-
Notifications
You must be signed in to change notification settings - Fork 35
Expand file tree
/
Copy pathroadmap.yaml
More file actions
358 lines (342 loc) · 13.7 KB
/
Copy pathroadmap.yaml
File metadata and controls
358 lines (342 loc) · 13.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
# roadmap.yaml — git-native roadmap for mcpproxy-go
#
# This file is the SOURCE OF TRUTH for the cross-spec roadmap: epics, their
# child tasks, the dependency DAG between them, and execution state that a
# tasks.md checkbox cannot express (status beyond done/not-done, assignee,
# priority, blocked-by edges, external tracker ids, PR links).
#
# `tasks.md` answers "how much of spec NNN is checked off?". This file answers
# "what are we building next, what blocks what, and who owns it?".
#
# Regenerate the human-readable view after editing:
# python3 scripts/gen-roadmap.py # writes ROADMAP.md
# # or: scripts/gen-roadmap # same thing (wrapper)
#
# ── Schema ──────────────────────────────────────────────────────────────────
# version: schema version (int).
# epics: list of epic objects. Each epic:
# id: REQUIRED. Stable slug, unique across epics AND tasks. Used as
# the DAG node id and as a depends_on target.
# title: REQUIRED. Human label.
# status: REQUIRED. one of: todo | in_progress | in_review | blocked | done
# assignee: optional. Owner (agent/role/person).
# priority: optional. P0 (highest) .. P3.
# spec: optional. Path to a specs/<NNN> folder (drives progress badge).
# pr: optional. PR ref, e.g. "#761" or a list of refs.
# mcp: optional. External tracker id mirroring MCP-xxxx vocabulary.
# depends_on: optional. List of epic/task ids that must land first (DAG edge).
# parked: optional bool. true = intentionally on hold (still status: todo).
# note: optional. One-line context.
# tasks: optional. List of child task objects. Each task has the same
# fields as an epic except `tasks`. A task's depends_on may point
# at sibling tasks or at other epics.
#
# Conventions:
# - depends_on edges flow PREREQUISITE -> DEPENDENT (drawn A --> B = "A unblocks B").
# - Keep ids slug-cased and stable; renaming an id breaks inbound depends_on.
# - `done` epics keep their PR refs as provenance.
# ─────────────────────────────────────────────────────────────────────────────
version: 1
epics:
# ── DONE ────────────────────────────────────────────────────────────────
- id: profiles-v2
title: Profiles v2 (per-profile tool views)
status: done
assignee: BackendEngineer
priority: P1
mcp: MCP-33
# No epic-level spec link: Profiles v2 shipped via the PRs below, not via a
# speckit tasks.md. (specs/057-in-proxy-profiles is a SEPARATE, still-draft
# "permanent URLs" spec at 0/25 — linking it here showed a false "drafted"
# badge on a done epic. Provenance lives in the per-task PR refs.)
depends_on: []
note: "Stateful profiles: per-profile Bleve indexes, set_profile, token profile_pin, tray + Web UI switchers. Shipped via #756/#761/#766/#767."
tasks:
- id: profiles-v2-indexes
title: Per-profile Bleve indexes (T1)
status: done
assignee: BackendEngineer
mcp: MCP-3240
pr: "#756"
depends_on: []
- id: profiles-v2-set-profile
title: set_profile tool + session resolver + REST (T2)
status: done
assignee: BackendEngineer
mcp: MCP-3241
pr: "#761"
depends_on: [profiles-v2-indexes]
- id: profiles-v2-profile-pin
title: Per-agent-token profile_pin (T3)
status: done
assignee: BackendEngineer
mcp: MCP-3242
pr: "#766"
spec: specs/028-agent-tokens
depends_on: [profiles-v2-set-profile]
- id: profiles-v2-tray-switcher
title: Tray profile switcher Go + Swift (T5)
status: done
assignee: BackendEngineer
mcp: MCP-3244
pr: "#767"
depends_on: [profiles-v2-set-profile]
- id: sandbox-isolation
title: Non-Docker sandbox isolation (Landlock)
status: done
assignee: BackendEngineer
priority: P1
mcp: MCP-34
spec: specs/054-mcp-security-gateway
depends_on: []
note: "Landlock LSM + setrlimit native sandbox for stdio upstreams; no userns (Ubuntu 24.04 safe). Code in internal/sandbox/."
