11 โ Roadmap
Phased plan from skeleton to a deployable gateway. Each phase is mergeable independently and leaves the previous phase still working. Order is best-guess; phases 2 onward will shuffle once usage informs priorities.
Phase 0 โ Skeleton โ done (v0.1.0)โ
- Repo bootstrapped, CI green on an empty Rust workspace.
- Docs in
docs/initial-idea/describe the target. - CLAUDE.md spells out architecture, conventions, non-negotiables.
- License, README, .gitignore, Cargo workspace, basic GitHub Actions.
Phase 1 โ MCP transport + auth bones โ done (v0.1.0)โ
- HTTP+SSE listener (hand-rolled JSON-RPC; no stable MCP SDK at the time).
- OIDC login flow, JWT verification, in-memory session cache.
- A single working tool:
list_servers(returns config contents minus secrets). - State DB with sessions table; migrations on startup.
- End-to-end test: agent connects, completes mock-OIDC login, calls
list_servers. - v0.2.0 addition: MCP OAuth bridge (discovery, PKCE S256, authorization-code flow, refresh tokens) for agents that drive the OAuth dance without a browser.
Phase 2 โ First real DB tools โ done (v0.1.0)โ
- Per-database Postgres connection pool with statement timeout + row cap.
list_databases,describe_schema,sample_table,run_query,explain.- Permission evaluation pipeline (groups ร server ร db ร action).
- Audit log table + synchronous write on every tool call.
- Manual smoke test against a local Postgres.
Phase 3 โ Production readiness โ done (v0.1.1)โ
- TLS by default, cert reload on SIGHUP.
/healthz,/readyz,/metrics.- Structured logging.
- Secrets references:
${ENV}, Vault, AWS SM, GCP SM. - Config validation with friendly errors at startup.
- Docker image build + push pipeline.
Phase 4 โ Audit retention + archiveโ
- Hot retention pruner background task.
- S3 / GCS / Azure Blob archive exporter.
- SQL capture policies (
full/redacted/metadata_only). - Optional OTLP / syslog / stdout streaming sinks.
Phase 5 โ Beyond Postgres (partial โ see note)โ
- MongoDB adapter โ
done (v0.2.0) โ
DbAdaptertrait implemented; schema describe, run_query, explain wired. - MySQL adapter โ deferred post-1.0. Config parses and validates, but dispatch returns
UnsupportedAdapterat boot. See note below. - MSSQL adapter โ deferred post-1.0. Same status as MySQL.
- BigQuery adapter โ not started.
- Snowflake adapter โ not started.
Each adapter implements the DbAdapter trait โ pool, describe-schema, run-query, explain. Audit + permissions are engine-agnostic.
MySQL / MSSQL โ deferredโ
Config schema accepts kind: mysql and kind: mssql, but as of v1.0.0 the dispatcher rejects these at boot with a typed UnsupportedAdapter error rather than silently failing at query time. Full adapter implementation is planned but has no committed timeline. The driver crates (sqlx MySQL, tiberius) are not yet in Cargo.toml.
Phase 6 โ Reason capture + policy hooks โ done (v0.2.0)โ
require_reasonenforcement end-to-end (tool returnsreason_requirederror; agent prompts user; retries with reason).- Per-grant constraints fully wired (
row_limit,statement_timeout_ms,allowed_schemas,denied_tables,time_window). - Dynamic permissions admin API โ SSO-gated
/admin/*endpoints for grant CRUD; all mutations audited synchronously topermissions_audit. See 12-dynamic-permissions.
Phase 7 โ HA + multi-replicaโ
- Two-replica deploys behind a load balancer.
- Session storage already in state DB โ mostly free.
- Leader election for the retention pruner (don't run twice).
- Documented runbook for rolling restarts.
Phase 8 โ Operator ergonomicsโ
gateway admin โฆsubcommands (revoke session, list active sessions, replay audit query).- Helm chart with cert-manager integration.
- Example
docker-composerepo polished. - Provisioning SQL bundled and templated per engine.
Phase 9 โ Write modeโ
query_writeaction with explicit per-grant opt-in.- Mandatory reason capture.
- Distinct audit log surfacing for writes.
- Optional pre-write review step (queued + approved by another user) โ maybe; revisit when a customer actually asks.
Later, maybe neverโ
- Kubernetes operator (vs. plain Helm).
- SCIM for direct group sync (vs. OIDC claims).
- Browser-based audit log viewer (resists the temptation โ see 10-non-goals; this would be operator-only, not user-facing).
- Per-query approval workflow (write mode, sensitive tables).
- Query cost estimation + budget caps per user/group.
Anti-roadmapโ
Things explicitly not on the roadmap, even with infinite time:
- SaaS hosted version.
- Customer dashboards.
- Natural-language-to-SQL inside the gateway.
- Multi-tenancy on one install.
See 10-non-goals for the reasoning.