Show HN: Apfel – The free AI already on your Mac(apfel.franzai.com)

435 pointsby franze6 hours ago51 comments

gurjeet2 minutes ago
Thank you for making it open source!
Submitted a PR to prevent its installation on macos versions older than Tahoe(26), since I was able to install it on my older macos 15, but it aborted on execution.
https://github.com/Arthur-Ficial/homebrew-tap/pull/1
convexly3 hours ago
I like the approach of running everything locally. I'm strongly of the opinion that the privacy angle for local models is going to keep getting stronger and more relevant. The amount of articles that come out about accidents happening because of people handing too much context to cloud models the more self reinforcing this will become.
- hombre_fatal10 minutes ago
  Another angle is when you're passing untrusted content to the AI service, e.g. anything from using it to crawl websites to spam-detection on new forum user posts.
  You can trigger the the service's ToS violation or worse, get tipped off to law enforcement for something you didn't even write.
- cousin_itan hour ago
  It's only half of the solution though. If the models are trained in a closed way, they can prioritize values encoded during training even if that's not what you want (example: ask the open Chinese models about Tiananmen). It's not beyond imagining that these models would e.g. try to send your data to authorities or advertisers when their training says so, even if you run them locally.
  So the full solution would be models trained in an open verifiable way and running locally.
- ge96an hour ago
  The other thing, is encrypted inferencing a thing/service currently? I want to run my own models locally just because if I'm going to be chatting to it about my day to day life why send it to a server in plaintext.
  - lukewarm707an hour ago
    encrypted inferencing, meaning homomorphic encryption: no, it's not solved.
    cryptographic confirmation of zero knowledge: yes.
    the latter, based on trust in the hardware manufacturer and their root ca. so, encrypted if you trust intel/nvidia to sign it.
    there are a few services, phala, tinfoil, near ai, redpill is an aggregator of those
- lukewarm7073 hours ago
  local is best for privacy, but i personally think you don't need to go local.
  anthropic, google, openai etc, decided that their consumer ai plans would not be private. partly to collect training data, the other half to employ moderators to review user activity for safety.
  we trust that human moderators will not review and flag our icloud docs, onedrive or gmail, or aggregate such documents into training data for llms. it became the norm that an llm is somehow not private. it became a norm that you can't opt out of training, even on paid plans (see meta and google); or if you can opt out of training, you can't opt out of moderation.
  cloud models with a zero retention privacy policy are private enough for almost everyone, the subscriptions, google search, ai search engines are either 'buying' your digital life or covering themselves for legal reasons.
  you can and should have private cloud services, and if legal agreement is not enough, cryptographic attestation is already used in compute, with AWS nitro enclaves and other providers.
  - inetknght2 hours ago
    > i personally think you don't need to go local.
    I personally think everyone should default to using local resources. Cloud resources should only be used for expansion and be relatively bursty rather than the default.
    mark_l_watson2 hours ago
    For about two years I experimented with writing local apps using local LLMs, but I often had to blend in a commercial web search API to make my little experiments useful.
  - djl0an hour ago
    do you have any provider recommendations? I've experimented with this on runpod serverless, but I've been meaning to dig deeper before I feel comfortable with personal data.
    I saw a service named Phala, which claims to be actually no-knowledge to server side (I think). It was significantly more expensive, but interesting to see it's out there. My thought was escaping the data-collection-hungry consumer models was a big win.
  - mark_l_watson2 hours ago
    I pay $13/month for Proton’s Lumo+ private chat LLM that contains an excellent built-in web search tool. I use it for everything non-technical, even just simple searching for local businesses, etc.
    As an enthusiastic reader of books like Privacy is Power and Surveillance Capitalism, it feels good to have a private tool that is ready at hand.
- aswanson3 hours ago
  That's the way things have to go. Business risk is too high having everything ran over exposed networks.
  - lukewarm7073 hours ago
    what i say about this, is that an llm is just a big file, there is nothing 'not private' about it.
    if you are happy with off-prem then the llm is ok too, if you need on-prem this is when you will need local.
    zahlman2 hours ago
    > an llm is just a big file, there is nothing 'not private' about it.
    The private thing is the prompt.
    But also, a local LLM opens up the possibility of agentic workflows that don't have to touch the Internet.
gherkinnn3 hours ago
Now this is a development I like.