tasks:
- id: sandbox-spike
title: Landlock sandbox spike (MCP-34.1)
status: done
mcp: MCP-3232
pr: "#754"
depends_on: []
- id: sandbox-mode-config
title: isolation.mode enum + resolver (MCP-34.2)
status: done
mcp: MCP-3233
pr: "#759"
depends_on: [sandbox-spike]
- id: sandbox-launcher
title: Native sandbox launcher Landlock+rlimits (MCP-34.3)
status: done
mcp: MCP-3234
pr: "#768"
depends_on: [sandbox-mode-config]
- id: sandbox-scanner-parity
title: Scanner-flow parity under sandbox (MCP-34.4)
status: done
mcp: MCP-3235
pr: "#781"
depends_on: [sandbox-launcher, scanner-v2]
- id: sandbox-snap-docker-it
title: snap-docker integration tests + CI (MCP-34.5)
status: done
mcp: MCP-3236
pr: "#782"
depends_on: [sandbox-scanner-parity]
- id: ts-code-exec-ga
title: TypeScript code-execution GA + cookbook
status: done
assignee: BackendEngineer
priority: P2
mcp: MCP-38
spec: specs/033-typescript-code-execution
depends_on: []
note: "TS runtime graduated from preview (shipped v0.45.0); MCP-38 = docs/spec + cookbook only."
tasks:
- id: ts-code-exec-cookbook
title: Cookbook (10 TS recipes) + GA docs
status: done
mcp: MCP-38
pr: "#753"
depends_on: []
- id: scanner-v2
title: Spec 076 deterministic offline tool-scanner
status: done
assignee: BackendEngineer
priority: P1
mcp: MCP-3574
spec: specs/076-deterministic-tool-scanner
depends_on: []
note: "Deterministic offline signal pipeline replaces ~10%-recall scanner; scan-eval --gate (recall>=0.90 / FP<=5%) in CI."
tasks:
- id: scanner-v2-foundation
title: detect-engine foundation (T1)
status: done
mcp: MCP-3575
pr: "#769"
depends_on: []
- id: scanner-v2-hard-checks
title: 3 hard checks + scanner wiring (US1 MVP)
status: done
mcp: MCP-3576
pr: "#770"
depends_on: [scanner-v2-foundation]
- id: scanner-v2-soft-checks
title: 3 soft checks + patterns confidence (US2)
status: done
mcp: MCP-3577
pr: "#775"
depends_on: [scanner-v2-foundation]
- id: scanner-v2-consensus
title: Consensus risk-score + report transparency (US4)
status: done
mcp: MCP-3578
pr: "#776"
depends_on: [scanner-v2-hard-checks, scanner-v2-soft-checks]
- id: scanner-v2-eval-gate
title: Eval corpus + CI recall/FP gate (US3)
status: done
mcp: MCP-3579
pr: "#777"
depends_on: [scanner-v2-hard-checks]
- id: scanner-v2-docs
title: Tool-scanner detect-engine docs (T22)
status: done
mcp: MCP-3683
pr: "#780"
depends_on: [scanner-v2-eval-gate]
# ── IN REVIEW ───────────────────────────────────────────────────────────
- id: windows-tray
title: Windows native tray app
status: in_review
assignee: BackendEngineer
priority: P2
mcp: MCP-43
spec: specs/002-windows-installer
depends_on: []
note: "Option C: WebView2 window reusing shipped Web UI. Most exit criteria already ship; gaps = native window, toasts, profile submenu, Win11 smoke."
tasks:
- id: windows-tray-window
title: WebView2 native window + profile submenu
status: in_review
mcp: MCP-43
depends_on: []
# ── BACKLOG: personal-edition polish (NEW priorities) ─────────────────────
- id: ux-audit
title: Web UI + macOS app UX audit
status: todo
assignee: unassigned
priority: P0
spec: specs/064-glass-cockpit
depends_on: []
note: "End-to-end UX pass across Web UI and the macOS tray app; the umbrella for the polish push."
tasks:
- id: ux-audit-webui-sweep
title: Web UI heuristic + Playwright UX sweep
status: todo
depends_on: []
- id: ux-audit-macos-sweep
title: macOS tray app UX sweep (settings parity, flows)
status: todo
spec: specs/037-macos-swift-tray
depends_on: []
- id: action-log-transparency
title: Action log / transparency — info at a glance
status: todo
assignee: unassigned
priority: P0
spec: specs/024-expand-activity-log
depends_on: [ux-audit]
note: "Surface the most important activity/security/connection signals at a glance; reduce digging. Builds on activity-log backend + retention."
