tAPIstry
Back to docs index

Platform Architecture

Tapistry combines marketplace features, secure execution, and developer tooling into a single platform. This guide highlights the major components and data flows.

Core layers

  • Client layer: the CLI, web console, and web IDE coordinate with the platform through the public gateway.
  • API gateway: FastAPI services provide authentication, rate limiting, request validation, and routing.
  • Core services: registry, builder, dependency graph, policy engine, and test orchestrator coordinate publishing and promotion.
  • Execution layer: sandboxed runtimes, egress proxy, and observability stack ensure secure invocation and metering.
  • Data layer: PostgreSQL, Redis, artifact storage, and container registry persist metadata, caches, and build assets.

Deployment topology

  • ECS Fargate hosts backend, frontend, builder, and worker tasks across private subnets behind an Application Load Balancer.
  • Infrastructure secrets live in AWS Secrets Manager and SSM Parameter Store with KMS encryption; workloads assume roles via OIDC.
  • Observability alarms fan out through SNS to Slack, PagerDuty, or email so platform teams are alerted quickly.

Publish pipeline

  1. Creators trigger a publish from the CLI or IDE; metadata is persisted and a pipeline job is enqueued.
  2. The pipeline executor handles build, test, and policy stages, running inline for fast feedback in dev/staging or asynchronously in production.
  3. Passing runs update channel metadata, invalidate caches, and refresh marketplace listings instantly.

Marketplace flow

  • Seeder scripts and fixtures publish sample APIs for demos and tests.
  • Public `/apis/marketplace` endpoints feed the marketing site and authenticated marketplace views.
  • Invocations travel through the sandbox and egress proxy which enforce allowlists, inject tool credentials, and emit metering events.

Key services

  • Registry: manages semantic versions, channels, digests, contracts, and changelog history.
  • Builder: assembles OCI images, generates SBOMs, runs vulnerability scans, and signs artifacts.
  • Test orchestrator: executes unit, integration, and contract suites with coverage gating.

For diagrams and deeper implementation notes, review the full architecture document.