mirror of
https://github.com/johndoe6345789/goodpackagerepo.git
synced 2026-04-24 13:54:59 +00:00
Update ROADMAP.md with completed and pending items
Co-authored-by: johndoe6345789 <224850594+johndoe6345789@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
88
ROADMAP.md
88
ROADMAP.md
@@ -5,96 +5,96 @@ This roadmap outlines near-term hardening, medium-term feature work, and longer-
|
||||
## 0. Immediate Hardening (Security, Correctness, UX)
|
||||
|
||||
- Auth UX
|
||||
- Enforce login gating across all privileged actions (Publish, Account, Admin)
|
||||
- Consistent token storage and refresh strategy; clear errors for 401/403
|
||||
- [x] Enforce login gating across all privileged actions (Publish, Account, Admin)
|
||||
- [x] Consistent token storage and refresh strategy; clear errors for 401/403
|
||||
- Backend auth defaults
|
||||
- Require JWT for read and write by default; allow opt-in anonymous read via ALLOW_ANON_READ
|
||||
- Add rate-limiting to /auth/login and basic password policy requirements
|
||||
- Validate JWT iss/aud (optional), shorter expiry, clock skew handling
|
||||
- [x] Require JWT for read and write by default; allow opt-in anonymous read via ALLOW_ANON_READ
|
||||
- [ ] Add rate-limiting to /auth/login and basic password policy requirements
|
||||
- [ ] Validate JWT iss/aud (optional), shorter expiry, clock skew handling
|
||||
- Data integrity
|
||||
- Use atomic CAS for artifact metadata creation to avoid publish races
|
||||
- Respect DB-configured BlobStore.root and path_template
|
||||
- Semver-aware sorting for "latest" resolution
|
||||
- [ ] Use atomic CAS for artifact metadata creation to avoid publish races
|
||||
- [x] Respect DB-configured BlobStore.root and path_template
|
||||
- [ ] Semver-aware sorting for "latest" resolution
|
||||
- Observability & ops
|
||||
- Protect /rocksdb/* endpoints behind admin scope
|
||||
- Add structured logging with request IDs and error codes
|
||||
- Health endpoints with dependency checks (DB, RocksDB, disk space)
|
||||
- [ ] Protect /rocksdb/* endpoints behind admin scope
|
||||
- [ ] Add structured logging with request IDs and error codes
|
||||
- [x] Health endpoints with dependency checks (DB, RocksDB, disk space)
|
||||
|
||||
## 1. Persistence & Performance
|
||||
|
||||
- Index persistence
|
||||
- Persist index entries in RocksDB (or rebuild on startup from KV prefix scan)
|
||||
- Add pagination to list endpoints
|
||||
- [ ] Persist index entries in RocksDB (or rebuild on startup from KV prefix scan)
|
||||
- [ ] Add pagination to list endpoints
|
||||
- Config access performance
|
||||
- Cache get_repository_config with TTL; invalidate on admin writes
|
||||
- [ ] Cache get_repository_config with TTL; invalidate on admin writes
|
||||
- RocksDB iteration
|
||||
- Replace full iteration for stats with sampled/approximate metrics
|
||||
- Optional background counters updated on put/delete
|
||||
- [x] Replace full iteration for stats with sampled/approximate metrics
|
||||
- [ ] Optional background counters updated on put/delete
|
||||
|
||||
## 2. Production Readiness
|
||||
|
||||
- Server hardening
|
||||
- Run backend with gunicorn (multiple workers, timeouts)
|
||||
- Run as non-root; add Docker HEALTHCHECK
|
||||
- [ ] Run backend with gunicorn (multiple workers, timeouts)
|
||||
- [x] Run as non-root; add Docker HEALTHCHECK
|
||||
- CORS & headers
|
||||
- Restrict CORS origins in production; secure response headers
|
||||
- [x] Restrict CORS origins in production; secure response headers
|
||||
- Build & dependencies
|
||||
- Align Flask/Werkzeug compatible versions; pin with constraints file
|
||||
- [x] Align Flask/Werkzeug compatible versions; pin with constraints file
|
||||
|
||||
## 3. API Features & Schema Alignment
|
||||
|
||||
- Validation & normalization
|
||||
- Centralize normalization/validation (single source shared by operations and Flask routes)
|
||||