With the Claude bug, or so it is known, burning through tokens at record speed, I gave alternative models a try and they're mostly ... interchangeable. I don't know how easy switching and low brand loyalty and fast markets will play out. I hope that local LLMs will become very viable very soon.
- naravara2 hours ago
  Yeah I don’t think the models are meaningfully differentiated outside of very specific edge cases. I suspect this was the thinking behind OpenAI and Facebook and all trying to lean hard into presenting their chatbots as friends and romantic partners. If they can’t maintain a technical moat they can try to cultivate an emotional one.
brians4 hours ago
I’ve seen several projects like this that offer a network server with access to these Apple models. The danger is when they expose that, even on a loop port, to every other application on your system, including the browser. Random webpages are now shipping with JavaScript that will post to that port. Same-origin restrictions will stop data flow back to the webpage, but that doesn’t stop them from issuing commands to make changes.
Some such projects use CORS to allow read back as well. I haven’t read Apfel’s code yet, but I’m registering the experiment before performing it.
- brians4 hours ago
  They offer it as an option but default it to false! This is still a --footgun option but it’s the least unsafe version I’ve seen yet! Well done, Apfel authors.
  - franze3 hours ago
    thx for the report - a totally valid attack vector i was not aware of before, should be fixed https://github.com/Arthur-Ficial/apfel/releases/tag/v0.6.23 - see also new https://github.com/Arthur-Ficial/apfel/blob/main/docs/server...
- stingraycharles4 hours ago
  I don’t think many browsers will allow posting to 127.0.0.1 from a random website. What’s the threat model here?
  - layer83 hours ago
    Restricting such access it is still a work in progress: https://wicg.github.io/local-network-access/
  - brians4 hours ago
    I think any browser will allow it but not allow data read back.
    btown3 hours ago
    FWIW this was the status quo (webpage could ping arbitrary ports but not read data, even with CORS protections) - but it is changing.
    This is partially in response to https://localmess.github.io/ where Meta and Yandex pixel JS in websites would ping a localhost server run by their Android apps as a workaround to third-party cookie limits.
    Chrome 142 launched a permission dialog: https://developer.chrome.com/blog/local-network-access
    Edge 140 followed suit: https://support.microsoft.com/en-us/topic/control-a-website-...
    And Firefox is in progress as well, though I couldn't find a clear announcement about rollout status: https://fosdem.org/2026/schedule/event/QCSKWL-firefox-local-...
    So things are getting better! But there was a scarily long time where a rogue JS script could try to blindly poke at localhost servers with crafty payloads, hoping to find a common vulnerability and gain RCE or trigger exfiltration of data via other channels. I wouldn't be surprised if this had been used in the wild.
    airza3 hours ago
    There is a CORS preflight check for POST requests that don't use form-encoding. It would be somewhat surprising if these weren't using JSON (though it wouldn't be that surprising if they were parsing submitted JSON instead of actually checking the MIME-type which would probably be bad anwyay)
    mememememememo4 hours ago
    Isn't there a CORS preflight check for this? In most cases. I guess you could fashion an OG form to post form fields. But openai is probably a JSON body only.
    The default scenario should be secure. If the local site sends permissive CORS headers bets may be off. I would need to check but https->http may be a blocker too even in that case. Unless the attack site is http.
- robotswantdata3 hours ago
  Keep seeing similar mistakes with vibe coded AI & MCP projects. Even experienced engineers seem oblivious to this attack vector
- snarkyturtle2 hours ago
  Noting that there's an option to require a Bearer token to the API
Multiplayer2 hours ago
Started using this earlier this week. I built a backtesting benchmark tool to compare a mix of frontier and open-source models on a fairly heavy data analysis workflow I’d been running in the cloud.
The task is basically predicting pricing and costs.
Apple’s model came out on top—best accuracy in 6 out of 10 cases in the backtest. That surprised me.
It also looks like it might be fast enough to take over the whole job. If I ran this on Sonnet, we’re talking thousands per month. With DeepSeek, it’s more like hundreds.
So far, the other local models I’ve tried on my 64GB M4 Max Studio haven’t been viable - either far too slow or not accurate enough. That said, I haven’t tested a huge range yet.
lewisjoe24 minutes ago
Tempted to write a grammarly-like underline engine that flags writing mistakes across all apps and browser. Fully private grammarly alternative without even bundling an LLM!
donmb2 hours ago
Local AIs are the future in times of limited resources. This could be the beginning of something big. I like that Apple opens up like this. Hopefully more to come.
