mirrors/at-container-registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
at-container-registry/docs/APPVIEW-UI-FUTURE.md
Evan Jarrett de02e1f046 remove distribution from hold, add vulnerability scanning in appview. 
1. Removing distribution/distribution from the Hold Service (biggest change)
  The hold service previously used distribution's StorageDriver interface for all blob operations. This replaces it with direct AWS SDK v2 calls through ATCR's own pkg/s3.S3Service:
  - New S3Service methods: Stat(), PutBytes(), Move(), Delete(), WalkBlobs(), ListPrefix() added to pkg/s3/types.go
  - Pull zone fix: Presigned URLs are now generated against the real S3 endpoint, then the host is swapped to the CDN URL post-signing (previously the CDN URL was set as the endpoint, which
  broke SigV4 signatures)
  - All hold subsystems migrated: GC, OCI uploads, XRPC handlers, profile uploads, scan broadcaster, manifest posts — all now use *s3.S3Service instead of storagedriver.StorageDriver
  - Config simplified: Removed configuration.Storage type and buildStorageConfigFromFields(); replaced with a simple S3Params() method
  - Mock expanded: MockS3Client gains an in-memory object store + 5 new methods, replacing duplicate mockStorageDriver implementations in tests (~160 lines deleted from each test file)
2. Vulnerability Scan UI in AppView (new feature)
  Displays scan results from the hold's PDS on the repository page:
  - New lexicon: io/atcr/hold/scan.json with vulnReportBlob field for storing full Grype reports
  - Two new HTMX endpoints: /api/scan-result (badge) and /api/vuln-details (modal with CVE table)
  - New templates: vuln-badge.html (severity count chips) and vuln-details.html (full CVE table with NVD/GHSA links)
  - Repository page: Lazy-loads scan badges per manifest via HTMX
  - Tests: ~590 lines of test coverage for both handlers
3. S3 Diagnostic Tool
  New cmd/s3-test/main.go (418 lines) — tests S3 connectivity with both SDK v1 and v2, including presigned URL generation, pull zone host swapping, and verbose signing debug output.
4. Deployment Tooling
  - New syncServiceUnit() for comparing/updating systemd units on servers
  - Update command now syncs config keys (adds missing keys from template) and service units with daemon-reload
5. DB Migration
  0011_fix_captain_successor_column.yaml — rebuilds hold_captain_records to add the successor column that was missed in a previous migration.
6. Documentation
  - APPVIEW-UI-FUTURE.md rewritten as a status-tracked feature inventory
  - DISTRIBUTION.md renamed to CREDENTIAL_HELPER.md
  - New REMOVING_DISTRIBUTION.md — 480-line analysis of fully removing distribution from the appview side
7. go.mod
  aws-sdk-go v1 moved from indirect to direct (needed by cmd/s3-test).
2026-02-13 15:26:24 -06:00

14 KiB
Raw Permalink Blame History

ATCR UI - Feature Roadmap

This document tracks the status of ATCR features beyond the V1 MVP. Features are marked with their current status:

  • DONE — Fully implemented and shipping
  • PARTIAL — Some parts implemented
  • BACKEND ONLY — Backend exists, no UI yet
  • NOT STARTED — Future work
  • BLOCKED — Waiting on external dependency

What's Already Built (not in original roadmap)

These features were implemented but weren't in the original future features list:

Feature Location Notes
Billing (Stripe) pkg/hold/billing/ Checkout sessions, customer portal, subscription webhooks, tier upgrades. Build with -tags billing.
Garbage collection pkg/hold/gc/ Mark-and-sweep for orphaned blobs. Preview (dry-run) and execute modes. Triggered from hold admin UI.
libSQL embedded replicas AppView + Hold Sync to Turso, Bunny DB, or self-hosted libsql-server. Configurable sync interval.
Hold successor/migration pkg/hold/ Promote a hold as successor to migrate users to new storage.
Relay management Hold admin Manage firehose relay connections from admin panel.
Data export pkg/appview/handlers/export.go GDPR-compliant export of all user data from AppView + all holds where user is member/captain.
Dark/light mode AppView UI System preference detection, toggle, localStorage persistence.
Credential helper install page /install Install scripts for macOS/Linux/Windows, version API.
Stars AppView UI Star/unstar repos stored as io.atcr.star ATProto records, counts displayed.

