Reference
Roadmap
CoreSDK's phased delivery plan — what ships in each phase, success metrics, and what's coming next.
Roadmap
CoreSDK is delivered in four phases. Each phase has a concrete goal, a defined set of features, and a measurable success gate before the next phase begins.
Phase 1a — Core Engine (Current)
Goal: Ship the Rust engine as a stable, embeddable artifact. Rust services link the crate. Non-Rust teams evaluate via the gRPC binary. Nothing else ships until the Core API is frozen.
Gate: One design partner integration ships with a real IdP. 1.0.0 tagged.
| Feature | Notes |
|---|---|
| JWT / OIDC / OAuth 2.0 auth | RS256, ES256, PS256; JWK rotation; JWE decryption |
| RBAC + ABAC policy engine | regorus (Rust-native Rego); p99 <2ms for up to 50 rules with warm cache |
| Config management + hot reload | File, env, or remote sources; no restart required |
| PII and secrets masking | Applied before any log write, trace export, or error response |
| Tenant context propagation | Injected into every request and engine operation |
| Multi-tenancy enforcement | Logical isolation enforced at policy evaluation level |
| RFC 9457 error format | application/problem+json on all engine responses |
| TLS 1.3 transport | ECDSA P-256; no TLS 1.2 fallback |
Versioned gRPC API (v1) | Proto frozen after design partner gate |
| Resilience primitives | Retries, circuit breakers, timeout policies |
Phase 1b — Sidecar + Python SDK
Goal: Python developer instruments a FastAPI service in under 30 minutes. Traces flow to their existing backend. Secrets never appear in exported spans.
Gate: Developer demo end-to-end. PII audit passes. coresdk PyPI package published.
| Feature | Notes |
|---|---|
| Sidecar daemon | Embeds Core Engine; gRPC/HTTP local API; mTLS; graceful drain |
| Offline mode | HMAC-SHA256-verified cache; rejected if tampered; keys over mTLS only |
| Customer egress policies | Operator-authored Rego bundle; evaluated before any export |
| Python SDK | FastAPI, Flask, Django middleware; @trace; RFC 9457 errors; coresdk.testing |
| Structured logging | OTel Logs (OTLP); ECS field names; W3C traceparent/tracestate |
| Distributed tracing | OTel Traces (OTLP); W3C Trace Context header propagation |
| OTel Metrics export | OTLP + Prometheus/OpenMetrics |
| Intent annotations | @trace(intent="...") → OTel span attribute |
| Recovery hints | Confidence-scored next-steps on RFC 9457 errors |
| CLI tooling | core trace tail (TUI viewer), core policy test, core config validate |
Phase 2 — Production Readiness
Goal: Everything a team needs to operate at production scale across multiple tenants.
Gate: 20+ teams in production. Feature flags and rate limiting in active use.
| Feature | Notes |
|---|---|
| Feature flags | Per tenant/user; percentage rollouts; instant kill-switches; no redeploy |
| Rate limiting | Token bucket; approximate; fail-open by default; configurable fail-closed |
| Tamper-evident audit trails | Hash-chained records; periodic checkpoint to control plane |
| Licensing and metering | PKI-signed JWS tokens; verified locally; air-gap capable |
| Sidecar auto-update | Signed bundles; automatic rollback on failed health check |
| Pluggable caching | In-memory + Redis; TLS 1.3 + auth required for all external backends |
| Secrets vault integration | HashiCorp Vault, AWS Secrets Manager, Azure Key Vault; memory-only |
| Data validation | JSON Schema + protobuf; validation results available in Rego |
| Go SDK | net/http, gin, echo middleware; OTel; RFC 9457 |
| TypeScript SDK | Express, Fastify, Next.js middleware; connect-es; ESM-first |
| Java/Spring Boot starter | CoreSdkAutoConfiguration; Maven Central; Spring Boot 3.x |
| SAML 2.0 / Enterprise SSO | IdP integration; complements OIDC |
| SCIM provisioning | RFC 7643/7644; Okta, Azure AD |
| LLM-optimized trace export | RFC 9457 + call chain + recovery hints; no variable values; egress-gated |
| AI root cause analysis | Local-only by default; external LLM opt-in |
| CloudEvents envelope | OTel events wrapped in CloudEvents for event-driven systems |
| Control plane (SaaS + self-hosted) | Config sync, policy distribution, audit aggregation; not required for runtime |
Phase 3 — Enterprise
Goal: Pass enterprise security reviews. Close regulated-industry customers at $50K+/year.
Gate: SOC 2 Type II report available. 5+ paying enterprise customers.
| Feature | Notes |
|---|---|
| Configurable PII redaction rules | Regex + field patterns; GDPR Art. 25, CCPA, ISO 27018 |
| Compliance controls package | SOC 2 Type II, HIPAA, GDPR, PCI DSS, NIST SP 800-53 |
| Security hooks | Pre/post execution; boot-time registration only; OWASP ASVS |
| SLA/SLO tracking | OTel Metrics → Prometheus/Grafana |
| On-premise deployment | Kubernetes Helm chart; air-gapped mode; zero outbound |
| On-premise control plane | Included in Helm chart |
| Data residency controls | Region-specific routing; GDPR, UAE PDPL |
| SBOM + dependency audit | CVE-aware; CI integration; blocks on known vulnerabilities |
| HSM / PKCS#11 integration | Hardware key storage via KeyProvider trait |
Success metrics
| Phase | Metric | Target |
|---|---|---|
| 1a | Policy evaluation latency (p99) | <2 ms |
| 1a | Design partner integrations (Rust) | 3+ |
| 1b | Time to first instrumented service | <30 min |
| 1b | Weekly active developers | 100+ |
| 1b | Secrets in exported traces | 0 incidents |
| 2 | Teams running in production | 20+ |
| 2 | Weekly active users | 500+ |
| 3 | Enterprise customers | 5+ |
| 3 | Average contract value (ACV) | $50K+ |
What we are not doing
- No TLS 1.2 automatic fallback — explicit opt-in only
- No variable values in exported traces or LLM payloads — ever
- No dynamic hook registration at runtime — security hooks are boot-time only
- No OPA process dependency —
regorusruns in-process
Next steps
- Architecture — how the three layers fit together
- Getting Started — start using CoreSDK today
- Configuration Reference — all config keys