Nautilus

Tech stack

A developer-facing summary of what Nautilus is built on and why. If you're evaluating Nautilus as a system integrator or a contributor, this page is for you.

For the architectural rationale behind these choices, see the Architecture page. For the published interface specs (Tier-C), see docs/integrations/.

Stack at a glance

Layer Choice Notes
Event bus NATS JetStream v2.10+ with Quanta agent contract Cross-account JetStream sourcing for tenant isolation. AGENT_MESSAGES / AGENT_RESPONSES streams. Apache 2.0 (Tier A).
Container orchestration RKE2 (shore) / K3s (vessel) Same Helm charts, two scales.
Identity & auth Zitadel OIDC / OAuth2. One IDP across all domains.
API gateway Kong Gateway OSS v3.7+ Apache 2.0. DB-less mode onboard. Zitadel OIDC plugin. Prometheus + OpenTelemetry plugins. decK declarative config in GitOps.
CNI + encryption + policy + observability Cilium v1.16+ eBPF kube-proxy replacement, WireGuard transparent encryption, CiliumNetworkPolicy for identity-based authz, Hubble flow observability. Linux kernel ≥ 5.15 required on K3s nodes.
Service mesh None in Phase 1–3 Cilium covers the ground. Linkerd / Istio tracked as future-evaluation only.
Database per service PostgreSQL v17.2 via CloudNativePG (CNPG) operator JSONB for flexible schemas; TimescaleDB extension where time-series workloads warrant. PgBouncer in front of the primary. postgres_exporter + ServiceMonitor mandatory.
Document store (Postgres JSONB) No MongoDB / Couchbase in the AGPL Nautilus tree.
Cache Redis
Frontends — POS / kiosk / iTV / signage React PWA Single codebase, multiple form factors.
Frontends — mobile React Native (iOS / Android) White-label per tenant.
Comms platform ConnectOne NT Connect Cloud PBX + signaling + media. SIP today; B2BUA / OpenSIPS on roadmap; WebRTC media.
AI-voice surface CallCraft Inside ConnectOne. AI agents join calls / rooms via the Quanta agent contract.
AI orchestration Quanta Agent fabric. AGENT_MESSAGES / AGENT_RESPONSES streams. Tenant-isolated.
Content safety + analysis Heimdall DeBERTa-v3-large (900M params), 56 manipulation-technique heads, 12 content-safety plugins, 4 audience tiers (COPPA / Teen / General / Relaxed).
Observability Prometheus + Grafana + Loki OpenTelemetry SDKs in every domain service.
CI/CD ArgoCD + GitHub Actions; Helm charts per domain GitOps end-to-end.
Payments Stripe (reference adapter) / Adyen (on-demand) PCI DSS Level 1 tokenization — no raw card data in SPMS.
Connectivity Starlink + VSAT Satellite-aware codecs in ConnectOne. NATS leaf-node replication absorbs VSAT outages.

Languages & runtimes

The default per domain — divergence is allowed where a domain has a strong reason (e.g., Heimdall's Python ML stack), but it must be explicit:

  • Backend services — Go for the bulk of domain services.
  • Frontends — TypeScript + React + React Native.
  • AI workloads — Python for Heimdall (DeBERTa-v3-large + plugins) and the model-bearing tiers of Quanta agents.
  • Glue / scripts — Bash + Python.

Why these choices

NATS JetStream + Quanta agent contract — Tier A

The bus is in production across the NT Connect stack today (Quanta, Related, Callcraft, the LiveKit quanta-bridge). Cross-account JetStream sourcing gives us tenant isolation by construction rather than by namespace convention. Apache 2.0 license keeps Tier A genuinely open.

Cilium — no service mesh

eBPF gives us identity-based network policy, transparent encryption (WireGuard), and flow observability (Hubble) without the operational burden of a service mesh sidecar. App-level concerns (tracing, retries) are handled by OpenTelemetry SDKs in each service. Phase 1–3 ships without a mesh; the door is open if a real need emerges later.

CloudNativePG + Postgres per service

Inherits the r360-infrastructure pattern. CNPG handles failover, backup (Barman), monitoring, and rolling upgrades declaratively. JSONB columns absorb the flexible-schema needs that teams sometimes reach for MongoDB to solve. PgBouncer + postgres_exporter are non-negotiable on every cluster.

Kong Gateway OSS

Same gateway shore and onboard. Onboard runs in DB-less mode for offline survivability; shore runs the full Postgres-backed mode. Zitadel OIDC plugin gives us auth at the edge. decK keeps the config declarative under GitOps.

React PWA + React Native — one codebase, five form factors

Phone, tablet, kiosk, cabin iTV, and signage all render the same React PWA with form-factor-aware layouts. Mobile native uses React Native sharing components where reasonable. No separate iTV stack. No MICROS-style hardware lock-in on POS.

PostgreSQL > MongoDB for Nautilus

JSONB covers what flexible-schema designs typically need. We considered MongoDB and Couchbase explicitly and chose Postgres. (MongoDB Atlas is used elsewhere in the NT Connect stack for Heimdall article ingest, but not in the AGPL Nautilus tree.)

Stripe / Adyen — vendor-agnostic

The Domain 3 payment-processor adapter is the contract. Stripe is the reference implementation; Adyen is on demand. A tenant who needs a third PSP gets an adapter authored against the same contract — no SDK lock-in inside Nautilus.

Repository

  • AGPL-3.0 source under one umbrella repo with per-domain modules (or one repo per domain — see the For Developers page for the layout).
  • Public roadmap.
  • Public issue tracker.
  • "Good first issue" labels for new contributors.
  • CLA required (Apache ICLA + CCLA pattern).

Browse the repo →

Hardware reference profiles

Per-vessel onboard cluster (typical sizing):

  • Onshore-class K3s nodes — 3-node control plane + worker pool sized to vessel pax count.
  • NVIDIA L4 GPU for onboard Heimdall + CallCraft inference. Quantized SafeSpace tier per OQ-21.
  • Network backbone — 10 Gbps onboard.
  • Connectivity — Starlink + VSAT failover.
  • POS — commodity Android / browser-PWA terminals. No MICROS.
  • Gangway — commodity Android tablets with RFID/NFC/QR readers.
  • Cabin iTV — qualified smart-display SKUs (Samsung / LG / Philips). HLS/DASH unicast; multicast-ABR optimization for older vessels.
  • Cabin SIP endpoints — vendor-agnostic, registered against ConnectOne.
  • Signage — qualified smart-display SKUs running the React PWA. Per-screen heartbeat monitoring.
  • BLE wearables + gateways for opt-in location services (Domain 16).

Local development

  • docker-compose for the full stack.
  • Mock CRS adapter (Versonix Seaware reference shape).
  • Mock Heimdall service for local development without GPU.
  • Mock ConnectOne for local SIP/voice work.
  • Reference Postgres seeds per domain.
  • ADRs in docs/adr/.

Local development guide → ADRs →

Standards and references

  • PCI DSS Level 1 — payment handling.
  • NIST SP 800-171 — comms platform.
  • GDPR-grade controls — global default.
  • SOLAS / MARPOL / STCW / ENOAD — maritime regulatory.
  • 18 USC 2258A — CSAM reporting via NCMEC.
  • Kari's Law + RAY BAUM's Act — E911.
  • WCAG 2.1 AA — accessibility (frontends + signage).

See architecture → See open source → For developers →