Skip to main content

11 โ€” Roadmap

Phased plan from skeleton to a deployable gateway. Each phase is mergeable independently and leaves the previous phase still working. Order is best-guess; phases 2 onward will shuffle once usage informs priorities.

Phase 0 โ€” Skeleton โœ… done (v0.1.0)โ€‹

  • Repo bootstrapped, CI green on an empty Rust workspace.
  • Docs in docs/initial-idea/ describe the target.
  • CLAUDE.md spells out architecture, conventions, non-negotiables.
  • License, README, .gitignore, Cargo workspace, basic GitHub Actions.

Phase 1 โ€” MCP transport + auth bones โœ… done (v0.1.0)โ€‹

  • HTTP+SSE listener (hand-rolled JSON-RPC; no stable MCP SDK at the time).
  • OIDC login flow, JWT verification, in-memory session cache.
  • A single working tool: list_servers (returns config contents minus secrets).
  • State DB with sessions table; migrations on startup.
  • End-to-end test: agent connects, completes mock-OIDC login, calls list_servers.
  • v0.2.0 addition: MCP OAuth bridge (discovery, PKCE S256, authorization-code flow, refresh tokens) for agents that drive the OAuth dance without a browser.

Phase 2 โ€” First real DB tools โœ… done (v0.1.0)โ€‹

  • Per-database Postgres connection pool with statement timeout + row cap.
  • list_databases, describe_schema, sample_table, run_query, explain.
  • Permission evaluation pipeline (groups ร— server ร— db ร— action).
  • Audit log table + synchronous write on every tool call.
  • Manual smoke test against a local Postgres.

Phase 3 โ€” Production readiness โœ… done (v0.1.1)โ€‹

  • TLS by default, cert reload on SIGHUP.
  • /healthz, /readyz, /metrics.
  • Structured logging.
  • Secrets references: ${ENV}, Vault, AWS SM, GCP SM.
  • Config validation with friendly errors at startup.
  • Docker image build + push pipeline.

Phase 4 โ€” Audit retention + archiveโ€‹

  • Hot retention pruner background task.
  • S3 / GCS / Azure Blob archive exporter.
  • SQL capture policies (full / redacted / metadata_only).
  • Optional OTLP / syslog / stdout streaming sinks.

Phase 5 โ€” Beyond Postgres (partial โ€” see note)โ€‹

  • MongoDB adapter โœ… done (v0.2.0) โ€” DbAdapter trait implemented; schema describe, run_query, explain wired.
  • MySQL adapter โ€” deferred post-1.0. Config parses and validates, but dispatch returns UnsupportedAdapter at boot. See note below.
  • MSSQL adapter โ€” deferred post-1.0. Same status as MySQL.
  • BigQuery adapter โ€” not started.
  • Snowflake adapter โ€” not started.

Each adapter implements the DbAdapter trait โ€” pool, describe-schema, run-query, explain. Audit + permissions are engine-agnostic.

MySQL / MSSQL โ€” deferredโ€‹

Config schema accepts kind: mysql and kind: mssql, but as of v1.0.0 the dispatcher rejects these at boot with a typed UnsupportedAdapter error rather than silently failing at query time. Full adapter implementation is planned but has no committed timeline. The driver crates (sqlx MySQL, tiberius) are not yet in Cargo.toml.

Phase 6 โ€” Reason capture + policy hooks โœ… done (v0.2.0)โ€‹

  • require_reason enforcement end-to-end (tool returns reason_required error; agent prompts user; retries with reason).
  • Per-grant constraints fully wired (row_limit, statement_timeout_ms, allowed_schemas, denied_tables, time_window).
  • Dynamic permissions admin API โ€” SSO-gated /admin/* endpoints for grant CRUD; all mutations audited synchronously to permissions_audit. See 12-dynamic-permissions.

Phase 7 โ€” HA + multi-replicaโ€‹

  • Two-replica deploys behind a load balancer.
  • Session storage already in state DB โ†’ mostly free.
  • Leader election for the retention pruner (don't run twice).
  • Documented runbook for rolling restarts.

Phase 8 โ€” Operator ergonomicsโ€‹

  • gateway admin โ€ฆ subcommands (revoke session, list active sessions, replay audit query).
  • Helm chart with cert-manager integration.
  • Example docker-compose repo polished.
  • Provisioning SQL bundled and templated per engine.

Phase 9 โ€” Write modeโ€‹

  • query_write action with explicit per-grant opt-in.
  • Mandatory reason capture.
  • Distinct audit log surfacing for writes.
  • Optional pre-write review step (queued + approved by another user) โ€” maybe; revisit when a customer actually asks.

Later, maybe neverโ€‹

  • Kubernetes operator (vs. plain Helm).
  • SCIM for direct group sync (vs. OIDC claims).
  • Browser-based audit log viewer (resists the temptation โ€” see 10-non-goals; this would be operator-only, not user-facing).
  • Per-query approval workflow (write mode, sensitive tables).
  • Query cost estimation + budget caps per user/group.

Anti-roadmapโ€‹

Things explicitly not on the roadmap, even with infinite time:

  • SaaS hosted version.
  • Customer dashboards.
  • Natural-language-to-SQL inside the gateway.
  • Multi-tenancy on one install.

See 10-non-goals for the reasoning.