- enjoyitasus2 hours ago
  completely agree.
btucker2 hours ago
I hacked this together last fall to let you use Apple Foundation Models with llm: https://github.com/btucker/llm-apple . To enable that I built python bindings with Claude Code: https://github.com/btucker/apple-foundation-models-py
Unfortunately, I found the small context window makes the utility pretty limited.
- troyvitan hour ago
  Yeah I think you hit on the head a good way to use it though. I'm not on MacOS but KDE has a little tool called krunner[1] that lets you perform simple tasks from a small pop-up on your desktop. It would be cool if I could do slightly agentic things from there with a local model like ask what the capital of Austria is, or what's the current exchange rate between two currencies.
  Then save the heavy lifting for the big boys.
  [1] https://userbase.kde.org/Plasma/Krunner
frontsideairan hour ago
> Apple locked it behind Siri. apfel sets it free
This doesn't feel truthful, it sounds like this tool is a hack that unlocks something. If I understand it correctly, it's using the same FoundationModels framework that powers Apple Intelligence, but for CLI and OpenAI compatible REST endpoint. Which is fine, just the marketing goes hard a bit.
> Runs on Neural Engine
Also unsure if this runs on ANE, when I tried Apple Intelligence I saw that it ran on the GPU (Metal).
- reaperducer37 minutes ago
  This doesn't feel…
  Also unsure…
  Thank you for sharing your feelings and uncertainty.
  Perhaps resist the urge to post until you have something to contribute.
khalic5 hours ago
AFM models are very impressive, but they’re not made for conversation, so keep your expectations down in chat mode.
VanTodi3 hours ago
Just a small thing about the website: your examples shift all the elements below it on mobile when changing, making it jump randomly when trying to read.
EddieLomax2 hours ago
This is similar to something I was playing around with last month-- basically just a CLI for accessing the foundational models.
https://github.com/ehamiter/afm
It's really handy for quick things like "what's the capital of country x" but for coding, I feel that it is severely limited. With such a small context it's (currently) not great for complicated things.
divanan hour ago
What's the easiest way to use it with on-device voice model for voice chat?
- windsurferan hour ago
  https://github.com/Arthur-Ficial/apfel-gui uses on-device speech-to-text and text-to-speech
  - divan30 minutes ago
    Thanks, tried it, but it's crashes on clicking the microphone icon. Default `make install` for some reason tries to install it to /usr, I changed that and after torturing more mature coding LLMs for 20 minutes, made it running with mic/sound.
    The mic button requires clicking to transcribe and start listening again, and default voice is low-quality (I assume it can be configured).
    In general I'm looking for a way to try the on-device hands-free voice mode.
mattkevan2 hours ago
As an experiment I built a prototype chatbot app that uses the built-in LLM. It’s got a small context window, but is surprisingly capable and has tool-calling support. Without too much effort I was able to get it to fetch weather data, fetch and summarise emails, read and write reminders and calendar events.
Phemist2 hours ago
Nice! The example should imo say
apfel -o json "Translate to German: apple" | jq .content
Barbing2 hours ago
Just discovered iOS shortcuts has a native action called “use model” that lets you use local, Apple cloud, or ChatGPT— before that I would have agreed with the author about being locked behind Siri (natively)
arendtio3 hours ago
For those who don't know, 'Apfel' is the German word for Apple.
- gherkinnn3 hours ago
  And for those who did know that and want to know more, the shift from apple - apfel and water -> wasser happened during the High German consonant shift.
  https://en.wikipedia.org/wiki/High_German_consonant_shift
rbbydotdev2 hours ago
Would really love to see a web api standard for on device llms. This could get us closer. Some in-browser language model usage could be very powerful. In the interim maybe a little protocol spec + a discovery protocol used with browser plugins, web apps could detect and interface with on-device llms making it universally available.
