# ATCR UI - Feature Roadmap This document tracks the status of ATCR features beyond the V1 MVP. Features are marked with their current status: - **DONE** — Fully implemented and shipping - **PARTIAL** — Some parts implemented - **BACKEND ONLY** — Backend exists, no UI yet - **NOT STARTED** — Future work - **BLOCKED** — Waiting on external dependency --- ## What's Already Built (not in original roadmap) These features were implemented but weren't in the original future features list: | Feature | Location | Notes | |---------|----------|-------| | **Billing (Stripe)** | `pkg/hold/billing/` | Checkout sessions, customer portal, subscription webhooks, tier upgrades. Build with `-tags billing`. | | **Garbage collection** | `pkg/hold/gc/` | Mark-and-sweep for orphaned blobs. Preview (dry-run) and execute modes. Triggered from hold admin UI. | | **libSQL embedded replicas** | AppView + Hold | Sync to Turso, Bunny DB, or self-hosted libsql-server. Configurable sync interval. | | **Hold successor/migration** | `pkg/hold/` | Promote a hold as successor to migrate users to new storage. | | **Relay management** | Hold admin | Manage firehose relay connections from admin panel. | | **Data export** | `pkg/appview/handlers/export.go` | GDPR-compliant export of all user data from AppView + all holds where user is member/captain. | | **Dark/light mode** | AppView UI | System preference detection, toggle, localStorage persistence. | | **Credential helper install page** | `/install` | Install scripts for macOS/Linux/Windows, version API. | | **Stars** | AppView UI | Star/unstar repos stored as `io.atcr.star` ATProto records, counts displayed. | --- ## Advanced Image Management ### Multi-Architecture Image Support — DONE (display) / NOT STARTED (creation) **Display image indexes — DONE:** - Show when a tag points to an image index (multi-arch manifest) — `IsMultiArch` flag, "Multi-arch" badge - Display all architectures/platforms in the index — platform badges (e.g., linux/amd64, linux/arm64) - Allow viewing individual manifests within the index - Show platform-specific details **Image index creation — NOT STARTED:** - UI for combining multiple single-arch manifests into an image index - Automatic platform detection from manifest metadata - Validate that all manifests are for the same image (different platforms) ### Layer Inspection & Visualization — NOT STARTED DB stores layer metadata (digest, size, media type, layer index) but there's no UI for any of this. **Layer details page:** - Show Dockerfile command that created each layer (if available in history) - Display layer size and compression ratio - Show file changes in each layer (added/modified/deleted files) - Visualize layer hierarchy (parent-child relationships) **Layer deduplication stats:** - Show which layers are shared across images - Calculate storage savings from layer sharing - Identify duplicate layers with different digests (potential optimization) ### Image Operations — PARTIAL (delete only) **Tag/manifest deletion — DONE:** - Delete tags with `DeleteTagHandler` (cascade + confirmation modal) - Delete manifests with `DeleteManifestHandler` (handles tagged manifests gracefully) **Tag Management — NOT STARTED:** - Tag promotion workflow (dev → staging → prod) - Tag aliases (multiple tags → same digest) - Tag patterns (auto-tag based on git commit, semantic version, date) - Tag protection (mark tags as immutable) **Image Copying — NOT STARTED:** - Copy image from one repository to another - Copy image from another user's repository (fork) - Bulk copy operations **Image History — NOT STARTED:** - Timeline view of tag changes - Rollback functionality - Audit log of image operations ### Vulnerability Scanning — DONE (backend) / NOT STARTED (UI) **Backend — DONE:** - Separate scanner service (`scanner/` module) with Syft (SBOM) + Grype (vulnerabilities) - WebSocket-based job queue connecting scanner to hold service - Priority queue with tier-based scheduling (quartermaster > bosun > deckhand) - Scan results stored as ORAS artifacts in S3, referenced in hold PDS - Automatic scanning dispatched by hold on manifest push - See `docs/SBOM_SCANNING.md` **AppView UI — NOT STARTED:** - Display CVE count by severity (critical, high, medium, low) - Show detailed CVE information (description, CVSS score, affected packages) - Filter images by vulnerability status - Subscribe to CVE notifications for your images - Compare vulnerability status across tags/versions ### Image Signing & Verification — NOT STARTED Concept doc exists at `docs/SIGNATURE_INTEGRATION.md` but no implementation. - Sign images - Display signature verification status - Display signature metadata - Require signatures for protected repositories ### SBOM (Software Bill of Materials) — DONE (backend) / NOT STARTED (UI) **Backend — DONE:** - Syft generates SPDX JSON format SBOMs - Stored as ORAS artifacts (referenced via `artifactType: "application/spdx+json"`) - Blobs in S3, metadata in hold's PDS - Accessible via ORAS CLI and hold XRPC endpoints **UI — NOT STARTED:** - Display package list from SBOM - Show license information - Link to upstream package sources - Compare SBOMs across versions --- ## Hold Management Dashboard — DONE (on hold admin panel) Hold management is implemented as a separate admin panel on the hold service itself (`pkg/hold/admin/`), not in the AppView UI. This makes sense architecturally — hold owners manage their own holds. ### Hold Discovery & Registration — PARTIAL **Hold registration — DONE:** - Automatic registration on hold startup (captain + crew records created in embedded PDS) - Auto-detection of region from cloud metadata **NOT STARTED:** - UI wizard for deploying hold service - One-click deployment to cloud platforms - Configuration generator - Test connectivity UI ### Hold Configuration — DONE (admin panel) **Hold settings — DONE (hold admin):** - Toggle public/private flag - Toggle allow-all-crew - Toggle Bluesky post announcements - Set successor hold DID for migration - Writes changes back to YAML config file **Storage config — YAML-only:** - S3 credentials, region, bucket, endpoint, CDN pull zone all configured via YAML - No UI for editing S3 credentials or rotating keys **Quotas — DONE (read-only UI):** - Tier-based limits (deckhand 5GB, bosun 50GB, quartermaster 100GB) - Per-user quota tracking and display in admin - Not editable via UI (requires YAML change) **NOT STARTED:** - Retention policies (auto-delete old blobs) - Hold service log viewer ### Crew Management — DONE (hold admin panel) **Implemented in `pkg/hold/admin/handlers_crew.go`:** - Add crew by DID with role, permissions (`blob:read`, `blob:write`, `crew:admin`), and tier - Crew list showing handle, role, permissions, tier, usage, quota - Edit crew permissions and tier - Remove crew members - Bulk JSON import/export with deduplication (`handlers_crew_io.go`) **NOT STARTED:** - Invitation links (OAuth-based, currently must know DID) - Invite by handle (currently DID-only) - Crew request workflow (users can't self-request access) - Approval/rejection flow ### Hold Analytics — PARTIAL **Storage metrics — DONE (hold admin):** - Total blobs, total size, unique digests - Per-user quota stats (total size, blob count) - Top users by storage (lazy-loaded HTMX partial) - Crew count and tier distribution **NOT STARTED:** - Access metrics (downloads, pulls, bandwidth) - Growth over time charts - Cost estimation - Geographic distribution - Access logs --- ## Discovery & Social Features ### Federated Browse & Search — PARTIAL **Basic search — DONE:** - Full-text search across handles, DIDs, repo names, and annotations - Search UI with HTMX lazy loading and pagination - Navigation bar search component **NOT STARTED:** - Filter by user, hold, architecture, date range - Sort by popularity, recency, size - Advanced query syntax - Popular/trending images - Categories and user-defined tags ### Sailor Profiles — PARTIAL **Public profile page — DONE:** - `/u/{handle}` shows user's avatar, handle, DID, and all public repositories - OpenGraph meta tags and JSON-LD structured data **NOT STARTED:** - Bio/description field - Website links - Statistics (total images, total pulls, joined date) - Pinned/featured repositories ### Social Features — PARTIAL (stars only) **Stars — DONE:** - Star/unstar repositories stored as `io.atcr.star` ATProto records - Star counts displayed on repository pages **NOT STARTED:** - Follow other sailors - Comment on images - Like/upvote images - Activity feed - Federated timeline / custom feeds - Sharing to Bluesky/ATProto social apps --- ## Access Control & Permissions ### Hold-Level Access Control — DONE - Public/private hold toggle (admin UI + OCI enforcement) - Crew permissions: `blob:read`, `blob:write`, `crew:admin` - `blob:write` implicitly grants `blob:read` - Captain has all permissions implicitly - See `docs/BYOS.md` ### Repository-Level Permissions — BLOCKED - **Private repositories blocked by ATProto** — no private records support yet - Repository-level permissions, collaborator invites, read-only tokens all depend on this - May require proxy layer or encrypted blobs when ATProto adds private record support ### Team/Organization Accounts — NOT STARTED - Organization accounts, RBAC, SSO, audit logs - Likely a later-stage feature --- ## Analytics & Monitoring ### Dashboard — PARTIAL **Hold dashboard — DONE (hold admin):** - Storage usage, crew count, tier distribution **Personal dashboard — NOT STARTED:** - Overview of your images, holds, activity - Quick stats, recent activity, alerts ### Pull Analytics — NOT STARTED - Pull count per image/tag - Pull count by client, geography, over time - User analytics (authenticated vs