Skip to main content

v0.4 Roadmap

Scope

v0.4 is a focused release: ship the minimum needed for production adoption, with no optional ecosystem extras.

Must-Ship Outcomes

  • normative verifier contract (interface, outputs, error model)
  • cross-language verifier registration pattern (no centralized service required)
  • expanded conformance suite with machine-readable CI output
  • baseline risk-tier taxonomy with deterministic classification rules
  • minimal governance process (RFC template + compatibility/deprecation policy)
  • minimal observability profile (UAICP envelope to OpenTelemetry mapping)

Non-Goals

  • compliance badges
  • hosted verifier registry service
  • vendor-specific observability integrations (Datadog/New Relic specific exporters)
  • multiple policy bundles beyond baseline defaults

Milestones

M1: Governance + RFC Process

  • deliverables:
  • governance/RFC-TEMPLATE.md
  • compatibility policy and deprecation policy docs
  • release checklist requiring RFC references for spec changes
  • acceptance criteria:
  • two RFCs merged: verifier contract RFC and observability profile RFC
  • no spec-changing PR merges without RFC linkage

M2: Verifier Contract

  • deliverables:
  • runVerifier normative contract in specification docs
  • required verifier result schema and outcome codes
  • adapter registration pattern in TypeScript, Python, Rust docs
  • acceptance criteria:
  • all official adapters implement the same verifier input/output shape
  • fixture parity tests pass across official adapters

M3: Conformance v2

  • deliverables:
  • richer fixtures for envelope, evidence, verifier, policy gate, streaming, rollback
  • required vs optional capability matrix
  • versioned conformance-report.json format
  • acceptance criteria:
  • official adapters pass 100% of required checks
  • CI publishes conformance reports as build artifacts on every PR

M4: Risk Taxonomy + Observability Profile

  • deliverables:
  • standard risk classes and escalation rules for read_only, write_low_risk, write_high_risk
  • OpenTelemetry field mapping for IDs, gate decisions, verifier outcomes
  • acceptance criteria:
  • deterministic risk classification tests pass in all official adapters
  • integration tests confirm trace correlation using trace_id and request_id

Release Gates

  • all required conformance checks green in CI
  • migration notes from v0.3 to v0.4 published
  • no unresolved spec-breaking issues tagged v0.4-blocker

Suggested Timeline

  • M1: week 1
  • M2: weeks 2-3
  • M3: weeks 4-5
  • M4 + RC: weeks 6-7