Every photo-aware agent, app, and workflow in your stack calls into one governed layer. Knowledge, access, and provenance at the speed of inference.
That is the problem. Teams call Gemini, Claude, or GPT-4V directly from scattered scripts. Each result lands in a different table, bucket, or notebook. Moderation varies by team. When the upstream model updates, every team silently drifts, and nobody can produce a provenance chain when the regulator asks what the AI said about a given image on a given date. Every new use case pays the inference tax again from scratch. The cost is not the inference. The cost is the shadow fleet.
The industry is converging on a name for the layer that fixes this: the harness. It is the governed runtime wrapping every model call.
A vision API is a function. A photo app is a product. A harness is a control plane. The harness determines what the model sees, what it can reach, what it is allowed to do, and what it remembers across calls. Changing only the harness around a frozen model produces up to a six-times performance gap on the same benchmark (Lee et al., arXiv 2603.28052, March 2026).
Vision APIs point to the shelf. Phototology reads the passage.The librarian test for a harness
Google Cloud Vision tells you what is in the photo, returns labels, and forgets. Phototology runs the governed lens, attaches evidence chains, enforces moderation, signs provenance when configured, writes the result to a persistent Structure, and returns a typed response. The next agent that asks about this photo reads the passage that has already been read.
Four pillars. Every Phototology component maps to one.
The Structure, the composable analysis lenses, evidence chains, and the canonical fingerprint.
One call, any surface, any agent framework.
@phototology/sdk)@phototology/mcp) for any agentModeration, provenance, and privacy by construction.
Two real compounding effects, today.
The Control Room is the governance surface across your Phototology footprint. Four panes, one control plane.
Every agent, app, and batch job calling into Phototology. Which lenses each uses, which stacks, frequency, owner. No more shadow fleet.
Which Structures feed which downstream systems. Blast radius when a lens or model updates. Know what will shift before it shifts.
Moderation pass rates. Privacy-by-design lens selections. C2PA signing coverage. PII-masking events. Audit-grade, export-ready, always on.
Lens trust scores over time. Model-version change impact. Regression detection across re-analyses of canonical photos. Catch drift before it reaches the customer.
Each team picks its own prompts. Each result is stored somewhere its team chose. When the model updates, every team silently drifts. Every new use case pays the full inference cost from scratch.
One canonical analysis per photo. The Structure is the shared memory. When a new lens ships, every future analysis gets better automatically. When the model updates, Phototology catches the drift and you choose when to re-analyze.
The gap between these two organizations does not widen linearly. It compounds.
The pilot is deliberately small. The success criterion is narrow and honest.
By default, nothing beyond the analysis. The /v1/analyze API receives a photo, passes it to the vision provider, returns the structured result, and persists only that result plus fingerprints (sha256, perceptual hash, difference hash). Photo bytes are not retained. Registry+ (opt-in photo retention) is coming in H2 2026 for customers who want automatic backfill when new lenses ship; default remains no retention.
Google Cloud Vision, AWS Rekognition, and raw Gemini calls answer one query and forget. Phototology is the harness around those calls: one canonical analysis per photo, exact-match cache so you never pay twice for the same result, evidence chains on every conclusion, C2PA content-credential signing on the signable lens subset, always-on moderation, and forward-compounding improvements so every prompt or lens upgrade benefits every future analysis automatically. Vision APIs answer queries. Phototology builds memory.
Phototology runs two registries. Private lookup against your own prior analyses is free forever (today). Commons lookup against a shared, de-identified registry of analyses contributed by other customers is on the H2 2026 roadmap. When it ships, commons access is either earned (free and pay-per-image tiers opt in to contribute, which unlocks commons reads) or included (paid subscription tiers get commons access as a subscription benefit; enterprise plans negotiate it as a contract line item). Contribution is strictly opt-in; analyses contributed are de-identified at write time and persist after account deletion under GDPR Recital 26 consent for anonymized re-use. Enterprise contracts can specify zero-contribution-with-commons-access if the deal requires it.
The operator surface across your Phototology footprint. Four panes: Workflow Registry (which agents and apps call which lenses), Data Dependency Map (blast radius when a lens or model updates), Policy Enforcement (moderation pass rates, C2PA coverage, PII-masking events), and Health & Drift (lens trust scores over time, regression detection). The consolidated dashboard is under construction against the existing metering and audit surfaces; the operator primitives behind it are in production today.
Gemini for most lenses, with Claude and OpenAI as fallbacks. Model-agnostic by design: the harness is the product, not the model. You never pick a model directly. The harness routes to the best available model for each lens and normalizes every response to a single Zod-validated output schema.
Minimal by default. We process photos transiently through the vision provider and persist only the analysis output, fingerprints, and metadata. AI-training exclusion contractually matches the C2PA cawg.training-mining:notAllowed flag on signed outputs. For Registry+ (opt-in retention), the TOS addendum covers: retention indefinite while opted-in, photos removed from active storage within 7 days of revocation, permanent erasure from all systems including backups within 30 days (matches the GDPR Article 17 legal ceiling).
One team, one photo-aware workflow, one month, one fixed price. Success criterion is always the same: at the end of the month, your team can say "we stopped paying for the same photo twice, and we know what our AI said about every image in the pilot set." If that criterion is not met, there is no roll-out conversation to have.