Built in the open.

Honest answer: priority. I'm building my first SaaS and my time is better spent making the platform work well so companies can move off American cloud providers now — not in a couple of weeks. I also want to write proper contributor docs and set up the infrastructure for outside contributions. Rushing it would mean a worse experience for everyone.

Competitive protection. MIT would let Amazon or any large provider take the entire codebase, host it, and compete without contributing anything back. AGPL prevents that — if you modify DeployBase and offer it as a service, you have to share your changes. It's the same license Grafana, Cal.com, and Plausible use. I admire Cal.com's radical transparency and want to follow a similar path. AGPL is also OSI-approved, which means it's "real" open source — not the source-available-but-not-really licenses that have caused so much damage to trust in the industry.

No. Not blindly. Elastic promised Elasticsearch would stay Apache 2.0 — then switched to SSPL in 2021 (AWS forked it as OpenSearch). Redis was BSD-licensed for 15 years — then went SSPL in 2024 (the Linux Foundation forked it as Valkey). HashiCorp championed open source for a decade — then switched Terraform to BSL in 2023 (OpenTofu was forked within days). Every one of those companies said they were committed to open source. Judge me by actions, not words. The CLI is open source today. The full platform will follow. If I break this promise, fork it.

I'm not planning to sell. I'm actually exploring steward-ownership structures — like a Dutch stichting (foundation) that holds a controlling share and prevents the company from being sold or its mission changed. Ghost does this through a nonprofit foundation. Plausible uses steward-ownership via the Purpose Foundation. I'm new to this and still figuring out the right structure, but the intent is to make acquisition impossible by design, not just by promise.

If I run out of money, I will give customers a proper deadline to migrate (minimum 90 days) and open source everything — the full platform, infrastructure configs, all of it. Your data and your sites should never be held hostage by a company's financial situation.

I will strive for that. Having worked with open-core products myself, few things are more frustrating than basic security features locked behind enterprise pricing. SSO is a security baseline, not a luxury — I don't want DeployBase to end up on sso.tax. The cloud version will always be more convenient (managed CDN, managed builds, automatic updates, support), but I don't want to artificially cripple the self-hosted version to force upgrades.

Enterprise features that don't exist yet (things like SAML SSO, audit logging, advanced RBAC) will live in a separate /ee directory under a commercial license. But I've seen too many open-core companies gate basic features behind enterprise tiers to extract maximum revenue. My north star: if a feature improves security or is needed by small teams, it stays in the open core. The /ee tier is for features that genuinely only matter at organizational scale.

DeployBase is built on the premise that European companies need European infrastructure. It would be hypocritical to host our source code on a Microsoft-owned platform in the US. Codeberg is a German non-profit running Forgejo (a community fork of Gitea). We may add a GitHub mirror for discoverability.

Not yet — the repo is still private. When we open it up, we'll have a CONTRIBUTING.md with guidelines. We'll use a Contributor License Agreement (CLA) so we can maintain the /ee directory separately, but the CLA won't give us the right to relicense your contribution away from AGPL.

Legally? Nothing. That's the uncomfortable truth. No company can make a binding promise about future licensing decisions — anyone who tells you otherwise is either naive or lying. What I can do: (1) choose AGPL from day one so there's never a downgrade to justify, (2) explore steward-ownership to remove the financial incentive for license changes, and (3) build enough trust through actions that changing the license would be self-destructive. The AGPL also means that even if I did change the license, the last AGPL version can be forked freely.