SYSTEM ARCHITECTURE

Policy in the control plane. Browsers in the worker plane.

In validation

Tabyard keeps identity, policy, and lifecycle authority away from hostile web content. The browser runtime remains replaceable behind a narrow adapter.

STABLE CONNECTION MODEL

Ordinary tools. Controlled route.

AgentPlaywright / MCP
Control APIPolicy + lifecycle
Scoped grantShort lived
Browser workerPrivate network
The agent requests a session from the control API, receives a scoped grant, and connects to a private browser worker.

COMPONENT RESPONSIBILITIES

Each boundary owns one kind of authority.

The control plane never needs to become the browser runtime, and a compromised worker never receives database, host, or root platform access.

01

Dashboard

Server-rendered operator views, launch controls, live-view shell, and emergency release.

02

Control API

Authentication, policy, allocation, lifecycle state, grant issuance, and reconciliation.

03

Postgres

Authoritative sessions, workers, leases, tokens, policy snapshots, and audit events.

04

Runtime adapter

A stable Tabyard contract around replaceable worker-specific response shapes.

05

Gateway

Authenticated HTTP and WebSocket transport for scoped CDP and viewer grants.

06

Worker pool

Independent browser runtimes with explicit health, capacity, quarantine, and egress.

SESSION STATE

Transitions are explicit. Cleanup is repeatable.

failure / expiry / worker loss

Every uncertain path enters reconciliation before a worker becomes eligible again.

YOUR VPSDocker Compose
Web / consoleprivate UI
Control APIsession ledger
Postgresno host port
Worker poolbrowser egress
Reconcilercleanup loop
Intended private control-plane topology. The public marketing site is deployed separately.

ONE-VPS DIRECTION

Static workers before dynamic orchestration.

The next safe scaling step is three independently declared workers, one lease per worker, and no published raw runtime ports.

  • Predictable resource limits and upgrades
  • No application access to the Docker socket
  • Quarantine without double-leasing capacity
  • Gateway revocation tied to session state

NEXT BOUNDARY

Architecture only becomes trustworthy when it survives the threat model.

Review security