Advanced Image Management

Multi-Architecture Image Support — DONE (display) / NOT STARTED (creation)

Display image indexes — DONE:

  • Show when a tag points to an image index (multi-arch manifest) — IsMultiArch flag, "Multi-arch" badge
  • Display all architectures/platforms in the index — platform badges (e.g., linux/amd64, linux/arm64)
  • Allow viewing individual manifests within the index
  • Show platform-specific details

Image index creation — NOT STARTED:

  • UI for combining multiple single-arch manifests into an image index
  • Automatic platform detection from manifest metadata
  • Validate that all manifests are for the same image (different platforms)

Layer Inspection & Visualization — NOT STARTED

DB stores layer metadata (digest, size, media type, layer index) but there's no UI for any of this.

Layer details page:

  • Show Dockerfile command that created each layer (if available in history)
  • Display layer size and compression ratio
  • Show file changes in each layer (added/modified/deleted files)
  • Visualize layer hierarchy (parent-child relationships)

Layer deduplication stats:

  • Show which layers are shared across images
  • Calculate storage savings from layer sharing
  • Identify duplicate layers with different digests (potential optimization)

Image Operations — PARTIAL (delete only)

Tag/manifest deletion — DONE:

  • Delete tags with DeleteTagHandler (cascade + confirmation modal)
  • Delete manifests with DeleteManifestHandler (handles tagged manifests gracefully)

Tag Management — NOT STARTED:

  • Tag promotion workflow (dev → staging → prod)
  • Tag aliases (multiple tags → same digest)
  • Tag patterns (auto-tag based on git commit, semantic version, date)
  • Tag protection (mark tags as immutable)

Image Copying — NOT STARTED:

  • Copy image from one repository to another
  • Copy image from another user's repository (fork)
  • Bulk copy operations

Image History — NOT STARTED:

  • Timeline view of tag changes
  • Rollback functionality
  • Audit log of image operations

Vulnerability Scanning — DONE (backend) / NOT STARTED (UI)

Backend — DONE:

  • Separate scanner service (scanner/ module) with Syft (SBOM) + Grype (vulnerabilities)
  • WebSocket-based job queue connecting scanner to hold service
  • Priority queue with tier-based scheduling (quartermaster > bosun > deckhand)
  • Scan results stored as ORAS artifacts in S3, referenced in hold PDS
  • Automatic scanning dispatched by hold on manifest push
  • See docs/SBOM_SCANNING.md

AppView UI — NOT STARTED:

  • Display CVE count by severity (critical, high, medium, low)
  • Show detailed CVE information (description, CVSS score, affected packages)
  • Filter images by vulnerability status
  • Subscribe to CVE notifications for your images
  • Compare vulnerability status across tags/versions

Image Signing & Verification — NOT STARTED

Concept doc exists at docs/SIGNATURE_INTEGRATION.md but no implementation.

  • Sign images
  • Display signature verification status
  • Display signature metadata
  • Require signatures for protected repositories

SBOM (Software Bill of Materials) — DONE (backend) / NOT STARTED (UI)

Backend — DONE:

  • Syft generates SPDX JSON format SBOMs
  • Stored as ORAS artifacts (referenced via artifactType: "application/spdx+json")
  • Blobs in S3, metadata in hold's PDS
  • Accessible via ORAS CLI and hold XRPC endpoints

UI — NOT STARTED:

  • Display package list from SBOM
  • Show license information
  • Link to upstream package sources
  • Compare SBOMs across versions

Hold Management Dashboard — DONE (on hold admin panel)

Hold management is implemented as a separate admin panel on the hold service itself (pkg/hold/admin/), not in the AppView UI. This makes sense architecturally — hold owners manage their own holds.

Hold Discovery & Registration — PARTIAL

Hold registration — DONE:

  • Automatic registration on hold startup (captain + crew records created in embedded PDS)
  • Auto-detection of region from cloud metadata

NOT STARTED:

  • UI wizard for deploying hold service
  • One-click deployment to cloud platforms
  • Configuration generator
  • Test connectivity UI

Hold Configuration — DONE (admin panel)

Hold settings — DONE (hold admin):

  • Toggle public/private flag
  • Toggle allow-all-crew
  • Toggle Bluesky post announcements
  • Set successor hold DID for migration
  • Writes changes back to YAML config file

Storage config — YAML-only:

  • S3 credentials, region, bucket, endpoint, CDN pull zone all configured via YAML
  • No UI for editing S3 credentials or rotating keys

