Skip to main content

Portfolio Worker Architecture

TattooAPI does not depend on a local computer or tunnel for production portfolio intake. The v1 operating model separates the public API, temporary media staging, private workers, review, and approved portfolio storage.
Review-gated surface: this workflow can stage evidence and prepare review records, but it cannot publish, promote, or write approved portfolio data without TattooAPI policy checks and human approval.
Private workers cannot write directly to approved portfolio storage, mutate canonical runtime tables, activate public surfaces, change identity mappings, or publish inbound media. They return classification and review evidence to TattooAPI.

Hosting Roles

Worker Model

Start with one private worker. Add more during onboarding bursts:
Workers should use TattooAPI rules/context and return evidence to TattooAPI. They should not be treated as public API hosts or canonical storage.

Storage Rule

Raw originals should not live only on a worker filesystem. Use private object storage prefixes such as:
Use signed/private access and lifecycle retention for staged media. Long-term curated portfolio records belong in the approved portfolio lake after review.

Public Docs Boundary

Public docs can explain the architecture and contracts. They should not include:
  • real provider IDs
  • private phone numbers
  • bucket endpoints
  • access keys
  • communication provider tokens
  • approved storage tokens
  • partner or worker API keys
  • local private network URLs
  • raw media staging URLs