About marlow.systems

marlow.systems is the public face of a private development environment running on two Apple Silicon Mac minis on a single LAN. Every project listed on the home page lives on these two boxes; nothing falls back to cloud inference.

Why local-first

• · Predictable cost. One-time hardware, no per-token billing, no surprise invoices when traffic spikes.
• · Data stays put. Customer data, model context, and inference logs never leave the LAN unless we explicitly push them out.
• · Faster iteration.Stage and live share the same hardware footprint — no “works on dev, breaks in prod” surprises from a hidden cloud capacity gap.
• · Hardened by default. Live containers run read-only, drop all capabilities, refuse new privileges, and bind to 127.0.0.1. Only Cloudflare tunnels touch the public internet.

How a project ships

1. Build locally against the blueprint (Next.js 16 + Prisma 6 + NextAuth 5 + Tailwind 4).
2. Push to a bare git repo on marlow-stage; a post-receive hook rebuilds the Docker stack.
3. Test on the LAN at 192.168.20.228:<port>.
4. Push to a bare git repo on marlow-live; the same hook rebuilds and the project becomes reachable through its Cloudflare tunnel.
5. The new project shows up on the marlow dashboard (/dashboard) and gets an entry in the blueprint.

The shared bits

Some pieces are not per-project. They sit alongside everything else and every project hits them:

• · Queue Proxy :8900 — every AI request from every container goes here first. Capability-aware routing, queue depth limits, 5-min timeout when more than 5 requests are waiting.
• · TurboQuant — MLX-backed OpenAI-compatible LLM server. Coder-7B on stage, 32B + 7B on live.
• · Model Server :8800 — unified gateway for MLX, Ollama, FLUX, Whisper, MusicGen.
• · BTCPay infrastructure— one shared bitcoind + LND + nbxplorer stack on live, multiple BTCPay instances mount the same volumes. Saves ~50 GB per project.
• · Resource monitor — runs every 60s on live. TimesFM gets killed first under memory pressure; the LLM and voice servers are protected.

This site is itself one of those projects — it lives inmarlow.systems on both servers, listens on port 3700, and is served to the public from live through a Cloudflare tunnel. Stage is reachable from the LAN only.