This roadmap breaks work into clear phases so you can pick the next most valuable items quickly.
- PR discipline: Enforce branch protection requiring “PR Check” (already configured in workflows; ensure GitHub rule is on).
- Secrets hygiene: Move all deploy secrets into repo/environment secrets; prohibit
.envcommits via pre-commit hook. - Smoke tests: Keep
/healthand/readinessendpoints green; add UI smoke (landing page loads) to CI.
- Structured logging: Add JSON logging for FastAPI (uvicorn access + app logs) with request IDs; forward to stdout for Docker/Traefik.
- Error reporting: Wire Sentry (or OpenTelemetry + OTLP) for backend exceptions and front-end errors.
- Metrics: Expose
/metrics(Prometheus) for FastAPI; Traefik already exposes metrics option—enable when scraping is available. - Tracing: Add OTEL middleware to FastAPI; propagate trace IDs through to Claude/Gemini calls when possible.
- Local dev parity: Add
docker-compose.dev.ymlwith hot-reload for FastAPI + Vite UI; document one-command setup. - Makefile/taskfile: Common commands (
make dev,make test,make lint,make format,make seed). - Pre-commit: Ruff, mypy, black (if adopted), eslint/prettier for
ui/. - Typed APIs: Add mypy strict mode to
server/and typeschemas.pyfully (Pydantic v2 ConfigDict).
- Model selection UI: Let users choose assistant provider (Claude/Gemini) in settings; display active provider badge in chat.
- Tooling guardrails: Gemini supports function calling and managed tools (custom & automatic function calling, parallel/compositional calls, built-in tools like Search/Maps/Code Execution) with modes AUTO, ANY, NONE, VALIDATED. UI should reflect full Gemini capabilities rather than treating as chat-only.
- Conversation persistence: Add pagination/search over assistant history; export conversation to file.
- Feature board: Surface feature stats/graph from MCP in the UI (read-only dashboard).
- AuthN/AuthZ: Add optional login (JWT/OIDC) gate for UI/API; role for “admin” vs “viewer” at least.
- Rate limiting: Enable per-IP rate limits at Traefik and per-token limits in FastAPI.
- Audit trails: Log agent actions and feature state changes with user identity.
- Headers/HTTPS: HSTS via Traefik, content-security-policy header from FastAPI.
- Caching: CDN/Traefik static cache for UI assets; server-side cache for model list/status endpoints.
- Worker separation: Optionally split agent runner from API via separate services and queues (e.g., Redis/RQ or Celery).
- Background jobs: Move long-running tasks to scheduler/worker with backoff and retries.
- Backend tests: Add pytest suite for key routers (
/api/setup/status, assistant chat happy-path with mock Claude/Gemini). - Frontend tests: Add Vitest + React Testing Library smoke tests for core pages (dashboard loads, settings save).
- E2E: Playwright happy-path (login optional, start agent, view logs).
- Coverage: Fail CI if coverage drops below threshold (start at 60–70%).
- Blue/green deploy: Add image tagging
:sha+:latest(already for CI) with Traefik service labels to toggle. - Backups: Snapshot
~/.autocoderdata volume; document restore. - Runbooks: Add
RUNBOOK.mdfor common ops (restart, rotate keys, renew certs, roll back).
- Getting started: Short path for “run locally in 5 minutes” (scripted).
- Config matrix: Document required/optional env vars (Claude, Gemini, DuckDNS, Traefik, TLS).
- Architecture: One-page diagram: UI ↔ FastAPI ↔ Agent subprocess ↔ Claude/Gemini; MCP servers; Traefik front.
- Telemetry-driven tuning: Auto-select model/provider based on latency/cost SLA.
- Cost controls: Show per-run token/cost estimates; configurable budgets.
- Offline/edge mode: Ollama provider toggle with cached models.
- Pick the next phase that unblocks your current goal (reliability → platform → product).
- Keep PRs small and scoped to one bullet.
- Update this document when a bullet ships or is reprioritized.