Architecture
System Design
Kun follows a centralized architecture where all developers connect to a shared infrastructure, ensuring consistent AI context and pattern compliance.
End-to-end Development Flow
Developer
Tailscale VPN
Tailscale VPN
Remote Server
Remote Server
tmux Session
tmux Session
Claude Code
Claude Code
Generated Code
Network Topology
Phase 1: Individual Setup
┌─────────────────────────────────────────────────────────────┐
│ Developer's Devices │
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ Laptop │ │ Phone │ │ Tablet │ │
│ └────┬────┘ └────┬────┘ └────┬────┘ │
│ │ │ │ │
│ └──────────────┼──────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────┐ │
│ │ Tailscale │ ← WireGuard-based VPN │
│ │ Network │ │
│ └───────┬───────┘ │
│ │ │
│ ▼ │
│ ┌───────────────┐ │
│ │ Home Server │ │
│ │ ├── tmux │ ← Persistent sessions │
│ │ └── Claude │ ← AI development │
│ └───────────────┘ │
└─────────────────────────────────────────────────────────────┘
Phase 2: Team Server
Phase 2: Team Server
Ubuntu Server
Multi-user accountsCreate Users
Create Users
Access controlTailscale ACLs
Tailscale ACLs
/etc/claude-code/Shared Config
Shared Config
Auto-startSystemd Services
Systemd Services
Health checksNetdata
Security Model
Defense in Depth
| Layer | Technology | Purpose |
|---|---|---|
| Network | Tailscale VPN | Zero-trust network access |
| Auth | Tailscale SSH | Certificate-based authentication |
| Access | ACLs | Role-based access control |
| Secrets | 1Password/Vault | Centralized secret management |
| Audit | Systemd journal | Activity logging |
Access Control
{
"acls": [
{
"action": "accept",
"src": ["group:developers"],
"dst": ["tag:dev-server:22"]
},
{
"action": "accept",
"src": ["group:admins"],
"dst": ["*:*"]
}
]
}Directory Structure
kun/— Remote AI Development Infrastructurescripts/— Setup and maintenance scriptsphase1/— Individual developer setupphase2/— Team server setupphase3/— Commercial platform setupmonitoring/— Health check scriptsconfig/— Configuration templatestailscale/— Tailscale ACL configstmux/— tmux session configsdocker/— Container configurationsDockerfile— Development containerdocker-compose.yml— Multi-container setupdocs/— Project documentationPROJECT-BRIEF.md— Vision and goalsARCHITECTURE.md— System designPRD.md— RequirementsEPICS.md— User storiessrc/— Next.js documentation siteapp/— App Router pagescomponents/— React componentsTechnology Stack
| Component | Technology |
|---|---|
| OS | Ubuntu 22.04/24.04 LTS |
| VPN | Tailscale |
| Sessions | tmux |
| AI | Claude Code CLI |
| Runtime | Node.js 20.x |
| Package Manager | pnpm |
| Secrets | 1Password CLI / Vault |
| Monitoring | Netdata |
Architecture Principles
1. Mirror-Pattern
Every URL route maps 1:1 to directory structure.
2. Architecture-First
Design systems, not just features. AI generates code within intentional constraints.
3. Guardrails
CLAUDE.md files and patterns are training data for AI collaborators.
4. Human Review Layer
Humans own architectural tradeoffs; AI handles implementation velocity.
Integration with Pattern Library
From databayt/codebase:
- 54 UI components
- 62 Atom components
- 31 Templates
- 11 Claude agents
- 4 Claude commands
On This Page
ArchitectureSystem DesignNetwork TopologyPhase 1: Individual SetupPhase 2: Team ServerSecurity ModelDefense in DepthAccess ControlDirectory StructureTechnology StackArchitecture Principles1. Mirror-Pattern2. Architecture-First3. Guardrails4. Human Review LayerIntegration with Pattern Library