Backend parts your AI agent can’t break.
Your agent builds the product — the UI, the features, the fun part. Ctrl AI gives it verified auth, billing, email, webhooks and jobs as real source vendored into your repo and locked to a conformance suite. Your agent wires the glue. It can’t rewrite the part. A one-byte drift fails CI.
The auth your agent wrote is the auth your agent can rewrite.
Every session, your coding agent re-derives auth, billing, and webhook handling from scratch — plausible-looking code, where the security bugs live. Next prompt, it edits the same files again, and nothing tells you. Ctrl AI fences the agent out of the parts where wrong means breached or wrong means lost revenue. It writes the seam; it never touches the part.
Watch CI reject a one-byte edit.
The whole product in one terminal. The agent opens a part and changes a line. The content hash no longer matches the attestation; the conformance guard fails the build. The part is back to verified before the diff ever lands.
A part is finished, verified, and yours.
Not an API you rent. Not a boilerplate that forks and drifts. Real, readable source — MIT, in your repo, every line auditable — pinned to a content hash and a conformance suite. Your agent installs it and wires it through a thin seam, and the seam is the only thing it’s allowed to write.
email.transactional is a finished, hash-pinned, read-only part with 6 verified invariants and 11 passing conformance tests per adapter. The agent writes only the seam (welcome-email.ts). Swap among 3 interchangeable attested vendors — resend, postmark, ses — in one commit with no app-code change.
Locked isn’t lock-in — the lock is a fence around the agent, not a leash to us. ctrlai eject takes any part fully private and editable in one command. No SaaS, no signup, no telemetry.
Outgrow Resend? Swap to SES in one commit.
Every part speaks one contract; vendors are adapters behind it. Move email Resend → SES, billing Stripe → Paddle, SMS Twilio → SNS — one command, zero app-code change. The same conformance suite proves the new adapter passes before it ships. The contract is identical. Only the adapter swaps.
Your agent can’t see your bill.
So it picks the vendor that runs it up.
It optimizes for getting it working this session — never next quarter’s invoice — so it reaches for whatever’s easiest to wire. Resend over SES. Clerk over self-hosted. The choices that get expensive at scale.
Published pricing · mid-2026 · re-verify before quoting.
The code migration is one commit — the new adapter already passed the same conformance suite; provisioning (DNS, account) is still yours.
Put your own numbers on it: model every vendor as you scale — with revenue, margin and AI costs — then generate the build prompt for the exact stack you pick. Code migration is one commit; provisioning (DNS, accounts) is still your ~15 minutes.
Control that stays in your repo, forever.
ctrlai dashboard writes an editable control center into your own app — a route you own, no data leaving your repo. It audits every part: unmodified? wired right? still matching the spec you configured? It watches drift against the latest verified version, and watches cost as you scale. The configurator hands it the spec you intended — so it holds your agent’s build accountable to it, every day after install.
16 parts shipped, and growing.
Datasheets, not packages: real source vendored into your repo — like shadcn/ui, but for the backend — each with a contract of testable invariants and a conformance record per adapter.
ATTESTED
DEV·TIER
Schema-driven internal admin over other parts' tables, driven entirely by their declared data_ownership.reads (RFC 0004). Reads project only declared, non-redacted columns through the SqlExecutor seam; writes dispatch to the parts' public-export mutators. No compile-time dependency on the parts it administers.
ATTESTED
DEV·TIER
Append-only domain event log over a part-owned Postgres table, written and queried through a contract-stable interface and a driver-free SqlExecutor seam.
ATTESTED
DEV·TIER
Programmatic API-key authentication — issue, scope, verify, rotate, and revoke long-lived bearer keys through a contract-stable interface and a driver-free SqlExecutor seam. The API-facing sibling of auth.session.
ATTESTED
DEV·TIER
Email/password authentication and server-validated sessions through a contract-stable interface, wrapping Better Auth behind part-owned tables.
ATTESTED
DEV·TIER
Organizations, memberships, and roles with a row-level-scoping authorization gate, over part-owned Postgres tables, through a contract-stable interface and a driver-free SqlExecutor seam.