- dchest2 hours ago
  https://webmachinelearning.github.io/prompt-api/
  Already in Chrome as an origin trial: https://developer.chrome.com/docs/ai/prompt-api
kangraemin2 hours ago
4,096 token context window is pretty limiting. That's roughly 3,000 words — fine for "summarize this paragraph" but not enough for anything that needs real context. Still, zero cost and fully local is hard to beat for quick throwaway tasks. Does it handle streaming or is it request-response only?
satvikpendeman hour ago
How does this model compare against other local models like Qwen run through LMStudio?
mark_l_watson2 hours ago
I have been using Apple’s built-in system LLM model for the last 7 or 8 months. I like the feature that if it needs to, it occasionally uses a more powerful secure private cloud model. I also write my own app to wrap it.
nose-wuzzy-pad3 hours ago
Does the local LLM have access to personal information from the Apple account associated with the logged-in user? Maybe through a RAG pipeline or similar? Just curious if there are any risks associated with exposing this in a way that could be exploited via CORS or through another rogue app querying it locally.
- franze2 hours ago
  no. the on device foundationmodels framework that apfel uses does not have access to personal information from the apple account. the model is a bare language model with no built in personal data access.
  apple does have an on device rag pipeline called the semantic index that feeds personal data like contacts emails calendar and photos into the model context but this is only available to apples own first party features like siri and system summaries.
  it is not exposed through the foundationmodels api.
  - 2 hours ago
    undefined
furyofantaresan hour ago
Looks like a nice wrapper around the APIs. Extremely oversold landing page, very marketing heavy for what it is. You can actually make nice looking landing pages that are about 10% the size of this and more straightforward, rather than some mimicry of a SaaS that's trying desperately to sell you something. Makes it easier for you to review the content for factuality too, and heck you couldn't even take ownership of some of the voice.
Hard to know what to do with this. I'm interested in the project and know others who would be, but I feel like shit after being slopped on by a landing page and I don't wish to slop on my friends by sharing it with them. I suppose the github link is indeed significantly better, I'll share that.
swiftcoder5 hours ago
Anyone tried using this as a sub-agent for a more capable model like Claude/Codex?
- LatencyKills4 hours ago
  The combined (input/output) context window length is 4K. Claude would blow through that even when trying to read and summarize a small file.
- khalic3 hours ago
  If you’re looking into small models for tiny local tasks, you should try Qwen coder 0,5B. It’s more of an experiment, but it can output decent functions given the right context instructions.
  - xenophonf3 hours ago
    > [Qwen coder 0,5B] can output decent functions given the right context instructions
    Can you share a working example?
    khalic2 hours ago
    So… a prompt? I’m not on my laptop but I hooked it to cmp.nvim, gave it a short situational prompt, +- 10 lines, and started typing. Not anywhere near usable but with a little effort you can get something ok for repetitive tasks. Maybe something like spotting one specific code smell pattern. The advantage is the ridiculous T/s you get
- franze4 hours ago
  project started with
  trying to run openclaw with it in ultra token saving mode, did totally not work.
  great for shell scripts though (my major use case now)

als02 hours ago

Is this for Tahoe only? I’m still clutching onto Sequoia

Yeah seems to need Tahoe (I'm on Sequoia):

    dyld[71398]: Library not loaded: /System/Library/Frameworks/FoundationModels.framework/Versions/A/FoundationModels
      Referenced from: <32818E2F-CB45-3506-A35B-AAF8BDDFFFCE> /opt/homebrew/Cellar/apfel/0.6.25/bin/apfel (built for macOS 26.0 which is newer than running OS)
      Reason: tried: '/System/Library/Frameworks/FoundationModels.framework/Versions/A/FoundationModels' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/System/Library/Frameworks/FoundationModels.framework/Versions/A/FoundationModels' (no such file), '/System/Library/Frameworks/FoundationModels.framework/Versions/A/FoundationModels' (no such file, not in dyld cache)

linsomniac2 hours ago
Yes, it says on that page that it uses Apple Intelligence from Tahoe. I'm also hanging onto Sequoia, though I'm ready to make the leap any time here.
- crena37 minutes ago
  MacBook Neo forced me to finally make the jump, and it turns out that I, much like the engineers at Apple, don't really care about the spit and finish anymore. Third-party applications handle everything else. Also, I was happy to find that Divvy still runs just fine under Rosetta.

elcritch5 hours ago
Any know if these only installed on Tahoe? I'm running Sequoia still and get an error about model not found.
- HelloUsername5 hours ago
  > Apple Silicon Mac, macOS 26 Tahoe or newer, Apple Intelligence enabled
  - jonpurdy3 hours ago
    Yes, the model ships with Tahoe, not previous versions.
