UNDER THE HOOD

Host it anywhere. Five services. One public origin.

TTSAI ships as one monorepo that builds into five runtime services, and the exact same images bring the whole product up on a managed cloud or on any Docker host. This page is for the person who has to say yes to running it.

5 services, 1 public origin Postgres 16 + pgvector Same images, cloud or compose

postgresapiworkermcpweb Only web is public. Everything else is reachable solely over the private network.

ONE ORIGIN

The browser talks to exactly one origin.

nginx serves the app and proxies the API, the WebSocket bridge and the MCP surface on the same origin. Auth cookies stay first-party, and the authenticated app needs no cross-origin grants - the only CORS the API serves is a deliberate, non-credentialed wildcard on the cookie-free public surfaces (widget, forms, portal, public API). TLS terminates at the platform edge, and the site sends HSTS and strict security headers. The embeddable chat widget is the one framing exception, served with a framing-permissive policy so it can live in an iframe on your site.

THE DATA LAYER

Postgres is the platform's spine.

One database carries the records, the vectors, the events and the job queue. Fewer moving parts, one thing to back up.

Postgres 16 + pgvector

Semantic search over knowledge runs on an HNSW vector index, inside the same database as everything else.

Force RLS on 101 tables

The app runs as a restricted, non-owner database role, and refuses to boot under any role that could bypass RLS. The database itself is the isolation boundary.

Isolation in depth

Realtime, in-Postgres

Writes notify a channel and the API bridges events to WebSockets. The green connection dot in the product header is this bridge.

Background jobs on pg-boss

Inside the same Postgres: scheduled reports, notification digests, nightly pg_dump backups.

Two-phase boot, by design

Migrations run once as the owner role, then the runtime connects restricted. Schema power and runtime power never share a connection.

DEPLOY PATHS

A managed cloud today. Your own metal tomorrow. Same images.

Managed cloud (Railway or similar)

Five services from one repo, private networking, only web exposed, health-checked restarts.

Any Docker host

One compose file brings up the identical images with single-origin parity. Optional profiles add MinIO for attachment storage and Ollama for a fully local LLM. Point the AI at local Ollama and no byte of a customer conversation leaves your infrastructure.

Host-anywhere parity is a build artifact, not a promise.
FAILS SOFT

Every external dependency is optional.

No AI key? AI features switch off cleanly and the product says so. No email provider? Outbound mail queues. No object storage? Uploads are disabled with a clear state. No monitoring DSN? A no-op. The core never takes a dependency hostage.

BUILD ON IT

Everything the interface does, the API can do.

REST API, OpenAPI-documented

Scoped Bearer tokens: Read, Write, MCP, Webhook. Secret shown once, individually revocable, last-used tracking.

Signed webhooks

Per brand, with test-fire and a delivery log: status, response code, retries.

Slack & Microsoft Teams

Notifications via incoming webhooks. No code.

MCP for AI agents

Mint a token with the MCP scope and an AI agent can search, create and update work items, governed by the same permissions as any client.

CSV import wizard

Bring existing data in: upload, map columns, run with per-row results.

See it on your own screens.