Roadmap
Roadmap
AI Governance Infrastructure — When governance is structural, agent capabilities become safely tradeable.
Phase Overview
Phase 1-3d v0.1 v0.2 v0.3 v1.0
Foundation Initial Release Plugin System+OAuth Bot Enhancement Production Ready
Completed Completed Completed Completed ──────────▶
Completed
v0.1 — Initial Release
- Three-layer resource model (ResourceType -> Resource -> Bot)
- Unified plugin contract (ToolDef + ScopeDimension + CostDef)
- ToolCatalog loading tool index from database
- Declarative scope checker
- 3 built-in types + GitHub reference plugin (8 tools)
- Full documentation + bilingual (English/Chinese)
- Code review: 3 rounds, 49 fixes
v0.2 — Plugin System + OAuth + SDK Infrastructure
- auth_methods data model — AuthMethod enum, AuthMethodDef, unified credential creation UI
- OAuth infrastructure — OAuthProvider management, authorize/callback flow, automatic token refresh
- Plugin auto-discovery — PluginManifest, PluginLoader, PluginManager, REST API, 24 tests
- .mst import + hot-reload — Upload, validate, extract, reload plugins at runtime
- Plugin i18n + SDK + CLI — Locale translations, monstrum_sdk package, CLI scaffolding
- OAuth SDK — Multi grant type support (AuthCode + PKCE + ClientCreds + DeviceCode)
- Token lifecycle management — Background refresh, per-credential locking, expiry notifications
- SDK infrastructure — HttpExecutorBase, PluginClient, Platform SDK, 49 tests
v0.3 — Bot Enhancement + Feature Completion
- Bot capabilities — Async task lifecycle, local OS execution, web access (multi-engine search), bot memory tools, Skills system, proactive messaging, scheduled task tools
- Session management — Session persistence, task progress reporting, channel binding, group chat formatting, conversation compression
- Memory system — Database migration, partitioned memory (origin field), MemoryContext three-layer cache, LLM-based memory extraction
- Prompt management — 9 centralized prompt keys, three-layer resolution, DB storage + API + UI
- Workflow improvements — AST condition evaluator, parallel fail-fast, DAG cycle detection, timeout budgets, variable piping, event/schedule triggers, execution cancellation
- Events & delegation — Unified event system (PlatformEvent + EventSubscription + EventDispatcher), Bot event tools, DelegateConstraints
- Infrastructure — Docker Sandbox, Gateway message policies, Agent Mode (reactive/planning/adaptive)
v1.0 — Production Ready
Planned Features
| ID | Feature | Description | Priority |
|---|
| B2 | Streaming responses (SSE/WebSocket) | Real-time LLM output push to frontend | High |
| B5 | Budget alerts | Notify users when thresholds are reached | Medium |
| RA1-4 | Resource Alias | Multi-credential tool routing | Medium |
| R1 | BotRole permission model | RBAC role preset permission templates | Medium |
| DX3 | Error message improvements | Errors include context and fix suggestions | Low |
| P6 | Frontend bundle optimization | Route lazy loading + antd tree-shaking | Low |
Template Marketplace Enhancements
| Feature | Description |
|---|
| Template versioning | Templates support version numbers, users can deploy specific versions |
| Ratings and reviews | Community feedback mechanism for quality filtering |
| One-click deploy optimization | Auto-detect required ResourceTypes and Providers |
Long-term Backlog
| Feature | Description |
|---|
| Bot cloning | Copy existing Bot configuration to create new Bot |
| Credential expiry reminders | Notify N days before expiration |
| Resource health checks | Periodic heartbeat, offline alerts |
| Workflow Dry-Run | Preview execution path without running |
| Human handoff | Transfer conversation to human operator |
| Task subtree visualization | Nested call parent-child relationship display |
Milestones
| Version | Goal | Status |
|---|
| v0.1 | Initial release: full features + docs + three-layer resource model | Released |
| v0.2 | Plugin system + OAuth + SDK infrastructure | Completed |
| v0.3 | Bot enhancement + session persistence + partitioned memory + prompt management + workflow + events + Docker sandbox | Completed |
| v1.0 | Production ready: security scanning, horizontal scaling, enterprise SSO | Long-term |