Storage Brain Architecture
Multi-tenant file storage with workspace isolation and signed URLs.
flowchart TB
subgraph Clients["Clients"]
SDK["@marlinjai/storage-brain-sdk"]
FileAdapter["Data Table File Adapter"]
end
subgraph StorageBrain["Storage Brain API"]
Auth["Auth Middleware<br/>(Brain Core)"]
Upload["Upload Handler"]
Signed["Signed URL Generator"]
WS["Workspace Manager"]
end
subgraph CF["Cloudflare"]
R2["R2 Object Storage"]
D1["D1 Metadata DB"]
end
SDK --> Auth
FileAdapter --> SDK
Auth --> Upload
Auth --> Signed
Auth --> WS
Upload --> R2
Upload --> D1
Signed --> R2
WS --> D1Components
| Component | Description |
|---|---|
| Auth Middleware | API key validation via Brain Core (createAuthMiddleware) |
| Upload Handler | Receives files, stores in R2, records metadata in D1 |
| Signed URL Generator | Creates time-limited pre-signed URLs for file access |
| Workspace Manager | CRUD for workspace isolation within a tenant |
| R2 Object Storage | Cloudflare R2 for file blobs |
| D1 Metadata DB | Cloudflare D1 for file metadata, tenants, workspaces |