Governed multi-tenant product infrastructure for AI gateways, billing, auth, compliance, and white-label delivery.
Website · Introduction · Tech Stack · Quick Start · Contributing
License at a glance — published npm packages are MIT. Forking the source repository directly remains AGPL-3.0-only unless you scaffold with
npx create-sailor(Independent Developer License, free for ≤ 1 FTE & < $1M ARR, no copyleft) or hold a Startup ($799/yr) or Enterprise tier from LICENSE-COMMERCIAL.md. Full matrix and edge cases: License section below, plus docs/legal/licensing-faq.md.
Try it in 30 seconds — zero SaaS keys required:
npx create-sailor@latest my-app --preset=minimal --yes cd my-app && pnpm dev # → http://localhost:3000The
minimalpreset scaffolds onlyapps/web+ IAM + Postgres so the golden path boots against a local DB. Add Stripe / Clerk / Resend later vianebutra add <provider>.
Nebutra Sailor is an enterprise-grade, AI-native SaaS monorepo architecture designed for building governed multi-tenant platforms. It provides a practical baseline for AI gateways, agent workflows, billing, auth, compliance, and white-label product delivery.
Built with Next.js 16, React 19, Prisma 7, and the Vercel AI SDK, Sailor treats AI as a governed runtime surface: provider topology, model routing, observability, tenant isolation, and compliance hooks are part of the platform baseline.
Nebutra-Sailor is maintained by Wuxi Nebutra Intelligence Technology Co., Ltd. Day-to-day engineering lead is Tseka Luk (@tsekaluk · legal@nebutra.com). The project ships under a dual-license model designed so solo founders and OPCs can build commercial products on it without copyleft, while corporate forks still owe back to the community — see the License section.
We publish to npm under the @nebutra/* scope plus two CLIs (nebutra, create-sailor). Releases run through changesets on a manual workflow_dispatch gate; SBOMs are attested on every release (release.yml). Security reports → SECURITY.md; commercial / licensing inquiries → legal@nebutra.com.
Nebula • Nurture • Ultra • Future
- Nebula: Aggregate data, tools, and intelligence into usable products.
- Nurture: Incubate AI-native apps via automated toolchains and “digital employees.”
- Ultra: Ship reliable engineering and value-first outcomes.
- Future: Make AI productivity accessible to everyone.
AI-native infrastructure company building governed product baselines
for multi-tenant SaaS, agent workflows, launch operations, and global delivery
The durable moat is not a starter template. It is the ability to turn changing AI capabilities into governed, shippable systems.
AI can help build the demo. Sailor focuses on the harder production layer: governance, security, architecture, scalability, and revenue operations.
|
Global First Day 1 worldwide markets |
AI-Native LLMs · Multi-Agent · MCP |
Platform Governance Topology · Contracts · CI |
Launch Infrastructure Auth · Billing · AI Gateway |
For governed AI-native products: Sailor bridges the gap between "AI helped me build a demo" and "this is a product platform we can operate, audit, bill, and scale".
|
|
 AI‑native LLMs, vector search, MCP agents, and premium Nebutra UI chat interfaces. |
 Multi‑tenant by default Tenant context, RLS, scoped caching and rate limits baked in. |
 Enterprise‑ready Cloudflare WAF/R2, Inngest workflows, Sentry/Otel, Vercel deployments. |
 Billing & Monetization Database-driven plans, Stripe billing, usage metering, feature gates. |
 Security & Compliance RLS, WAF, Turnstile, GDPR/CCPA, cookie consent. |
 Marketing UI Kit Hero, Features, Pricing, Testimonials — conversion-optimized components. |
|
Automated Governance Strict vitest.arch boundaries and semantic token linting.
|
Zero-Runtime CSS Pure CSS variables as SSOT. No CSS-in-JS runtime overhead. |
Modular Local DX Docker Compose profiles ( ai) to boot only what's needed.
