Containers & Networking
infrastrActure is a container orchestrator for three runtime classes:
- shared tools
- user installations
- sandboxes
Runtime Classes
Shared Tools
- platform-managed
- started on boot when enabled
- shared across tenants
- filtered by API-key tier at integration time
Typical examples:
| Tool | Tier | Notes |
|---|---|---|
google-workspace | standard | shared auth flow, per-user OAuth status |
github-mcp-cloud | admin | org-scoped PAT-backed shared server |
infAct Browser (browser-use) | standard | live browser automation stack |
User Installations
- tenant/user-specific runtimes
- created from catalog or registry definitions
- exposed through integration responses only for the owning user / instance
Sandboxes
- isolated workspace runtimes
- lifecycle-managed by the platform
- proxied through runtime auth and runtime proxy routes
Port Ranges
| Range | Purpose |
|---|---|
13000–13999 | shared tools |
14000–14999 | sandboxes |
| dynamic | user installation runtimes |
Networking Model
infrastrActure is not the hot-path proxy for every runtime call. It is primarily the control plane that tells clients where to connect and how.
Host Resolution
MCP_CONTAINER_HOST controls the host inserted into generated runtime URLs.
| Environment | Typical Value |
|---|---|
| development | localhost |
| production | host IP or routable internal address |
Labels
Managed containers use labels for lifecycle and isolation.
Common examples:
| Label | Meaning |
|---|---|
mcp.installation-id | user installation record |
mcp.user-id | owning user |
mcp.instance-id | owning tenant / instance |
mcp.system-tool | shared tool |
mcp.sandbox-id | sandbox record |
mcp.managed-by | managing service (infrastrActure) |
HTTP and STDIO
Two runtime patterns exist:
Native HTTP
The container already speaks MCP over HTTP.
Wrapped STDIO
The container is exposed over HTTP by mcp-proxy.
See Shared Tools / MCP Proxy for the transport details.
Browser Automation Special Case
infAct Browser is not “just another MCP container.” It also exposes:
- MCP endpoint
- live browser view over noVNC
- X11/VNC helper processes