Quotas — DONE (read-only UI):

  • Tier-based limits (deckhand 5GB, bosun 50GB, quartermaster 100GB)
  • Per-user quota tracking and display in admin
  • Not editable via UI (requires YAML change)

NOT STARTED:

  • Retention policies (auto-delete old blobs)
  • Hold service log viewer

Crew Management — DONE (hold admin panel)

Implemented in pkg/hold/admin/handlers_crew.go:

  • Add crew by DID with role, permissions (blob:read, blob:write, crew:admin), and tier
  • Crew list showing handle, role, permissions, tier, usage, quota
  • Edit crew permissions and tier
  • Remove crew members
  • Bulk JSON import/export with deduplication (handlers_crew_io.go)

NOT STARTED:

  • Invitation links (OAuth-based, currently must know DID)
  • Invite by handle (currently DID-only)
  • Crew request workflow (users can't self-request access)
  • Approval/rejection flow

Hold Analytics — PARTIAL

Storage metrics — DONE (hold admin):

  • Total blobs, total size, unique digests
  • Per-user quota stats (total size, blob count)
  • Top users by storage (lazy-loaded HTMX partial)
  • Crew count and tier distribution

NOT STARTED:

  • Access metrics (downloads, pulls, bandwidth)
  • Growth over time charts
  • Cost estimation
  • Geographic distribution
  • Access logs

Discovery & Social Features

Federated Browse & Search — PARTIAL

Basic search — DONE:

  • Full-text search across handles, DIDs, repo names, and annotations
  • Search UI with HTMX lazy loading and pagination
  • Navigation bar search component

NOT STARTED:

  • Filter by user, hold, architecture, date range
  • Sort by popularity, recency, size
  • Advanced query syntax
  • Popular/trending images
  • Categories and user-defined tags

Sailor Profiles — PARTIAL

Public profile page — DONE:

  • /u/{handle} shows user's avatar, handle, DID, and all public repositories
  • OpenGraph meta tags and JSON-LD structured data

NOT STARTED:

  • Bio/description field
  • Website links
  • Statistics (total images, total pulls, joined date)
  • Pinned/featured repositories

Social Features — PARTIAL (stars only)

Stars — DONE:

  • Star/unstar repositories stored as io.atcr.star ATProto records
  • Star counts displayed on repository pages

NOT STARTED:

  • Follow other sailors
  • Comment on images
  • Like/upvote images
  • Activity feed
  • Federated timeline / custom feeds
  • Sharing to Bluesky/ATProto social apps

Access Control & Permissions

Hold-Level Access Control — DONE

  • Public/private hold toggle (admin UI + OCI enforcement)
  • Crew permissions: blob:read, blob:write, crew:admin
  • blob:write implicitly grants blob:read
  • Captain has all permissions implicitly
  • See docs/BYOS.md

Repository-Level Permissions — BLOCKED

  • Private repositories blocked by ATProto — no private records support yet
  • Repository-level permissions, collaborator invites, read-only tokens all depend on this
  • May require proxy layer or encrypted blobs when ATProto adds private record support

Team/Organization Accounts — NOT STARTED

  • Organization accounts, RBAC, SSO, audit logs
  • Likely a later-stage feature

Analytics & Monitoring

Dashboard — PARTIAL

Hold dashboard — DONE (hold admin):

  • Storage usage, crew count, tier distribution

Personal dashboard — NOT STARTED:

  • Overview of your images, holds, activity
  • Quick stats, recent activity, alerts

Pull Analytics — NOT STARTED

  • Pull count per image/tag
  • Pull count by client, geography, over time
  • User analytics (authenticated vs anonymous)

Alerts & Notifications — NOT STARTED

  • Alert types (quota exceeded, vulnerability detected, hold down, etc.)
  • Notification channels (email, webhook, ATProto, Slack/Discord)

Developer Tools & Integrations

Credential Helper — DONE

  • Install page at /install with shell scripts
  • Version API endpoint for automatic updates

API Documentation — NOT STARTED

  • Swagger/OpenAPI specs
  • Interactive API explorer
  • Code examples, SDKs

Webhooks — NOT STARTED

  • Repository-level webhook registration
  • Events: manifest.pushed, tag.created, scan.completed, etc.
  • Test, retry, delivery history

CI/CD Integration — NOT STARTED

  • GitHub Actions, GitLab CI, CircleCI example workflows
  • Pre-built actions/plugins
  • Build status badges

