Architecture Overview
infrastrActure is a control plane for AI agents. It serves canonical MCP runtime config to clients, manages shared and per-user tool installations, supervises ephemeral sandboxes, and exposes a tightly audited host-operations surface (Infra SSH).
TessarAct is the reference client; anything that speaks MCP can be a client.
Topology
Responsibilities
| Area | Responsibility |
|---|---|
| integration | return canonical MCP server configs |
| shared tools | manage platform-wide integrations |
| installations | create and manage user runtimes |
| sandboxes | lifecycle + runtime access |
| built-in MCP | expose platform operations as tools |
| infra SSH | controlled host operations |
| auth | enforce instance binding and tiers |
Design Principles
-
control plane, not monolith
It manages runtimes; it is not the only runtime. -
tenant-aware by default
instance binding is part of every key and sync flow. -
shared vs user-managed split
shared tools are platform-owned; installs are tenant-owned. -
admin operations are explicit
admin-tier key plus approval lease for infra SSH. -
audit where risk is highest
infra SSH records successful, denied, and failed operations.