Production-ready Java/Spring foundation that handles auth, messaging, monitoring, audit, AI, and real-time delivery — so your team only writes business logic.
17 modules · 866+ tests · Powers 3 multi-tenant SaaS products in production · Java 17 · Spring Boot 3.5
Nucleus bundles every problem a serious Spring Boot codebase eventually has to solve into a single production-tested framework. Adopt one module or all 17.
Drop-in OAuth2, Kafka across 13 brokers, audit, monitoring, and SSE. Stop building infrastructure that's already been built three times across the company.
One reference architecture across every service. Onboarding shrinks from 2 weeks to 2 days. Compliance becomes declarative, not bespoke.
Day-one production readiness. Multi-tenancy, encryption, PII-safe logging — out of the box. Focus engineering hours on the product, not the plumbing.
Click any card for a 60-second narrated explanation (browser speech synthesis included).
Bucketed Pattern A primitive for managed code lists — address types, classification labels, status enums. One library + one table + one generic UI admin replaces a per-entity service per code list. Add a bucket name, you're done.
Two modules became one. nucleus-address-common merged into nucleus-address. AddressType moved to a reference-data bucket; admins manage 27 values via the generic UI without code changes.
Three services collapsed into one. nucleus-mail-renderer + nucleus-mail-sender are gone — folded into nucleus-mail. Internal Kafka stages remain for retry isolation; one deployable, one ops surface.
OAuth2/OIDC server with JWT rotating keys, role-based access control, login audit trail, and a hardening pack: account lockout, password expiration, history check, forced change on admin reset, and self-service forgot-password flow with one-time email links. All policy knobs are PROPERTIES-driven per tenant.
One annotation on any method logs who did what, when. SpEL expressions for dynamic descriptions. Kafka-published for real-time dashboards.
One @NucleusListener + @NucleusPublish across 13 backends — Kafka, RabbitMQ, SQS, SNS, Kinesis, Google Pub/Sub, Azure Service Bus, ActiveMQ, Artemis, Solace, IBM MQ. Zero-boilerplate consume and publish.
Provider-agnostic LLM client. OpenAI and Anthropic out of the box, multimodal support, retry and error classification built in. Add a new provider in three beans.
Model async multi-step flows with @WorkflowStep on Kafka. Each step scales independently. Three clear outcomes per step: handled, delegate, abort.
Kafka-push health snapshots, remote log/GC/thread streaming, scheduled logging windows, per-instance control (restart, shutdown), MinIO archival, fleet-scale tree UI with Log Explorer. Per-service configurable via PROPERTIES.
Time-based logging windows with timezone-aware scheduling. One-time, daily, weekday, or weekend recurrence. Level filtering, persistent mode, overnight windows, and auto-deactivation — all server-side, no admin online required.
Server-Sent Events with role-based delivery. Live dashboards, job progress, notifications — all through one SSE channel with high-priority control lane and message expiration.
AES/GCM per-client encryption for sensitive fields. Users lock/unlock data from the UI. Encrypted at rest, decrypted only in-memory. Hash-based batch matching, obfuscation rule audit trail, cross-service key management.
Automatic sanitization of sensitive data in logs. Four masking strategies (partial, full, hash, none), YAML-configured per service, field-level @Pii annotations, zero-config @CustomLog integration.
Every request carries a browser-generated session ID through all services via MDC. Users share it from the Support dialog — support traces the entire session across microservices in seconds.
Each module is independent. Adopt one or all 17. No monolithic decision required.
Browse the 17-module reference. Pick what you need: auth, audit, messaging, AI, monitoring, etc.
One Maven entry. Spring auto-config wires the components into your existing service.
@AuditAction, @NucleusListener, @WorkflowStep — declarative annotations replace boilerplate. Set properties via Spring Cloud Config.
Service self-registers, joins the audit pipeline, starts streaming health metrics. You write business logic.
Where Nucleus is being used in production today, and where it fits next.
BookWise, GoldFish, TaskSense — three live ecosystems running on Nucleus today, sharing infrastructure but isolating data per tenant.
Finance and healthcare teams that need built-in audit trail and field-level PII protection without per-service custom code.
Provider-agnostic LLM routing means switching from OpenAI to Anthropic to a private model is a config change, not a refactor.
Run on Kafka in one region, RabbitMQ in another, SQS in a third — same application code, different adapter library.
One reference architecture across every service reduces onboarding from weeks to days, drops ops surface dramatically.
Walkthrough video coming soon. In the meantime, the live module documentation is the deepest available reference.
Architecture walkthrough video coming soon.
Until then: explore the full module reference →
The honest tradeoff between building it yourself and adopting a battle-tested foundation.
| Build it yourself | Adopt Nucleus | |
|---|---|---|
| Time to first business-logic line | 3–6 months of plumbing | Under a week |
| Cross-cutting concerns (audit, PII, auth) | One per service, drift over time | One implementation, applied uniformly |
| Vendor lock-in (messaging, AI, DB) | Permanent without major refactor | Config switch |
| Compliance (audit trail, PII handling) | DIY + audit risk | Built-in, declarative |
| Onboarding new engineers | Read 5 services, learn 5 patterns | Read Nucleus docs once |
| Cost | Senior platform team for 12+ months | Drop-in framework |
The roadmap. None of these are vapor — each builds on a piece that's already shipped.
Managed hosted control plane for the broker, audit, and monitoring services. Bring your own services; we run the back-office.
Visual workflow designer that emits @WorkflowStep code. Bridge between business analysts and engineers.
First-class TypeScript/Node and Python service participants in the same audit / monitoring / SSE topology as the JVM services.
Nucleus powers three production multi-tenant SaaS products today. Read the architecture, then connect with the architect.