
- Routes file writes, code execution, spreadsheet writes, outbound sends, Stripe intents, media files, and external MCP calls through the approval queue.
- Preserves untrusted taint across agent steps so fetched pages, PDFs, emails, and third-party tool output cannot become instructions.
- Uses a lightweight skill index and loads
SKILL.mdonly when needed. - Links receipts to operator-recorded outcomes so runs can be reviewed later.
Screenshots
| Chat | Approvals | Proof Ledger |
|---|---|---|
 |
 |
 |
Status
- ✅ Code gates — 718 tests, mypy strict (157 files), ruff, import-linter contract
core ↛ flagship, bandit medium+, ShipVitalsREADY p0=0 p1=0. - ✅ Secret scan — clean.
- ⏳ Human UAT — see docs/UAT_CHECKLIST.md, unsigned at first release.
- ⏳ Lighthouse + axe-core (WCAG 2.2 AA) — workflows wired, first results pending after
v0.1.0. - ⏳ Cross-platform — Linux/macOS/Windows × Python 3.11/3.12 matrix runs via the Cross-platform workflow.
- ❌ Independent third-party security review — not yet performed. Until that lands, MIDAS is local-first, approval-gated, with security defaults. It is not described as "secure", "certified", or "production-ready".
Use Cases
- Run a self-hosted LLM agent from a local dashboard or CLI.
- Draft files, media plans, and code changes behind approval cards.
- Use Ollama locally, or connect a cloud provider with your own API key.
- Route MCP tools through an approval workflow and receipt ledger.
- Verify agent activity with signed receipts and an independent verifier.
- Check local capabilities before installing or enabling extra tools.
Quickstart
No-terminal start
Windows:
Double-click: Launch MIDAS.bat
macOS:
Double-click: Launch MIDAS.command
Linux:
chmod +x launch-midas.sh
./launch-midas.sh
The launcher creates a private .venv, installs MIDAS, prepares local state,
opens the dashboard, and prints a rescue login link if the browser does not
open.
Developer start
git clone https://github.com/omarkhandji-commits/midas.git
cd midas
python -m venv .venv
.venv\Scripts\pip install -e ".[llm,web,dev]"
midas init
midas dashboard
Open the local dashboard, connect a model, then run one mission. The dashboard is loopback-only and uses a one-time login token.
midas init detects local Ollama, or accepts one cloud API key:
midas init # running Ollama, no key needed
midas init --key sk-... # OpenAI
midas init --key sk-ant-... # Anthropic
midas init --key sk-or-... # OpenRouter
CLI
midas earn "<niche>" # scan, prepare, queue
midas capabilities scan # detect local tools, no install
midas capabilities plan "make a video with voice"
midas approvals list
midas approvals approve <id>
midas execute <id>
midas roi
midas outcome record <run_id> "<note>" -m value=<amount>
midas proof export out.html --run-id <run_id>
midas repo-map src/
midas blog-lint path/to/post.md
midas course "topic" --modules 5
midas drain # queue due scheduled posts
Run as an MCP server:
midas mcp serve
Media
MIDAS never downloads tools silently. midas capabilities scan checks for
ffmpeg, Node/Remotion, Edge TTS, Kokoro, Piper, XTTS/Coqui, NeuTTS, Ollama,
Docker/Podman, Git, and MCP adapters. midas capabilities plan "<goal>"
returns the local/free path, setup gaps, approval needs, privacy notes, cost
notes, and fallback.
Current media tools:
image.draft: offline PNG placeholder or opt-in provider.voice.synthesize: deterministic offline WAV and opt-in provider hooks.video.scriptandvideo.storyboard: pure planning tools.remotion.project.draft: approval-gated ZIP with a minimal Remotion project.
Security Defaults
- Default-deny Sentinel policy.
- Approval metadata: risk, estimated cost, expiry, hash preview when available.
- Drift checks for approved file writes and
code.run. - Per-task, daily, monthly, per-skill, and per-persona budget gates.
- Remote skills are queued for review; they are not installed automatically.
- Secrets stay out of receipts, logs, prompts, fixtures, and screenshots.
- Kill switch blocks tool execution.
See SECURITY.md, docs/SECURITY.md, docs/THREAT_MODEL.md, and docs/SECURITY_RELEASE_NOTES.md.
Verify Receipts
pip install ./tools/verify
midas keys export-public
python -m midas_verify .midas/receipts.jsonl --public-key <hex>
Flip one byte in the ledger and rerun. Verification reports the corrupted sequence index.
Testing
ruff check .
mypy src
lint-imports
bandit -r src -ll
pytest
midas eval
cd web && npm run lint && npm test && npm run build
python -m build
twine check dist/*
ShipVitals is used as a final release-readiness evidence pack. It does not replace tests, security review, Playwright checks, or human review.
Project Layout
src/midas/core/ sentinel, budget fuse, receipts, memory, router
src/midas/flagship/ CLI, dashboard, agent loop, tools, eval suites, MCP
config/ policy and provider templates
docs/ architecture, security, recipes, receipt spec
tests/ unit, security, eval, fixtures
tools/verify/ standalone receipt verifier
web/ React dashboard
License
MIT. See LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.