    I too would love to try this for simple prompts but won’t be updating past Sequoia for the foreseeable future.
    als0an hour ago
    Same. What a disaster Tahoe is.
gigatexal4 hours ago
It’s a very small model but I’ve been playing with it for some time now I’m impressed. Have we been sleeping on Apple’s models?
Imagine they baked Qwen 3.5 level stuff into the OS. Wow that’d be cool.
- bombcar4 hours ago
  Apparently the Overcast guy build a beowulf cluster of Mac minis to use the Apple transcription service.
  https://www.linkedin.com/posts/nathangathright_marco-arment-...
- FinnKuhn3 hours ago
  For small tasks this seems perfect. However it being limited to English from what I can tell is quite a downsite for me.
- thenthenthen4 hours ago
  The vision models and OCR are SUPER
Oras4 hours ago
I like the idea and the clarity to explain the usage, my question would be: what kind of tasks it would be useful for?
- khalic3 hours ago
  Making a sentence out of a json
p1anecrazy5 hours ago
Really like demo cli tools description. Are they limited by the context window as well? What’s your experience with log file sizes?
- franze5 hours ago
  the 2 hard limits of Appel Intelligence Foundation Model and therefor apfel is the 4k token context window and the super hard guardrails (the model prefers to tell you nothing before it tells you something wrong ie ask it to describe a color)
  parsing logfiles line by line, sure
  parsing a whole logfile, well it must be tiny, logfile hardly ever are
  - reaperducer11 minutes ago
    the model prefers to tell you nothing before it tells you something wrong
    If all LLMs did this, people would trust them more.
joriskok12 hours ago
How much storage does it take up?
- franze2 hours ago
  4mb download, after install about 15mb, model is already on your mac with mac os x tahoe
pbronez2 hours ago
Digging into this, found Apple’s release notes for the Foundation Model Service
https://developer.apple.com/documentation/Updates/Foundation...
They released an official python SDK in March 2026:
https://github.com/apple/python-apple-fm-sdk
sys_647382 hours ago
Tahoe+ only
walthamstow2 hours ago
You have to enable Apple Intelligence so that's a hard no from me. I'll stick to LM Studio and gpt-oss/qwen. Very cool project though.
api2 hours ago
BoltAI also does this, but a CLI tool is nice.
It’s a nice LLM because it seems fairly decent and it loads instantly and uses the CPU neural engine. The GPU is faster but when I run bigger LLMs on the GPU the normally very cool M series Mac becomes a lap roaster.
It’s a small LLM though. Seems decent but it’s also been safety trained to a somewhat comical degree. It will balk over safety at requests that are in fact quite banal.
phplovesong3 hours ago
This is pretty cool. My bet is that we have more LLMs running locally when its possible, either thru "better hardware as default" or some new tech that can run the models on commodity hardware (like apple silicon / equivalent PC setup).
aiiaroan hour ago
[dead]
brtkwr3 hours ago
[dead]
6 hours ago
undefined
devcraft_ai41 minutes ago
[dead]
volume_tech2 hours ago
[dead]
4 hours ago
undefined
Remi_Etien5 hours ago
[dead]
3yr-i-frew-up3 hours ago
[dead]
reaperduceran hour ago
[dead]
animanoir2 hours ago
[dead]
hackerman700002 hours ago
[flagged]
skrun_dev6 hours ago
Notes.app handles big notebooks without choking on storage?
ramon1564 hours ago
Cool tool but I don't get why these websites make idiotic claims
> $0 cost
No kidding.
Why not just link the GH Github: https://github.com/Arthur-Ficial/apfel
- ffsm84 hours ago
  He did?
  https://news.ycombinator.com/item?id=47624647
alwinaugustin3 hours ago
Read Austria as Australia and thought this as an April fool
m-s-y3 hours ago
A serious project would do the work to be delivered via the native homebrew repository, not a “selfhosted” one.
- brtkwr2 hours ago
  Isn't the whole idea of "home brew" to enable hackers and enthusiasts to easily share what they built?
- post-it2 hours ago
  Is this you signing up as a packager or
nottorp3 hours ago
> Starting with macOS 26 (Tahoe), every Apple Silicon Mac includes a language model as part of Apple Intelligence.
So you have to put up with the low contrast buggy UI to use that.