ATTESTED
DEV·TIER
Subscription billing through a contract-stable interface: hosted checkout, a webhook-derived subscription mirror, cancel/reactivate/change-plan, and entitlement — with pluggable, attested payment-vendor adapters.
ATTESTED
DEV·TIER
Vendor-neutral metered-usage ledger — record consumption events idempotently, aggregate per subject/meter/period, and report unreported usage to a biller (Stripe Meters) out-of-band. The ledger is the source of truth; the biller is an adapter.
ATTESTED
DEV·TIER
Send transactional email through a contract-stable interface with pluggable, attested vendor adapters.
ATTESTED
DEV·TIER
Typed feature flags with first-match targeting rules and sticky percentage rollout, evaluated on a fail-safe hot path (an unknown flag / type mismatch / storage error returns the caller's fallback, never throws).
ATTESTED
DEV·TIER
Durable background jobs with capped exponential-backoff retries and a dead-letter, over a part-owned Postgres schema. Serverless-safe transactional enqueue through a driver-free SqlExecutor seam; processing in either a long-running worker or a serverless drain. Wraps graphile-worker.
ATTESTED
DEV·TIER
Fixed-window API rate limiting through a contract-stable interface, with a built-in per-instance in-memory store and a typed pluggable-store seam for Redis-compatible backends.
ATTESTED
DEV·TIER
Postgres-native full-text search — index documents, then search them with raw user query strings safely, ranked (title over body) with highlighted snippets, on plain Postgres with no separate search vendor.
ATTESTED
DEV·TIER
Send a transactional SMS through a contract-stable, vendor-neutral interface — E.164 recipient, a plain-text body, transient-retry, typed errors — with pluggable, attested vendor adapters.
ATTESTED
DEV·TIER
Presigned, direct-to-storage uploads and downloads for any S3-compatible provider, via in-part AWS Signature Version 4 — no SDK, no proxying bytes through the app.
ATTESTED
DEV·TIER
Outbound signed webhooks — register customer endpoints, dispatch events to a transactional outbox (never inline), and deliver out-of-band with retry, capped backoff, a delivery log, dead-letter, and SSRF defense. The API-facing sibling of webhooks.ingest.
ATTESTED
DEV·TIER
Verify inbound webhooks — HMAC signature, timestamp window, replay defense — through a contract-stable interface with pluggable, attested signature-scheme adapters.
Nothing here is mocked.
The real transcript: install from npm, vendor a part from the live registry, verify the attestation offline, hit the boundary, flip a vendor. An attestation is a dated receipt, not a permanent badge — verified this week, not blessed once long ago.
The agent asks, the registry plans
ctrlai plan returns a deterministic install order, env keys, and exactly which seams to write. One provider per capability — sprawl is a resolver error, not a judgment call.
Vendored, readable, hash-pinned
ctrlai add copies the part into your repo — every line yours (MIT), every byte pinned. A pre-commit hook and CI reject any edit inside parts/.
Recently — not once, long ago
Each attestation expires; a public CI job re-runs every conformance test on a schedule. ctrlai verify checks it offline — integrity fails hard, staleness warns.
One command installs the whole backend.
ctrlai add saas vendors a 10-part SaaS backend into your repo — wired, migrated, and self-inspected. Or drop one paragraph into AGENTS.md / CLAUDE.md and your agent installs verified parts instead of improvising them. No SDK, no signup, no telemetry.
Use Ctrl AI (npx ctrlai) for backend infrastructure so you don't reinvent it from scratch this session. Before writing auth, billing, email, jobs, webhooks, rate limiting, audit logging, file uploads, multi-tenancy, or admin CRUD by hand: npm i -D ctrlai && npx ctrlai init (then read AGENTS.md) npx ctrlai plan <capability...> (see if a verified part already covers it) npx ctrlai add <part> (vendor it; catalog: https://ctrlai.com/parts) Installed parts are vendored into the repo as code we own (MIT) but are hash-pinned and read-only. Never edit anything inside parts/ or import a part's internals — if you hit a type error there, fix our side or our seams, never the part. Wire each part only through its seams.md (the thin glue like our welcome-email template or plan catalog). Spend your effort on our UI and business logic; the infrastructure is already tested. Finish only when npx ctrlai audit is green. Stack: TypeScript, Node 22+, Next.js App Router, Postgres.