Generated — do not edit by hand. This file is rendered from
roadmap.yamlbyscripts/gen-roadmap.py. Editroadmap.yamland re-run the generator.
The roadmap models cross-spec epics → tasks with a dependency DAG, execution status, assignee, priority, and links — the things a per-spec tasks.md checkbox list cannot express. Per-spec checkbox progress is recomputed live from each specs/<NNN>/tasks.md.
python3 scripts/gen-roadmap.py # writes ROADMAP.md
scripts/gen-roadmap # convenience wrapper (same thing)
python3 scripts/gen-roadmap.py --check # CI canary: fail if stale- epics[] — each has
id(stable slug, DAG node),title,status(todo·in_progress·in_review·blocked·done),assignee,priority(P0–P3),depends_on: [ids](DAG edges, prerequisite→dependent), optionalparked: true, and linksspec:/pr:/mcp:(external MCP-xxxx). - epics[].tasks[] — child tasks with the same fields; their
depends_onmay reference sibling tasks or other epics. - See the header comment in
roadmap.yamlfor the full field reference.
Node colour = status (green done · blue in-progress · amber in-review · red blocked · grey todo · dashed grey parked). Edges point prerequisite → dependent.
graph TD
subgraph sg_profiles_v2["Profiles v2 (per-profile tool views)"]
profiles_v2["Profiles v2 (per-profile tool views)<br/>MCP-33"]
profiles_v2_indexes["Per-profile Bleve indexes (T1)<br/>MCP-3240"]
profiles_v2_set_profile["set_profile tool + session resolver + REST (T2)<br/>MCP-3241"]
profiles_v2_profile_pin["Per-agent-token profile_pin (T3)<br/>MCP-3242"]
profiles_v2_tray_switcher["Tray profile switcher Go + Swift (T5)<br/>MCP-3244"]
end
subgraph sg_sandbox_isolation["Non-Docker sandbox isolation (Landlock)"]
sandbox_isolation["Non-Docker sandbox isolation (Landlock)<br/>MCP-34"]
sandbox_spike["Landlock sandbox spike (MCP-34.1)<br/>MCP-3232"]
sandbox_mode_config["isolation.mode enum + resolver (MCP-34.2)<br/>MCP-3233"]
sandbox_launcher["Native sandbox launcher Landlock+rlimits (MCP-34.3)<br/>MCP-3234"]
sandbox_scanner_parity["Scanner-flow parity under sandbox (MCP-34.4)<br/>MCP-3235"]
sandbox_snap_docker_it["snap-docker integration tests + CI (MCP-34.5)<br/>MCP-3236"]
end
subgraph sg_ts_code_exec_ga["TypeScript code-execution GA + cookbook"]
ts_code_exec_ga["TypeScript code-execution GA + cookbook<br/>MCP-38"]
ts_code_exec_cookbook["Cookbook (10 TS recipes) + GA docs<br/>MCP-38"]
end
subgraph sg_scanner_v2["Spec 076 deterministic offline tool-scanner"]
scanner_v2["Spec 076 deterministic offline tool-scanner<br/>MCP-3574"]
scanner_v2_foundation["detect-engine foundation (T1)<br/>MCP-3575"]
scanner_v2_hard_checks["3 hard checks + scanner wiring (US1 MVP)<br/>MCP-3576"]
scanner_v2_soft_checks["3 soft checks + patterns confidence (US2)<br/>MCP-3577"]
scanner_v2_consensus["Consensus risk-score + report transparency (US4)<br/>MCP-3578"]
scanner_v2_eval_gate["Eval corpus + CI recall/FP gate (US3)<br/>MCP-3579"]
scanner_v2_docs["Tool-scanner detect-engine docs (T22)<br/>MCP-3683"]
end
subgraph sg_windows_tray["Windows native tray app"]
windows_tray["Windows native tray app<br/>MCP-43"]
windows_tray_window["WebView2 native window + profile submenu<br/>MCP-43"]
end
subgraph sg_ux_audit["Web UI + macOS app UX audit"]
ux_audit["Web UI + macOS app UX audit"]
ux_audit_webui_sweep["Web UI heuristic + Playwright UX sweep"]
ux_audit_macos_sweep["macOS tray app UX sweep (settings parity, flows)"]
end
subgraph sg_action_log_transparency["Action log / transparency — info at a glance"]
action_log_transparency["Action log / transparency — info at a glance"]
action_log_glance_view["At-a-glance action log view (top signals, health)"]
action_log_retention_tie_in["Tie activity retention/size into the glance view"]
end
subgraph sg_analytics_dashboard["Analytics dashboard as default page"]
analytics_dashboard["Analytics dashboard as default page"]
analytics_token_drain_graphs["Per-server / per-tool token-drain graphs"]
analytics_default_landing["Make dashboard the default landing page"]
end
subgraph sg_registries_search_add["Registries — easier search + add-server"]
registries_search_add["Registries — easier search + add-server"]
registries_search_ux["Improved registry search UX"]
registries_official_protocol["Official registry protocol integration"]
end
subgraph sg_scanner_simplification["Scanner simplification (deterministic default, opt-in deep scan)"]
scanner_simplification["Scanner simplification (deterministic default, opt-in deep scan)"]
scanner_simpl_baseline["US1: deterministic offline baseline default + curated hard phrase_injection check (delete duplicate legacy rules)"]
scanner_simpl_unified_report["US2: single merged report + cross-scanner consensus confidence"]
