Skip to content

Commit eff06ce

Browse files
Dumbrisclaude
andauthored
docs(roadmap): 2026-07 replan — specs 078/079, telemetry-corrected priorities, audit fixes (#797)
A multi-agent consistency audit (2026-07-02) found roadmap.yaml stale versus merged PRs and carrying several false progress badges from wrong spec links. Corrected CI-filtered telemetry also re-prioritized the personal-edition work. Statuses corrected per merged PRs: - scanner-simplification children: US1 #786 / US2 #792 / US4 #794 marked done; US3 #793 in_review. Epic stays in_progress. Added deep-scan trust-fix task and flagged docs T037-T039 as merge-blocking for #793. - registries-official-protocol marked done (spec 071 shipped 12/12, #572). False badges / wrong provenance fixed (per the file's own convention — link dropped, provenance moved into the note): - sandbox-isolation no longer links spec 054 (unrelated security-gateway spec). - ux-audit no longer links spec 064 (unrelated agent-fleet cockpit spec). - marketplace no longer links spec 070 (that is the registries-search-add spec). - action-log-transparency no longer links spec 024 (shipped backend, not the progress driver for the at-a-glance UX epic). New epics (telemetry- and audit-driven replan): - upgrade-nudge (P0, spec 079): ~60% of active installs run pre-v0.40. - connect-trust (P0, spec 078): 72.4% skip the connect step. - telemetry-identity (P1, in_progress): hashed machine_id + CI-filter hardening. - planning-hygiene (P2): automate the checks this audit did by hand. Windows QA gate: new first child windows-tray-funnel-qa (downloads→actives 12:1 vs macOS 4:1); windows-tray-window now depends on it. ROADMAP.md regenerated; gen-roadmap.py --check passes. Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
1 parent 776c739 commit eff06ce

