Nightjar Docs
Alpha

Glossary

The vocabulary Nightjar uses, in plain language. Terms that describe something planned but not yet built are marked (Target) — everything else is shipped and works today.

Core

Cloud browser — a real browser that runs on Nightjar’s infrastructure (not on your machine). Your agent drives it remotely. This is the heart of the product.

MCP (Model Context Protocol) — the HTTPS tool endpoint your agent speaks to. You point your agent host at https://api.nightjar.cloud/mcp with a Bearer token and the Nightjar tools (session_start, navigate, perceive, act, screenshot, …) appear.

Session — one run of a cloud browser. You session_start, then navigate / perceive / act, and session_end when done. Each session is independently recorded.

Agent — the durable driver of sessions. An agent-bound API key carries the agent’s template (instructions, defaults), so a session inherits it with zero client config.

Perception & memory

Perception — what the agent reads instead of raw HTML: an accessibility tree plus visual and DOM enrichment, so the agent experiences the page closer to how a person does.

Journal / replay — every session is recorded as a durable journal you can replay later, with the authority decisions behind each operation. This is the audit + review surface.

Reaching your own machine

Network — a named set of hosts that a daemon makes reachable to authorized sessions — e.g. your dev laptop, an office LAN, or a CI runner. A session links whichever network it needs.

Daemon — a small program you run on your own machine (or in your network). It joins a network and relays traffic so a cloud browser can reach hosts only you can see. The daemon is a dumb relay: it holds your network’s join token, and that token never leaves it.

Tunnel — the relay path the daemon provides, carrying cloud-browser traffic back to your localhost / LAN.

Egress (split / local) — a session setting for where its network traffic goes: out to the public internet directly, or through your daemon to reach your private hosts.

(Target) Reach Grants & one-command tunnel — a planned, smoother local-reach flow (nightjar tunnel 5173, a default public/local split, claim-codes for the agent-runs- elsewhere case). Designed in ADR-035; not built yet. Today, local reach is the multi-step daemon recipe in the getting-started guide.

Identity, credentials & access

Identity (principal) — a virtual person a session can assume: it owns credentials, a persona, and logged-in auth-state. The agent acts as the identity without ever seeing the secrets.

Credential plane 1 vs 2 — two ways credentials show up:

  • Plane 1 — the agent only ever handles a placeholder name for a credential, never the value.
  • Plane 2 — a stored-credential vault: secrets are encrypted at rest (KMS), bound to an origin allowlist, filled at run time on the node, and recorded in a value-free audit trail (the platform logs that a credential was used, never the value).

Grant — a scoped, revocable delegation of capability from one principal to another. Revoking a grant force-closes any live use of it.

Scope — a single permission on an API key, drawn from a closed <resource>:<permission> registry (e.g. sessions:write, networks:write). Every API endpoint checks the scopes its caller carries.

Capture & safety

Capture tier (NetworkLogTier) — how much of a session’s network traffic is recorded: Off, Metadata, Headers, or Full, with a secret-value floor that keeps known secret values out of captured logs.

Egress floor — a per-network allowlist of declared hosts plus a never-allow floor, designed so a cloud browser only reaches hosts a network has declared (governed by ADR-021). The declared-host enforcement is a deployment-gated capability.

Missing a term? The deeper detail lives in the guides. This page is the quick reference; it stays in lockstep with what’s actually shipped.