Documentation · Wishlist

Wishlist & future work

Backlog-style items aligned with Phase 1 implementation notes and the design specifications below. This is not a committed sequence—use it for planning and triage. The canonical checklist with GitHub task boxes lives in README.md § Wishlist.

Design references

• Auth & user management
• API token authentication
• Extensibility (plugins & widgets)
• LLM copilot (incl. §0 consent, §17 RAG, §18 extensibility status)
• Optional MCP server
• Validation & object templates

Explicitly deferred or not enabled yet

• Interactive SSO — Redirect/callback/JIT for GET /v1/auth/sso/…/start (501 where not wired); full LDAP/OAuth execution per later IdP phase.
• Enterprise identity — SCIM/HR provisioning, multi-org memberships (unless the model is extended).
• Signed plugin install — POST /v1/plugins/install remains 501 until signing, trust roots, and artifact storage.
• Federated / iframe widgets — Remote UI loading and sandboxing; federation manifest stays builtin-only for now.
• Extensibility architecture — Manifest schema enforcement, page registry (pageId, context schema), dynamic plugin routes, GET /v1/ui/page-registry, install/upgrade lifecycle, plugin job definitions bound to workers.
• Macro read helpers — Allowlisted server-mediated reads for macros (today api.* is blocked).
• GraphQL auth parity — Same “no silent anonymous access” story as REST; consistent 401 behavior.
• Authenticated-by-default audit — Every router including bulk and GraphQL; enumerated public allowlist.
• Rate limits & exposure — Login/token abuse paths; production policy for OpenAPI/Swagger.
• MCP write policy — Strict preview+consent vs pragmatic WRITE-token parity; rate limits; optional stdio and MCP resources/prompts.

Partially implemented (MVP vs design depth)

• Scale topology — Multi-region, horizontal API, read replicas, advanced job engine vs Phase 1 single process + optional worker.
• Copilot destructive gate — Signed apply token / consent artifact enforced server-side with tests.
• Bulk import consent — Preview + explicit confirmation for destructive imports.
• Copilot observability — Token/tool metrics and tracing per design.
• RAG — Per-org controls, embeddings pipeline, vector storage, retention, backfill, cost metrics.
• Extra LLM adapters — Azure first-party, Anthropic, Bedrock, Cloudflare-native paths.
• Schema-aware tools — Resource model introspection and safe aggregates for the assistant.
• Portal completeness — Account, password change, user admin APIs/UX, invites/resets as phased.
• Validation extensions — Validator registry for plugin fields; GraphQL sharing domain validators with REST.

Opportunities (alignment)

• Unified page context — One context object for widget macros and copilot tools.
• Widget → job slice — Actions that trigger documented job runs with macro-built, validated input.
• Shared tool module — Copilot and MCP invoke the same internal capabilities (no permission drift).
• Roadmap phases 2–4 — Signed automation artifacts, HA, provider-scale bulk, SLOs, multi-cloud, marketplace.

← Documentation home · Vision & roadmap