Roadmap

Build Sequence and Milestones

Last updated: March 3, 2026. This roadmap tracks implementation order, not marketing order.

For website UI/UX and page consistency reviews, use the dedicated Site QA Roadmap.

Why Linux First

Trust and Detection Model Stability

Linux is the fastest path to technically credible early feedback from security operators and self-custody users.
Linux collector surfaces are predictable enough to stabilize baseline and compare contracts early.
CLI-first on Linux validates the core engine and schema before UI complexity or platform-specific packaging overhead.

Milestones

Dated Delivery Plan

Phase 1: Linux CLI

Target: Q2 2026

preflight, baseline set, compare run, inspect, and --json.
Public finding schema and JSON output contract for automation and integration.

Phase 2: macOS CLI

Target: Q3 2026

Coverage for macOS-relevant persistence and trust surfaces.
Distribution pipeline includes Apple notarization requirements.

Phase 3: Windows CLI

Target: Q4 2026

Windows-specific noise reduction and persistence detection tuning.
Parity output contract with Linux and macOS implementations.

Phase 4: Unified GUI

Target: Q1 2027

Cross-platform GUI as a second entry point, not a separate truth source.
CLI and GUI consume the same finding schema and decision model.

Contract First

Platform Surface Depends on Stable JSON

The preflight result schema and CLI JSON contract are treated as product interfaces. Integrations, CI workflows, and downstream tools depend on this contract remaining explicit and versioned.

Read preflight-result.v1 Contract View Engineering Notes

Browser Scan

Browser-Aware Drift Is a Dedicated Layer

Browser scanning is planned as a bounded integrity layer that complements filesystem scanning. It translates raw file drift into browser-level findings such as extension changes, profile drift, and policy posture differences.

Initial focus: browser discovery, profile enumeration, extension inventory, policy state, and key security-relevant settings drift.
Primary fit: PreFlight include path and/or dedicated browser command surface.
Deliberate boundary: no content-surveillance behavior in v1 (no history/cookie/password extraction).