|
|
Monetized MCP Registry Native Model Context Protocol with plan-based rate-limits & billing. |
Distributed Saga Native TypeScript orchestrator with automatic transaction rollback. |
Multi-Tenant Event Bus Tenant-isolated Pub/Sub supporting Fan-out & Request-Reply. |
|
Unified Status Aggregation Concurrent checks across 9 services returning a standardized schema for OpenStatus & Atlassian. |
| Frontend |
|
| UI / Design |
-000?style=flat-square){kind=icon}
|
| Auth |
|
| BFF |
|
| Backend (Python) |
|
| Database |
|
| Cache / Rate-limit |
|
| Real-time |
|
| AI |
|
| Search |
|
| Queue |
|
| Storage / Uploads |
|
| Notifications |
|
| Webhooks |
|
| SMS (CN) |
|
| Payments |
|
|
|
| CMS / Docs |
|
| Design Sync |
|
| CDN / Security |
|
| Workflows |
|
| Analytics |
|
| Observability |
|
| Build / Deploy |
|
Sailor is provider-agnostic: every platform package below auto-detects its backend from environment variables, so customers swap providers without changing application code. Each package ships an in-memory implementation for tests and a strict TypeScript contract enforced by architecture tests under tests/architecture/.
| Capability | Package | Providers (auto-detected) |
|---|---|---|
| Authentication | @nebutra/auth | Clerk · Better Auth · Auth.js |
| Identity Provider | @nebutra/oauth-server | OIDC (oidc-provider) · Redis-backed sessions |
| Permissions | @nebutra/permissions | CASL — RBAC + ABAC, Hono middleware, React <Can /> |
| Multi-tenancy | @nebutra/tenant | AsyncLocalStorage context · Prisma RLS bridge |
| Captcha | @nebutra/captcha | Cloudflare Turnstile |
| Vault (secrets) | @nebutra/vault | AWS KMS envelope · local HKDF (dev) |
| Audit log | @nebutra/audit | Append-only with hash chain |
| Cache | @nebutra/cache | Upstash Redis · in-memory |
| Rate limit | @nebutra/rate-limit | Sliding window · token bucket (Upstash) |
| Queue | @nebutra/queue | QStash · BullMQ · in-memory |
| Search | @nebutra/search | Meilisearch · Typesense · Algolia |
| Storage / Uploads | @nebutra/uploads | Cloudflare R2 · AWS S3 · Vercel Blob · local FS |
| Notifications | @nebutra/notifications | Novu — in-app · email · push · SMS · chat |
| Webhooks | @nebutra/webhooks | Svix · custom HMAC delivery |
| SMS (CN) | @nebutra/sms | Aliyun · Tencent Cloud |
@nebutra/email | Resend + React Email templates | |
| Billing | @nebutra/billing | Stripe — subscriptions, usage, entitlements |
| Metering | @nebutra/metering | ClickHouse real-time aggregation |
| Event bus | @nebutra/event-bus | Multi-tenant Pub/Sub · Fan-out · Request-Reply |
| Saga orchestrator | @nebutra/saga | Native TS workflows with auto-rollback compensations |
| Feature flags | @nebutra/feature-flags | Database-backed with env-driven overrides |
| Design tokens | @nebutra/design-sync | W3C DTCG ↔ Figma · Penpot · git-only |
| Status aggregation | @nebutra/status | OpenStatus · Atlassian StatusPage |
| Admin tooling | @nebutra/admin-tooling | Thin admin (dashboard + impersonate only) + integration recipes for Retool, Metabase, Hex — Sailor expects you to use best-of-breed internal tools instead of self-building. See docs/admin/. |
Nebutra-Sailor/
├── apps/ # User-facing apps (Next.js)
│ ├── landing-page/ # Marketing site (nebutra.com)
│ ├── web/ # Main SaaS dashboard (app.nebutra.com)