4 files changed

Lines changed: 765 additions & 24 deletions

File tree

ROADMAP.md

Lines changed: 49 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@ graph TD
5858
end
5959
subgraph sg_windows_tray["Windows native tray app"]
6060
windows_tray["Windows native tray app<br/>MCP-43"]
61+
windows_tray_funnel_qa["Windows first-run QA pass (downloads→actives 12:1 vs macOS 4:1 — find the funnel break before WebView2 work)"]
6162
windows_tray_window["WebView2 native window + profile submenu<br/>MCP-43"]
6263
end
6364
subgraph sg_ux_audit["Web UI + macOS app UX audit"]
@@ -86,6 +87,34 @@ graph TD
8687
scanner_simpl_unified_report["US2: single merged report + cross-scanner consensus confidence"]
8788
scanner_simpl_deep_optin["US3: opt-in deep scan (off by default), never blocks/degrades baseline; config migration"]
8889
scanner_simpl_notifications["US4: collapse scan-notification storm into one debounced settled event (MCP-2207)"]
90+
scanner_simpl_deepscan_fixes["Deep-scan trust fixes: nil-Security gating bug (source fetch runs with deep scan off on default configs), FR-014 verdict inversion (Dangerous deep finding < Warning), surface silently-skipped Docker scanners (non-nil deep_scan descriptor + CLI hint on security enable)"]
91+
end
92+
subgraph sg_upgrade_nudge["Upgrade awareness & guided update"]
93+
upgrade_nudge["Upgrade awareness & guided update"]
94+
upgrade_nudge_surfacing["US1: universal awareness — status output, startup log, dismissible Web UI banner, update_check config block"]
95+
upgrade_nudge_channel["US2: channel-aware guided update command (brew/dmg/deb/rpm/docker/go-install detection, build-time channel marker)"]
96+
upgrade_nudge_quiet["US3: operator control + CI/offline quiet + no prerelease downgrade nudges"]
97+
end
98+
subgraph sg_connect_trust["Connect step trust: preview, visible backup, one-click undo"]
99+
connect_trust["Connect step trust: preview, visible backup, one-click undo"]
100+
connect_trust_preview["US1: preview API + wizard diff UI (exact entry, API-key masking)"]
101+
connect_trust_backup_visibility["US1: surface backup_path in Web UI + retention policy"]
102+
connect_trust_undo["US2: one-click undo/disconnect in wizard"]
103+
connect_trust_tcc_copy["US2: pre-emptive macOS TCC explanation in wizard"]
104+
end
105+
subgraph sg_telemetry_identity["Telemetry identity & data quality (machine_id + CI-filter hardening)"]
106+
telemetry_identity["Telemetry identity & data quality (machine_id + CI-filter hardening)"]
107+
telemetry_machineid_client["Hashed machine_id in heartbeat (schema v6)"]
108+
telemetry_machineid_worker["Worker migration: machine_id column + extraction (repo mcpproxy-telemetry)"]
109+
telemetry_machineid_dash["Dashboard identityExpr prefers machine_id; exclude %-dev versions from human cohort; fix launch_source 79% unknown (repo mcpproxy-dash)"]
110+
telemetry_snapshot_alerting["Alerting on external-downloads snapshot cron (34-day outage went unnoticed)"]
111+
end
112+
subgraph sg_planning_hygiene["Planning/docs truth automation"]
113+
planning_hygiene["Planning/docs truth automation"]
114+
hygiene_roadmap_github_check["gen-roadmap --check-github: cross-check roadmap.yaml statuses vs gh PR state + dangling spec links"]
115+
hygiene_tasks_reconcile["CI rule: PR touching specs/<id> implementation paths must update tasks.md"]
116+
hygiene_docs_facts["Generate volatile CLAUDE.md/README facts (Go version, built-in tool list, sample config) from code with --check"]
117+
hygiene_quickstart_contract["Run top quickstart.md scenario per spec as contract test in test-api-e2e.sh"]
89118
end
90119
marketplace["Server marketplace<br/>MCP-37"]
91120
siem["Audit SIEM integration<br/>MCP-39"]
@@ -107,6 +136,7 @@ graph TD
107136
scanner_v2_soft_checks --> scanner_v2_consensus
108137
scanner_v2_hard_checks --> scanner_v2_eval_gate
109138
scanner_v2_eval_gate --> scanner_v2_docs
139+
windows_tray_funnel_qa --> windows_tray_window
110140
ux_audit --> action_log_transparency
111141
action_log_glance_view --> action_log_retention_tie_in
112142
ux_audit --> analytics_dashboard
@@ -117,17 +147,22 @@ graph TD
117147
scanner_simpl_baseline --> scanner_simpl_deep_optin
118148
scanner_simpl_unified_report --> scanner_simpl_deep_optin
119149
scanner_simpl_unified_report --> scanner_simpl_notifications
150+
scanner_simpl_deep_optin --> scanner_simpl_deepscan_fixes
151+
upgrade_nudge_surfacing --> upgrade_nudge_channel
152+
upgrade_nudge_surfacing --> upgrade_nudge_quiet
153+
telemetry_machineid_client --> telemetry_machineid_worker
154+
telemetry_machineid_worker --> telemetry_machineid_dash
120155
121156
classDef done fill:#1f7a1f,stroke:#0d3d0d,color:#ffffff;
122157
classDef in_progress fill:#1f6feb,stroke:#0b3d91,color:#ffffff;
123158
classDef in_review fill:#9a6700,stroke:#5c3d00,color:#ffffff;
124159
classDef blocked fill:#a40e26,stroke:#5c0712,color:#ffffff;
125160
classDef todo fill:#6e7781,stroke:#3d4248,color:#ffffff;
126161
classDef parked fill:#30363d,stroke:#161b22,color:#9da7b3,stroke-dasharray:4 3;
127-
class profiles_v2,profiles_v2_indexes,profiles_v2_set_profile,profiles_v2_profile_pin,profiles_v2_tray_switcher,sandbox_isolation,sandbox_spike,sandbox_mode_config,sandbox_launcher,sandbox_scanner_parity,sandbox_snap_docker_it,ts_code_exec_ga,ts_code_exec_cookbook,scanner_v2,scanner_v2_foundation,scanner_v2_hard_checks,scanner_v2_soft_checks,scanner_v2_consensus,scanner_v2_eval_gate,scanner_v2_docs done;
128-