Infrastructure as Code — PARTIAL

DONE:

  • Custom UpCloud deployment tool (deploy/upcloud/) with Go-based provisioning, cloud-init, systemd, config templates
  • Docker Compose for dev and production

NOT STARTED:

  • Terraform modules
  • Helm charts
  • Kubernetes manifests (only an example verification webhook exists)
  • GitOps integrations (ArgoCD, FluxCD)

Documentation & Onboarding — PARTIAL

DONE:

  • Install page with credential helper setup
  • Learn more page
  • Internal developer docs (docs/)

NOT STARTED:

  • Interactive onboarding wizard
  • Product tour / tooltips
  • Help center with FAQs
  • Video tutorials
  • Comprehensive user-facing documentation site

Advanced ATProto Integration

Data Export — DONE

  • GDPR-compliant data export (ExportUserDataHandler)
  • Fetches data from AppView DB + all holds where user is member/captain

Record Viewer — NOT STARTED

  • Browse io.atcr.* records with raw JSON view
  • Record history, diff viewer
  • ATP URI links

PDS Integration — NOT STARTED

  • Multi-PDS support, PDS health monitoring
  • PDS migration tools
  • "Verify on PDS" button

Federation — NOT STARTED

  • Cross-AppView image pulls
  • AppView discovery
  • Federated search

UI/UX Enhancements

Theming — PARTIAL

DONE:

  • Light/dark mode with system preference detection and toggle
  • Responsive design (Tailwind/DaisyUI, mobile-friendly)
  • PWA manifest with icons (no service worker yet)

NOT STARTED:

  • Custom themes
  • WCAG 2.1 AA accessibility audit
  • High contrast mode
  • Internationalization (i18n)
  • Native mobile apps

Performance — PARTIAL

DONE:

  • HTMX lazy loading for data-heavy partials
  • Efficient server-side rendering

NOT STARTED:

  • Service worker for offline caching
  • Virtual scrolling for large lists
  • GraphQL API
  • Real-time WebSocket updates in UI

Enterprise Features — NOT STARTED (except billing)

Billing — DONE

  • Stripe integration (pkg/hold/billing/, requires -tags billing build tag)
  • Checkout sessions, customer portal, subscription webhooks
  • Tier upgrades/downgrades

Everything Else — NOT STARTED

  • Organization accounts with SSO (SAML, OIDC)
  • RBAC, audit logs for compliance
  • SOC 2, HIPAA, GDPR compliance tooling (data export exists, see above)
  • Image scanning policy enforcement
  • Paid tier SLAs

Miscellaneous Ideas — NOT STARTED

These remain future ideas with no implementation:

  • Image build service — Cloud-based Dockerfile builds
  • Registry mirroring — Pull-through cache for Docker Hub, ghcr.io, etc.
  • Deployment tools — One-click deploy to K8s, ECS, Fly.io
  • Image recommendations — ML-based "similar images" and "people also pulled"
  • Gamification — Achievement badges, leaderboards
  • Advanced search — Semantic/AI-powered search, saved searches

Updated Priority List

Already done (was "High Priority"):

  1. Multi-architecture image support — display working
  2. Vulnerability scanning integration — backend complete
  3. Hold management dashboard — implemented on hold admin panel
  4. Basic search — working

Remaining high priority:

  1. Scan results UI in AppView (backend exists, just needs frontend)
  2. SBOM display UI in AppView (backend exists, just needs frontend)
  3. Webhooks for CI/CD integration
  4. Enhanced search (filters, sorting, advanced queries)
  5. Richer sailor profiles (bio, stats, pinned repos)

Medium priority:

  1. Layer inspection UI
  2. Pull analytics and monitoring
  3. API documentation (Swagger/OpenAPI)
  4. Tag management (promotion, protection, aliases)
  5. Onboarding wizard / getting started guide

Low priority / long-term:

  1. Team/organization accounts
  2. Image build service
  3. Registry mirroring
  4. Federation features
  5. Internationalization

Blocked on external dependencies:

  1. Private repositories (requires ATProto private records)
  2. Federated timeline (requires ATProto feed infrastructure)

Note: This is a living document. Features may be added, removed, or reprioritized based on user feedback, technical feasibility, and ATProto ecosystem evolution.

Last audited: 2026-02-12

Reference in New Issue View Git Blame Copy Permalink