│ ├── studio/ # Sanity CMS (studio.nebutra.com)
│ ├── design-docs/ # Component documentation (Fumadocs)
│ ├── sailor-docs/ # Public product docs (docs.nebutra.com)
│ ├── idp/ # Identity provider service (OAuth 2.0 / OIDC)
│ ├── storybook/ # Component playground
│ ├── mail-preview/ # Email template preview
│ ├── sleptons/ # Sleptons companion app
│ └── tsekaluk-dev/ # Author dev playground
├── packages/ # Shared TS libraries (categorized in W3b)
│ ├── ai/ # 3 pkgs — agents, ai-providers, mcp
│ ├── commerce/ # 7 pkgs — billing, contracts, marketing, metering, license, legal, waitlist
│ ├── design/ # 7 pkgs — ui, tokens, brand, theme, icons, design-tokens, design-sync
│ ├── iam/ # 8 pkgs — auth, audit, vault, oauth-server, permissions, tenant, identity, captcha
│ ├── integrations/ # 11 pkgs — queue, search, email, notifications, storage, webhooks, cache, sms, uploads, event-bus, saga
│ ├── ops/ # 6 pkgs — cli, create-sailor, preset, sanity, supabase, china-compliance
│ └── platform/ # 13 pkgs — db, logger, rate-limit, feature-flags, gateway-core, errors, config, health, status, alerting, analytics, repositories, i18n
├── backends/ # No-UI backends (split by language à la vercel/vercel)
│ ├── gateway/ # TypeScript / Hono — BFF, auth, tenancy, routing
│ └── python/ # FastAPI — only when ML/batch/specialized libs justify
│ ├── _shared/ # Cross-service primitives (auth, db, queue client)
│ └── ai/ # LLM, embeddings, agent orchestration
├── infra/ # Infrastructure (split by concern in W2.2)
│ ├── iac/ # terraform + k8s + ecs + cloudflare + railway
│ ├── runtime/ # nginx + docker + analytics + compose files
│ ├── data/ # database (RLS) + clickhouse (init + dbt)
│ └── ops/ # observability + deployment scripts
├── workflows/ # Event-driven business workflows (extracted in W2.3)
│ ├── inngest/ # Serverless background jobs + cron
│ ├── n8n/ # Visual workflow automation
│ └── pusher/ # Real-time messaging glue
├── e2e/ # Playwright E2E tests (smoke / golden / sleptons)
├── tests/ # Architecture invariants + load tests + UI governance
└── docs/ # Architecture documentation
Each component has its own README with setup instructions and API documentation:
| Services | AI |
| Packages | Billing · Legal · UI · Tokens · Marketing UI · Brand · DB · Cache · Rate Limit · MCP · AI Providers · Analytics |
| Design Docs | Design System Docs (Fumadocs) |
| Infrastructure | Docker · Kubernetes · Terraform · Inngest · n8n · Pusher · Observability |
For new projects, start from npm instead of cloning and pruning the full monorepo:
# Scaffold a new Sailor project
npx create-sailor@latest
npm create sailor@latest
pnpm create sailor@latest
bunx create-sailor@latest
# Operate an existing Sailor project
npx nebutra --help
npm install -g nebutra| Package | Use it for |
|---|---|
create-sailor |
Bootstrap a new Nebutra Sailor project with region-aware defaults and topology-first AI gateway setup. |
nebutra |
Operate an existing project: feature registry installs, AI provider governance, gateway routing, schemas, and diagnostics. |
nebutra.com is the public product surface for Nebutra Sailor and the place where we dogfood the platform ourselves. We will use it to publish product updates, commercial licensing, hosted capabilities, launch workflows, and real examples built on this monorepo.
