Bonsai is the architecture behind Sage. The idea fits in a sentence:
ship a small base, and let it grow only the capabilities you ask
for.
A bonsai gardener grafts a branch onto a rootstock and the tree
makes it part of itself. Sage works the same way. The base image is
the Rootstock™. Each capability is a
Sprig™ it grafts on while running. The seam where
they meet is the Graft Union™.
Why grow this way
Most AI platforms ship one enormous image with everything baked in:
every model and runtime anyone might want. You download gigabytes to
use a fraction of it, and changing any part means rebuilding the
whole thing.
Bonsai™ inverts that. The Rootstock™ owns what every install needs
anyway: the web interface, accounts, storage, and the supervisor that
does the grafting. Everything else waits in a catalog until you ask
for it. A school that wants document search grafts three Sprigs™. A
newsroom that also transcribes interviews grafts one more.
Nobody carries what they did not choose.
The part we refuse to compromise on: Sage never fetches models or
packages from third-party hubs behind your back. Your server pulls
every Sprig from a registry we publish and runs two offline checks
before opening anything. It verifies the publisher's Ed25519
signature, a check anyone can repeat with the stock minisign tool.
It matches the package against a sha256 fingerprint pinned inside
the base image you already run. Only then does Sage open and cache
the Sprig. Grafts survive restarts and image upgrades. When a new
Sage release pins a newer Sprig, Sage pulls it at the next boot.
If that pull fails, the version you already have keeps serving.
What is a Sprig™?
One capability in one signed, verified package. A Sprig carries its
own model weights or binaries, declares what it does and under what
license, and speaks to the Rootstock™ across a plain process boundary.
We publish fourteen today, from a 3 MB in-browser runtime to a 574 MB
reranker.
Sage's Rootstock™ is licensed AGPL-3.0. Sprig™ authors ask what that
means for them. Short version: your Sprig, your license.
Does my Sprig have to be AGPL?
No. A Sprig is a separate program that talks to the Rootstock over a
published contract, across a real process boundary. That is the same
arms-length arrangement as a proprietary app running on the Linux
kernel, or a closed-source client talking to an open-source database
server. Your Sprig can be MIT, Apache, GPL, proprietary, or anything
else you choose.
Can I sell a proprietary Sprig?
Yes. The spec exists so you can build against a stable contract
without touching Rootstock source code. A Sprig marketplace is on
our roadmap, and our CTO has built one before: Alexander Somma was a
founding engineer at Etsy (employee #5), the marketplace for
independent makers.
If I run Sage with proprietary Sprigs, do I owe anyone source code?
No. Running an unmodified Rootstock triggers no AGPL obligation, no
matter what you graft onto it. The obligation arrives only if you
modify the Rootstock itself and expose the modified version to remote
users, and it covers your Rootstock changes only. Your Sprigs stay
yours.
Where is the line?
Copying Rootstock source code into your Sprig crosses it. At that
point your Sprig is a derivative work and AGPL applies. Build against
the published contract instead and you never get near the line.
Build on Bonsai
We are writing both sides of the Graft Union™ in the open, so a
Sprig™ can come from anyone and a Rootstock™ does not have to be
ours.