class scanner_simplification in_progress;
129-
class windows_tray,windows_tray_window in_review;
130-
class ux_audit,ux_audit_webui_sweep,ux_audit_macos_sweep,action_log_transparency,action_log_glance_view,action_log_retention_tie_in,analytics_dashboard,analytics_token_drain_graphs,analytics_default_landing,registries_search_add,registries_search_ux,registries_official_protocol,scanner_simpl_baseline,scanner_simpl_unified_report,scanner_simpl_deep_optin,scanner_simpl_notifications todo;
162+
class profiles_v2,profiles_v2_indexes,profiles_v2_set_profile,profiles_v2_profile_pin,profiles_v2_tray_switcher,sandbox_isolation,sandbox_spike,sandbox_mode_config,sandbox_launcher,sandbox_scanner_parity,sandbox_snap_docker_it,ts_code_exec_ga,ts_code_exec_cookbook,scanner_v2,scanner_v2_foundation,scanner_v2_hard_checks,scanner_v2_soft_checks,scanner_v2_consensus,scanner_v2_eval_gate,scanner_v2_docs,registries_official_protocol,scanner_simpl_baseline,scanner_simpl_unified_report,scanner_simpl_notifications done;
163+
class scanner_simplification,telemetry_identity in_progress;
164+
class windows_tray,windows_tray_window,scanner_simpl_deep_optin,telemetry_machineid_client in_review;
165+
class windows_tray_funnel_qa,ux_audit,ux_audit_webui_sweep,ux_audit_macos_sweep,action_log_transparency,action_log_glance_view,action_log_retention_tie_in,analytics_dashboard,analytics_token_drain_graphs,analytics_default_landing,registries_search_add,registries_search_ux,scanner_simpl_deepscan_fixes,upgrade_nudge,upgrade_nudge_surfacing,upgrade_nudge_channel,upgrade_nudge_quiet,connect_trust,connect_trust_preview,connect_trust_backup_visibility,connect_trust_undo,connect_trust_tcc_copy,telemetry_machineid_worker,telemetry_machineid_dash,telemetry_snapshot_alerting,planning_hygiene,hygiene_roadmap_github_check,hygiene_tasks_reconcile,hygiene_docs_facts,hygiene_quickstart_contract todo;
131166
class marketplace,siem,paid_tier,sdk_v1_migration,sso parked;
132167
```
133168

@@ -136,18 +171,22 @@ graph TD
136171
| Epic | Status | Assignee | Priority | Progress | Spec | PR |
137172
| --- | --- | --- | --- | --- | --- | --- |
138173
| Scanner simplification (deterministic default, opt-in deep scan) | In progress | unassigned | P1 | 0/42 (0%) | [077-scanner-simplification](./specs/077-scanner-simplification/) | |
174+
| Telemetry identity & data quality (machine_id + CI-filter hardening) | In progress | unassigned | P1 || | |
139175
| Windows native tray app `MCP-43` | In review | BackendEngineer | P2 | 25/60 (42%) | [002-windows-installer](./specs/002-windows-installer/) | |
140-
| Web UI + macOS app UX audit | Todo | unassigned | P0 || [064-glass-cockpit](./specs/064-glass-cockpit/) | |
141-
| Action log / transparency — info at a glance | Todo | unassigned | P0 | 63/66 (95%) | [024-expand-activity-log](./specs/024-expand-activity-log/) | |
176+
| Web UI + macOS app UX audit | Todo | unassigned | P0 || | |
177+
| Action log / transparency — info at a glance | Todo | unassigned | P0 || | |
178+
| Upgrade awareness & guided update | Todo | unassigned | P0 || [079-upgrade-nudge](./specs/079-upgrade-nudge/) | |
179+
| Connect step trust: preview, visible backup, one-click undo | Todo | unassigned | P0 || [078-connect-trust-preview](./specs/078-connect-trust-preview/) | |
142180
| Analytics dashboard as default page | Todo | unassigned | P1 | 16/26 (62%) | [069-observability-usage-graphs](./specs/069-observability-usage-graphs/) | |
143181
| Registries — easier search + add-server | Todo | unassigned | P1 | 3/24 (12%) | [070-registry-easy-upstream-add](./specs/070-registry-easy-upstream-add/) | |
144-
| Server marketplace `MCP-37` | Todo (parked) | | P3 | 3/24 (12%) | [070-registry-easy-upstream-add](./specs/070-registry-easy-upstream-add/) | |
182+
| Planning/docs truth automation | Todo | unassigned | P2 || | |
183+
| Server marketplace `MCP-37` | Todo (parked) | | P3 || | |
145184
| Audit SIEM integration `MCP-39` | Todo (parked) | | P3 || | |
146185
| Paid-tier MVP (billing / seats / license) `MCP-40` | Todo (parked) | | P3 || | |
147186
| SDK v1 migration | Todo (parked) | | P3 || | |
148187
| SSO (server edition) | Todo (parked) | | P3 || | |
149188
| Profiles v2 (per-profile tool views) `MCP-33` | Done | BackendEngineer | P1 || | |
150-
| Non-Docker sandbox isolation (Landlock) `MCP-34` | Done | BackendEngineer | P1 || [054-mcp-security-gateway](./specs/054-mcp-security-gateway/) | |
189+
| Non-Docker sandbox isolation (Landlock) `MCP-34` | Done | BackendEngineer | P1 || | |
151190
| Spec 076 deterministic offline tool-scanner `MCP-3574` | Done | BackendEngineer | P1 | 22/24 (92%) | [076-deterministic-tool-scanner](./specs/076-deterministic-tool-scanner/) | |
152191
| TypeScript code-execution GA + cookbook `MCP-38` | Done | BackendEngineer | P2 | 19/19 (100%) | [033-typescript-code-execution](./specs/033-typescript-code-execution/) | |
153192

@@ -233,3 +272,5 @@ Legend: `shipped` ≥95% checked · `in-flight` 1–94% · `drafted` 0% · `—`
233272
| [075-macos-tcc-connect](./specs/075-macos-tcc-connect/) | `in-flight` | 11/30 (37%) |
234273
| [076-deterministic-tool-scanner](./specs/076-deterministic-tool-scanner/) | `in-flight` | 22/24 (92%) |
235274
| [077-scanner-simplification](./specs/077-scanner-simplification/) | `drafted` | 0/42 (0%) |
275+
| [078-connect-trust-preview](./specs/078-connect-trust-preview/) |||
276+
| [079-upgrade-nudge](./specs/079-upgrade-nudge/) |||

0 commit comments

Comments
 (0)