| Node.js | v22+ |
| pnpm | v10.32+ |
| Python | 3.11+ (for microservices) |
# Clone the repository
git clone https://github.com/Nebutra/Nebutra-Sailor.git
cd Nebutra-Sailor
# Install dependencies
pnpm install
# Set up environment variables
cp .env.example .env
# Generate Prisma client & run dev servers
pnpm db:generate && pnpm dev| Command | Description |
|---|---|
pnpm dev |
Start all apps in dev mode |
pnpm build |
Build all packages (auto-syncs brand assets) |
pnpm lint |
Lint all packages |
pnpm typecheck |
Type check all packages |
pnpm db:studio |
Open Prisma Studio |
pnpm brand:sync |
Sync brand assets to apps |
pnpm brand:init |
Initialize white-label branding |
pnpm brand:apply |
Apply custom branding |
Fork this repo and customize it for your own brand:
# Interactive setup wizard
pnpm brand:init
# Add your logos to brand.config/assets/
# Apply your branding
pnpm brand:applySee WHITELABEL.md for full documentation.
We love our contributors! Here's how you can help:
| Report Bugs | Open an issue |
| Feature Requests | Suggest new features via issues |
| Pull Requests | Submit PRs for features or fixes |
1. Fork the repository
2. Create a feature branch (git checkout -b feat/amazing-feature)
3. Commit your changes (git commit -m 'feat: add amazing feature')
4. Push to the branch (git push origin feat/amazing-feature)
5. Open a Pull Request
Every published package is in the 0.x range while public APIs are still
settling. Per SemVer §4, the major-version-zero
contract means any 0.x release may include breaking changes — pin to an
exact version ("nebutra": "0.3.1") rather than a caret range in production
until we cut a 1.0.
- Versioning is driven by changesets. Each PR that touches a published package must include a
.changeset/*.mddeclaring patch/minor/major intent — CI enforces this gate. - Per-package
CHANGELOG.mdis generated bychangeset versionand committed alongside the version bump (see e.g.packages/ops/cli/CHANGELOG.md). - The Release workflow is manual (
workflow_dispatch) — no surprise releases on PR merges. We batch related changes and cut a coordinated release. - Pre-1.0 major API moves (e.g. CLI command renames, package categorization) ship as a release candidate first:
nebutra@0.4.0-rc.0lands on thenextdist-tag, soaks for ≥ 1 week, then graduates tolatest. Install RCs withnpm i nebutra@next. - npm publishes carry provenance attestations once npm trusted-publishing is enabled at the registry side (the workflow side is already wired — see
release.ymlNPM_CONFIG_PROVENANCE: "true"). Verify a published tarball withnpm view <pkg> --json | jq .dist.attestations.
We will signal API stability by cutting a 1.0.0 release. Until then,
treat the surface as "production-ready in shape, evolving in detail."
Nebutra-Sailor uses a dual-license model so independent developers can ship a commercial product without copyleft while corporate forks still owe back to the community.
The CLI-generated path is the default for indie devs and OPC — running
npx create-sailor my-app emits a LICENSE + .nebutra/scaffold-meta.json
that pins the project to the Independent Developer tier. Fork the source
repo directly and you keep AGPL — including its network-copyleft clause —
unless you buy a Startup or Enterprise license.
Both grants come from the same copyright holder
(Wuxi Nebutra Intelligence Technology Co., Ltd.). The presence and
signature of .nebutra/scaffold-meta.json at the repo root is what
distinguishes the two paths.
For commercial licensing inquiries: legal@nebutra.com.
While the source code is open-source, the brand assets (the "Nebutra" name, "Nebutra Sailor", logos, icons, and illustrations) are protected trademarks of Wuxi Nebutra Intelligence Technology Co., Ltd.
You may not use our brand assets to endorse your own products or services. If you clone or fork this repository to build your own product, you must replace all Nebutra logos and branding with your own.
Please see our Trademark Policy and Brand Guidelines for more information.
Every release, growth goes live.
Made by Nebutra Intelligence · © 2024-present Wuxi Nebutra Intelligence Technology Co., Ltd.