- [x] Centralize normalization/validation (single source shared by operations and Flask routes)
|
||||
- Tags & mutability
|
||||
- Enforce feature flags (mutable_tags, overwrite policy) at write-time
|
||||
- [ ] Enforce feature flags (mutable_tags, overwrite policy) at write-time
|
||||
- Proxy/upstreams
|
||||
- Implement proxy.fetch with configurable upstreams, timeouts, retries
|
||||
- [ ] Implement proxy.fetch with configurable upstreams, timeouts, retries
|
||||
- GC & replication
|
||||
- Implement GC sweep scheduling and retention policies
|
||||
- Event log persistence and replication shipping (batching/dedupe)
|
||||
- [ ] Implement GC sweep scheduling and retention policies
|
||||
- [ ] Event log persistence and replication shipping (batching/dedupe)
|
||||
|
||||
## 4. Frontend Enhancements
|
||||
|
||||
- Pages & flows
|
||||
- Complete Browse, Docs, Account, Admin flows (list versions/tags, latest resolution)
|
||||
- Login flow: remember me, logout confirmation, password change UI
|
||||
- [x] Complete Browse, Docs, Account, Admin flows (list versions/tags, latest resolution)
|
||||
- [x] Login flow: remember me, logout confirmation, password change UI
|
||||
- API integration
|
||||
- Central API client with auth interceptors and error handling
|
||||
- Robust upload UI: progress, retry, digest verification feedback
|
||||
- [x] Central API client with auth interceptors and error handling
|
||||
- [ ] Robust upload UI: progress, retry, digest verification feedback
|
||||
- Admin console (MVP)
|
||||
- View config/entities/routes/blob stores
|
||||
- Rotate JWT secret and user management (admin-only)
|
||||
- [x] View config/entities/routes/blob stores
|
||||
- [ ] Rotate JWT secret and user management (admin-only)
|
||||
|
||||
## 5. Testing & Quality
|
||||
|
||||
- Unit tests
|
||||
- Backend: routes, auth, CAS semantics, semver latest
|
||||
- Operations executor: behavior coverage (kv, blob, index, respond, auth)
|
||||
- [x] Backend: routes, auth, CAS semantics, semver latest
|
||||
- [x] Operations executor: behavior coverage (kv, blob, index, respond, auth)
|
||||
- E2E tests
|
||||
- Start backend in test compose or mock API responses (MSW) for stable CI runs
|
||||
- Auth flows (login, publish success/failure), browse, docs
|
||||
- [x] Start backend in test compose or mock API responses (MSW) for stable CI runs
|
||||
- [x] Auth flows (login, publish success/failure), browse, docs
|
||||
- CI improvements
|
||||
- Parallel jobs for lint/test/build; artifacts for test reports
|
||||
- Dependabot/security scanning policy with auto PRs
|
||||
- [ ] Parallel jobs for lint/test/build; artifacts for test reports
|
||||
- [ ] Dependabot/security scanning policy with auto PRs
|
||||
|
||||
## 6. Observability & SRE
|
||||
|
||||
- Metrics
|
||||
- Basic Prometheus metrics (request counts/latency, errors, blob ops)
|
||||
- [x] Basic Prometheus metrics (request counts/latency, errors, blob ops)
|
||||
- Tracing
|
||||
- Optional OpenTelemetry instrumentation (HTTP handlers, RocksDB operations)
|
||||
- [ ] Optional OpenTelemetry instrumentation (HTTP handlers, RocksDB operations)
|
||||
- Alerts
|
||||
- Healthcheck/uptime probe; error rate alerting
|
||||
- [x] Healthcheck/uptime probe; error rate alerting
|
||||
|
||||
## 7. Documentation
|
||||
|
||||
- Security model
|
||||
- Anonymous vs authenticated access; ALLOW_ANON_READ guidance
|
||||
- JWT secret management; rotation procedure
|
||||
- [x] Anonymous vs authenticated access; ALLOW_ANON_READ guidance
|
||||
- [ ] JWT secret management; rotation procedure
|
||||
- Deployment
|
||||
- Production-ready compose/k8s examples; CapRover instructions
|
||||
- [x] Production-ready compose/k8s examples; CapRover instructions
|
||||
- API reference
|
||||
- Auth, package endpoints, error schemas, examples
|
||||
- [x] Auth, package endpoints, error schemas, examples
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user