scanner_simpl_deep_optin["US3: opt-in deep scan (off by default), never blocks/degrades baseline; config migration"]
scanner_simpl_notifications["US4: collapse scan-notification storm into one debounced settled event (MCP-2207)"]
end
marketplace["Server marketplace<br/>MCP-37"]
siem["Audit SIEM integration<br/>MCP-39"]
paid_tier["Paid-tier MVP (billing / seats / license)<br/>MCP-40"]
sdk_v1_migration["SDK v1 migration"]
sso["SSO (server edition)"]
profiles_v2_indexes --> profiles_v2_set_profile
profiles_v2_set_profile --> profiles_v2_profile_pin
profiles_v2_set_profile --> profiles_v2_tray_switcher
sandbox_spike --> sandbox_mode_config
sandbox_mode_config --> sandbox_launcher
sandbox_launcher --> sandbox_scanner_parity
scanner_v2 --> sandbox_scanner_parity
sandbox_scanner_parity --> sandbox_snap_docker_it
scanner_v2_foundation --> scanner_v2_hard_checks
scanner_v2_foundation --> scanner_v2_soft_checks
scanner_v2_hard_checks --> scanner_v2_consensus
scanner_v2_soft_checks --> scanner_v2_consensus
scanner_v2_hard_checks --> scanner_v2_eval_gate
scanner_v2_eval_gate --> scanner_v2_docs
ux_audit --> action_log_transparency
action_log_glance_view --> action_log_retention_tie_in
ux_audit --> analytics_dashboard
analytics_token_drain_graphs --> analytics_default_landing
ux_audit --> registries_search_add
scanner_v2 --> scanner_simplification
scanner_simpl_baseline --> scanner_simpl_unified_report
scanner_simpl_baseline --> scanner_simpl_deep_optin
scanner_simpl_unified_report --> scanner_simpl_deep_optin
scanner_simpl_unified_report --> scanner_simpl_notifications
classDef done fill:#1f7a1f,stroke:#0d3d0d,color:#ffffff;
classDef in_progress fill:#1f6feb,stroke:#0b3d91,color:#ffffff;
classDef in_review fill:#9a6700,stroke:#5c3d00,color:#ffffff;
classDef blocked fill:#a40e26,stroke:#5c0712,color:#ffffff;
classDef todo fill:#6e7781,stroke:#3d4248,color:#ffffff;
classDef parked fill:#30363d,stroke:#161b22,color:#9da7b3,stroke-dasharray:4 3;
class profiles_v2,profiles_v2_indexes,profiles_v2_set_profile,profiles_v2_profile_pin,profiles_v2_tray_switcher,sandbox_isolation,sandbox_spike,sandbox_mode_config,sandbox_launcher,sandbox_scanner_parity,sandbox_snap_docker_it,ts_code_exec_ga,ts_code_exec_cookbook,scanner_v2,scanner_v2_foundation,scanner_v2_hard_checks,scanner_v2_soft_checks,scanner_v2_consensus,scanner_v2_eval_gate,scanner_v2_docs done;
class scanner_simplification in_progress;
class windows_tray,windows_tray_window in_review;
class ux_audit,ux_audit_webui_sweep,ux_audit_macos_sweep,action_log_transparency,action_log_glance_view,action_log_retention_tie_in,analytics_dashboard,analytics_token_drain_graphs,analytics_default_landing,registries_search_add,registries_search_ux,registries_official_protocol,scanner_simpl_baseline,scanner_simpl_unified_report,scanner_simpl_deep_optin,scanner_simpl_notifications todo;
class marketplace,siem,paid_tier,sdk_v1_migration,sso parked;
| Epic | Status | Assignee | Priority | Progress | Spec | PR |
|---|---|---|---|---|---|---|
| Scanner simplification (deterministic default, opt-in deep scan) | In progress | unassigned | P1 | 0/42 (0%) | 077-scanner-simplification | |
Windows native tray app MCP-43 |
In review | BackendEngineer | P2 | 25/60 (42%) | 002-windows-installer | |
| Web UI + macOS app UX audit | Todo | unassigned | P0 | — | 064-glass-cockpit | |
| Action log / transparency — info at a glance | Todo | unassigned | P0 | 63/66 (95%) | 024-expand-activity-log | |
| Analytics dashboard as default page | Todo | unassigned | P1 | 16/26 (62%) | 069-observability-usage-graphs | |
| Registries — easier search + add-server | Todo | unassigned | P1 | 3/24 (12%) | 070-registry-easy-upstream-add | |
Server marketplace MCP-37 |
Todo (parked) | P3 | 3/24 (12%) | 070-registry-easy-upstream-add | ||
Audit SIEM integration MCP-39 |
Todo (parked) | P3 | — | |||
Paid-tier MVP (billing / seats / license) MCP-40 |
Todo (parked) | P3 | — | |||
| SDK v1 migration | Todo (parked) | P3 | — | |||
| SSO (server edition) | Todo (parked) | P3 | — | |||
Profiles v2 (per-profile tool views) MCP-33 |
Done | BackendEngineer | P1 | — | ||
Non-Docker sandbox isolation (Landlock) MCP-34 |
Done | BackendEngineer | P1 | — | 054-mcp-security-gateway | |
Spec 076 deterministic offline tool-scanner MCP-3574 |
Done | BackendEngineer | P1 | 22/24 (92%) | 076-deterministic-tool-scanner | |
TypeScript code-execution GA + cookbook MCP-38 |
Done | BackendEngineer | P2 | 19/19 (100%) | 033-typescript-code-execution |
Legend: shipped ≥95% checked · in-flight 1–94% · drafted 0% · — no tasks.md. This aggregate is regenerated here rather than overwriting the hand-maintained specs/README.md, which keeps its curated prose, runbooks and design-doc links.