tasks:
- id: action-log-glance-view
title: At-a-glance action log view (top signals, health)
status: todo
spec: specs/019-activity-webui
depends_on: []
- id: action-log-retention-tie-in
title: Tie activity retention/size into the glance view
status: todo
spec: specs/073-activity-size-retention
depends_on: [action-log-glance-view]
- id: analytics-dashboard
title: Analytics dashboard as default page
status: todo
assignee: unassigned
priority: P1
spec: specs/069-observability-usage-graphs
depends_on: [ux-audit]
note: "Per-server / per-tool token-drain graphs; make the dashboard the default landing page."
tasks:
- id: analytics-token-drain-graphs
title: Per-server / per-tool token-drain graphs
status: todo
spec: specs/069-observability-usage-graphs
depends_on: []
- id: analytics-default-landing
title: Make dashboard the default landing page
status: todo
spec: specs/039-connect-and-dashboard
depends_on: [analytics-token-drain-graphs]
- id: registries-search-add
title: Registries — easier search + add-server
status: todo
assignee: unassigned
priority: P1
spec: specs/070-registry-easy-upstream-add
depends_on: [ux-audit]
note: "Lower the friction of finding a server in a registry and adding it; lean on the official registry protocol work."
tasks:
- id: registries-search-ux
title: Improved registry search UX
status: todo
spec: specs/070-registry-easy-upstream-add
depends_on: []
- id: registries-official-protocol
title: Official registry protocol integration
status: todo
spec: specs/071-official-registry-protocol
depends_on: []
- id: scanner-simplification
title: Scanner simplification (deterministic default, opt-in deep scan)
status: in_progress
assignee: unassigned
priority: P1
spec: specs/077-scanner-simplification
depends_on: [scanner-v2]
note: "Make the Spec 076 detect engine the always-on offline default; demote Docker scanners + source extraction to opt-in deep scan that never blocks/degrades the baseline; single unified report. Spec drafted (branch 077-scanner-simplification); plan next. First of the 5 personal-edition polish verticals."
tasks:
- id: scanner-simpl-baseline
title: "US1: deterministic offline baseline default + curated hard phrase_injection check (delete duplicate legacy rules)"
status: todo
depends_on: []
- id: scanner-simpl-unified-report
title: "US2: single merged report + cross-scanner consensus confidence"
status: todo
depends_on: [scanner-simpl-baseline]
- id: scanner-simpl-deep-optin
title: "US3: opt-in deep scan (off by default), never blocks/degrades baseline; config migration"
status: todo
depends_on: [scanner-simpl-baseline, scanner-simpl-unified-report]
- id: scanner-simpl-notifications
title: "US4: collapse scan-notification storm into one debounced settled event (MCP-2207)"
status: todo
depends_on: [scanner-simpl-unified-report]
# ── PARKED epics (intentionally on hold) ──────────────────────────────────
- id: marketplace
title: Server marketplace
status: todo
parked: true
priority: P3
mcp: MCP-37
spec: specs/070-registry-easy-upstream-add
depends_on: []
note: "PARKED. ~60% already ships (browse/search/one-click add). Remaining = tray entries, metadata, telemetry."
- id: siem
title: Audit SIEM integration
status: todo
parked: true
priority: P3
mcp: MCP-39
depends_on: []
note: "PARKED. Splunk HEC / Elastic _bulk / syslog shippers reusing JSONL export pipeline."
- id: paid-tier
title: Paid-tier MVP (billing / seats / license)
status: todo
parked: true
priority: P3
mcp: MCP-40
depends_on: []
note: "PARKED. Server-edition revenue motion: Ed25519 license tokens, seats, Stripe checkout. Behind //go:build server."
- id: sdk-v1-migration
title: SDK v1 migration
status: todo
parked: true
priority: P3
depends_on: []
note: "PARKED. Migrate to the v1 MCP Go SDK surface."
- id: sso
title: SSO (server edition)
status: todo
parked: true
priority: P3
depends_on: []
note: "PARKED. Single sign-on for the multi-user server edition."