anonymous) ### Alerts & Notifications — NOT STARTED - Alert types (quota exceeded, vulnerability detected, hold down, etc.) - Notification channels (email, webhook, ATProto, Slack/Discord) --- ## Developer Tools & Integrations ### Credential Helper — DONE - Install page at `/install` with shell scripts - Version API endpoint for automatic updates ### API Documentation — NOT STARTED - Swagger/OpenAPI specs - Interactive API explorer - Code examples, SDKs ### Webhooks — NOT STARTED - Repository-level webhook registration - Events: manifest.pushed, tag.created, scan.completed, etc. - Test, retry, delivery history ### CI/CD Integration — NOT STARTED - GitHub Actions, GitLab CI, CircleCI example workflows - Pre-built actions/plugins - Build status badges ### Infrastructure as Code — PARTIAL **DONE:** - Custom UpCloud deployment tool (`deploy/upcloud/`) with Go-based provisioning, cloud-init, systemd, config templates - Docker Compose for dev and production **NOT STARTED:** - Terraform modules - Helm charts - Kubernetes manifests (only an example verification webhook exists) - GitOps integrations (ArgoCD, FluxCD) --- ## Documentation & Onboarding — PARTIAL **DONE:** - Install page with credential helper setup - Learn more page - Internal developer docs (`docs/`) **NOT STARTED:** - Interactive onboarding wizard - Product tour / tooltips - Help center with FAQs - Video tutorials - Comprehensive user-facing documentation site --- ## Advanced ATProto Integration ### Data Export — DONE - GDPR-compliant data export (`ExportUserDataHandler`) - Fetches data from AppView DB + all holds where user is member/captain ### Record Viewer — NOT STARTED - Browse `io.atcr.*` records with raw JSON view - Record history, diff viewer - ATP URI links ### PDS Integration — NOT STARTED - Multi-PDS support, PDS health monitoring - PDS migration tools - "Verify on PDS" button ### Federation — NOT STARTED - Cross-AppView image pulls - AppView discovery - Federated search --- ## UI/UX Enhancements ### Theming — PARTIAL **DONE:** - Light/dark mode with system preference detection and toggle - Responsive design (Tailwind/DaisyUI, mobile-friendly) - PWA manifest with icons (no service worker yet) **NOT STARTED:** - Custom themes - WCAG 2.1 AA accessibility audit - High contrast mode - Internationalization (i18n) - Native mobile apps ### Performance — PARTIAL **DONE:** - HTMX lazy loading for data-heavy partials - Efficient server-side rendering **NOT STARTED:** - Service worker for offline caching - Virtual scrolling for large lists - GraphQL API - Real-time WebSocket updates in UI --- ## Enterprise Features — NOT STARTED (except billing) ### Billing — DONE - Stripe integration (`pkg/hold/billing/`, requires `-tags billing` build tag) - Checkout sessions, customer portal, subscription webhooks - Tier upgrades/downgrades ### Everything Else — NOT STARTED - Organization accounts with SSO (SAML, OIDC) - RBAC, audit logs for compliance - SOC 2, HIPAA, GDPR compliance tooling (data export exists, see above) - Image scanning policy enforcement - Paid tier SLAs --- ## Miscellaneous Ideas — NOT STARTED These remain future ideas with no implementation: - **Image build service** — Cloud-based Dockerfile builds - **Registry mirroring** — Pull-through cache for Docker Hub, ghcr.io, etc. - **Deployment tools** — One-click deploy to K8s, ECS, Fly.io - **Image recommendations** — ML-based "similar images" and "people also pulled" - **Gamification** — Achievement badges, leaderboards - **Advanced search** — Semantic/AI-powered search, saved searches --- ## Updated Priority List **Already done (was "High Priority"):** 1. ~~Multi-architecture image support~~ — display working 2. ~~Vulnerability scanning integration~~ — backend complete 3. ~~Hold management dashboard~~ — implemented on hold admin panel 4. ~~Basic search~~ — working **Remaining high priority:** 1. Scan results UI in AppView (backend exists, just needs frontend) 2. SBOM display UI in AppView (backend exists, just needs frontend) 3. Webhooks for CI/CD integration 4. Enhanced search (filters, sorting, advanced queries) 5. Richer sailor profiles (bio, stats, pinned repos) **Medium priority:** 1. Layer inspection UI 2. Pull analytics and monitoring 3. API documentation (Swagger/OpenAPI) 4. Tag management (promotion, protection, aliases) 5. Onboarding wizard / getting started guide **Low priority / long-term:** 1. Team/organization accounts 2. Image build service 3. Registry mirroring 4. Federation features 5. Internationalization **Blocked on external dependencies:** 1. Private repositories (requires ATProto private records) 2. Federated timeline (requires ATProto feed infrastructure) --- **Note:** This is a living document. Features may be added, removed, or reprioritized based on user feedback, technical feasibility, and ATProto ecosystem evolution. *Last audited: 2026-02-12*