Nautilus

Open source

Nautilus is AGPL-3.0. Every domain service, every frontend, every Helm chart, every doc. Cruise operators get full source. Integrators can audit and contribute. Tenants who need closed-source rights can buy a commercial license — same code, different rights.

This page lays out the license model, the three-tier integration model, the crypto-audit commitment, and how to contribute.

License model

AGPL-3.0 by default

The full Nautilus source is released under the GNU Affero General Public License version 3.

  • Use it. Fork it. Modify it. Deploy it.
  • Network-use clause: if you offer a modified Nautilus as a service to third parties, you publish your modifications under AGPL.
  • AGPL is the same license used by MongoDB (formerly), Grafana Labs, Element / Matrix, Plausible, and many other production-grade open-source platforms.

Optional commercial license

For tenants who need:

  • Closed-source derivatives or OEM bundles.
  • Contractual SLAs and indemnification.
  • The ability to deploy a modified Nautilus as a service without AGPL's network-use disclosure obligations.

Same code, different rights. Includes commercial support, security-patch guarantees, and indemnification.

Comparing the two tracks

AGPL-3.0 Commercial
Source code Full Full
Modify and self-host Yes Yes
Modify and offer as service to third parties You publish your modifications No publication required
OEM / closed-source bundling Not permitted Permitted
SLA Community Contractual
Indemnification None Yes
Security-patch guarantee Community schedule Contractual
Cost Free Negotiated per engagement

Both tracks ship the same software. The choice is about your distribution model, not your features.

Talk to NT Connect about a commercial license →

The three-tier integration model

Nautilus is organized into three tiers with different licensing and openness postures. The model is designed so any third party can build a Nautilus-compatible integration without using a single line of NT Connect's commercial code.

Tier A — Open primitives

Permissively licensed. Foundational. Everyone uses these.

Primitive License What it is
NATS JetStream + Quanta agent contract Apache 2.0 The bus and the JetStream subject + stream contracts (AGENT_MESSAGES / AGENT_RESPONSES, cross-account sourcing for tenant isolation, agent JWT semantics).
Signal-Protocol library AGPL-3.0 with linking exception (libsignal pattern) The end-to-end encryption library underlying secure messaging.
PSI contact-discovery module Apache 2.0 Private set intersection for contact discovery.

Tier B — Closed services

Commercial NT Connect products. Run them yourself via the published interfaces, or use NT Connect's managed services.

  • Quanta — auth, messaging-service, keys-service, websocket-gateway, push, media, group, admin, video.
  • ConnectOne — Cloud PBX, signaling, media platform.
  • CallCraft — AI-voice agent runtime inside ConnectOne.
  • Heimdall — DeBERTa-v3 multi-task analysis service + 12 content-safety plugins.

Tier C — Documented interfaces

Anyone can implement against these specs and integrate without using NT Connect's closed services. Specifications are CC BY 4.0; reference stubs and conformance harnesses are Apache 2.0.

Spec Status
ship-PBX integration — legacy on-vessel PBX (Avaya / Mitel / Cisco / Alcatel / Asterisk / FreeSWITCH) ↔ Nautilus bus Live (Draft v0.1)
Heimdall content-safety API/analyze, /moderate, /moderate/conversation, /moderate/image, /moderate/video Coming next
CallCraft agent contract — extends Quanta agent contract with voice/video-session semantics Coming
ConnectOne E911 / PA-GA / muster signaling Coming
Quanta keys-service protocol Coming
iTV / cabin GRMS adapter contract Coming
Fleet-wide federation — ship-to-ship and ship-to-shore subject routing Coming

Browse Tier-C specs →

Crypto-audit commitment

Tier A contains cryptographic primitives — the Signal-Protocol library and the PSI module. We are committed to specialist crypto audits before public release, not after.

  • $250–400k budget committed across three audit phases.
  • Three phases: PSI module → Signal-Protocol library → multi-tenant hardening + JWT lifecycle.
  • Shortlist: Least Authority and Trail of Bits as paired primary auditors. NCC Group as fallback.
  • Audit reports published alongside library releases as a credibility asset, not buried.

The bus + agent contract release does not gate on the crypto audit. The crypto-bearing libraries do.

Contributing

Nautilus accepts contributions under a CLA following the Apache ICLA + CCLA pattern. Contributors retain copyright; NT Connect Holdings, Inc. holds a license sufficient to dual-license under AGPL and the commercial license.

What's in the repo

  • CONTRIBUTING.md — how to contribute, review process, commit conventions.
  • SECURITY.md — security disclosure policy and contact.
  • CODE_OF_CONDUCT.md — community standards.
  • LICENSE — AGPL-3.0.
  • LICENSES/COMMERCIAL.md — pointer to the commercial license terms (negotiated separately).
  • CLA.md — the contributor license agreement.
  • ADRs in docs/adr/ — architectural decision records, public.
  • Public roadmap and public issue tracker.

How to start

  • Read CONTRIBUTING.md.
  • Sign the CLA.
  • Pick a "good first issue."
  • Open a PR.

Where we particularly want help

  • CRS adapter authors for systems beyond Versonix Seaware.
  • GRMS hardware integrators for cabin lighting, HVAC, drapes, locks across KNX / BACnet / DALI / vendor adapters.
  • Regulatory-reporting specialists for jurisdictions beyond the initial set.
  • Per-tenant launch partners willing to be Phase-1 / Phase-2 reference vessels.

Read CONTRIBUTING → Sign the CLA → Browse good-first-issues →

What "open source" means here, specifically

We say "open source the way Signal did it" deliberately. That means:

  • Audited cryptographic primitives. Not "trust us — we encrypt."
  • Published interface specs, with conformance harnesses, so third parties can build compliant integrations without our code.
  • Public roadmap, public issue tracker, public ADRs. Decisions and trade-offs are visible.
  • CLA + dual-license so the project is sustainable as both an open community and a commercial product. We chose this pattern after watching projects that stayed pure-AGPL struggle with commercial-customer needs and projects that went pure-commercial lose their community.
  • No "open core." Tier A is genuinely open. Tier B is genuinely commercial. Tier C makes the boundary auditable. There's no hidden "premium" tier of features locked behind a paywall inside the AGPL distribution.

What we don't do

  • No "source available" license dressed up as open source. AGPL-3.0 is OSI-approved.
  • No telemetry phoning home from the AGPL distribution by default. Self-hosted means self-hosted.
  • No closed CSAM-detection black box. Heimdall's CSAM path uses PhotoDNA + Thorn with NCMEC reporting per 18 USC 2258A; the wiring is auditable.
  • No "open core" feature gating. AGPL Nautilus is the same software as commercial Nautilus.

For developers → For integrators → Tier-C spec index →