This document outlines the development roadmap for ServerKit. Features are organized by phases and priority.
- New UI & Services Page - Integrated full Services page with detail views, metrics, logs, and shell.
- Environment Pipeline - Multi-environment management for WordPress (Prod/Staging/Dev) with promotion/sync.
- Visual Infrastructure Designer - Node-based visual canvas for stack deployment and server overview.
- Advanced Monitoring UI - Real-time log streaming and terminal integration in the dashboard.
- Template Library Expansion - Over 60+ one-click deployment templates (Immich, Authelia, Ghost, etc.).
- Team & Permissions - RBAC with admin/developer/viewer roles, invitations, audit logging
- SSO & OAuth Login - Google, GitHub, OIDC, SAML with account linking
- Flask backend with SQLAlchemy ORM
- React frontend with Vite
- JWT-based authentication
- Real-time WebSocket updates
- System metrics (CPU, RAM, disk, network)
- Docker and Docker Compose support
- SQLite/PostgreSQL database support
- PHP/WordPress application deployment
- Python (Flask/Django) application support
- Node.js application management with PM2
- Docker container management
- Environment variable management
- Application start/stop/restart controls
- Log viewing per application
- Nginx virtual host management
- Domain configuration interface
- Let's Encrypt SSL integration
- SSL certificate auto-renewal
- Redirect management (HTTP → HTTPS)
- MySQL/MariaDB database support
- PostgreSQL database support
- Database creation/deletion
- User management per database
- Basic query interface
- Web-based file manager
- File upload/download
- File editing with syntax highlighting
- vsftpd FTP server integration
- FTP user management
- Real-time system metrics
- Server uptime tracking
- Customizable alert thresholds
- Discord webhook notifications
- Slack webhook notifications
- Telegram bot notifications
- Generic webhook support
- Alert history and logging
- Two-factor authentication (TOTP)
- Backup codes for 2FA recovery
- ClamAV malware scanning
- Quick scan / Full scan options
- File quarantine management
- File integrity monitoring
- Failed login detection
- Security event logging
- Cron job management
- Visual cron expression builder
- Job execution history
- Enable/disable jobs
- UFW firewall integration
- Visual rule management
- Common port presets
- Rule enable/disable
- Consolidated into Security page for unified security management
Priority: High
- Agent-based remote server monitoring (Go agent)
- Centralized dashboard for multiple servers
- Server grouping and tagging
- Cross-server metrics comparison
- Remote Docker management via agents
- Server health overview
- Agent WebSocket gateway
- HMAC-SHA256 authentication
- GitHub Actions for agent releases (Linux/Windows)
- Installation scripts endpoint
- Agent auto-update mechanism
- Agent download page in UI
- Container logs streaming for remote servers
Priority: High
- GitHub/GitLab webhook integration
- Automatic deployment on push
- Branch selection for deployment
- Rollback to previous deployments
- Deployment history and logs
- Pre/post deployment scripts
- Zero-downtime deployments
Priority: High
- Automated database backups
- File/directory backups
- S3-compatible storage support
- Backblaze B2 integration
- Backup scheduling
- One-click restore
- Backup retention policies
- Offsite backup verification
Priority: Medium
- Postfix mail server setup
- Dovecot IMAP/POP3 configuration
- Email account management
- Spam filtering (SpamAssassin)
- DKIM/SPF/DMARC configuration
- Webmail interface integration
- Email forwarding rules
Priority: High
The visual canvas for designing and deploying entire infrastructure stacks.
- Node-based Visual Canvas (
WorkflowBuilder.jsx) using React Flow - Infrastructure component nodes (Docker, Database, Domain, Service)
- Smart connection rules (link apps to DBs, domains to apps)
- One-click stack deployment from the canvas
- Template-based stack generation
- Server overview mode (visualize existing infrastructure)
Priority: Medium
- Multi-user support
- Role-based access control (RBAC)
- Custom permission sets
- Audit logging per user
- Team invitations
- Activity dashboard
Priority: Medium
- API key management
- Rate limiting
- Webhook event subscriptions
- OpenAPI/Swagger documentation
- API usage analytics
Priority: High
- Unified Security page with all security features
- Firewall tab with UFW/firewalld management
- Fail2ban integration
- SSH key management
- IP allowlist/blocklist
- Brute force protection
- Security audit reports
- Vulnerability scanning (Lynis)
- Automatic security updates (unattended-upgrades/dnf-automatic)
Priority: High
- Google OAuth 2.0 login
- GitHub OAuth login
- Generic OpenID Connect (OIDC) provider support
- SAML 2.0 support for enterprise environments
- Social login UI (provider buttons on login page)
- Account linking (connect OAuth identity to existing local account)
- Auto-provisioning of new users on first SSO login
- Configurable SSO settings (enable/disable providers, client ID/secret management)
- Enforce SSO-only login (disable password auth for team members)
- SSO session management and token refresh
Priority: High
- Flask-Migrate (Alembic) integration
- Migration wizard UI (Completed)
- CLI fallback support
Priority: Critical
Integrated full Services page with detail views, metrics, logs, shell, settings, and package management.
- Services list page with status indicators and quick actions
- Service detail page with tabbed interface (Metrics, Logs, Shell, Settings, Commands, Events, Packages)
- Git connect modal for linking services to repositories
- Gunicorn management tab for Python services
- Service type detection and type-specific UI (Node, Python, PHP, Docker, etc.)
Priority: High
- WordPress multi-environment pipeline (Prod/Staging/Dev)
- Code and Database promotion between environments
- Production syncing and environment locking
Priority: High
- Real-time log streaming via WebSocket with ANSI color support
- Web-based terminal (
Terminal.jsx) with shell access - Per-app resource usage charts (CPU, RAM)
- Log search and filtering
The phases below are ordered by priority. Higher phases ship first.
Priority: Critical
Moving beyond static design to dynamic, event-driven automation. This turns ServerKit into a powerful automation hub.
- Visual Workflow Builder: Node-based canvas with drag-and-drop nodes, connection validation, and config panels
- Cron Integration: Schedule workflows to run on recurring intervals (e.g., "Every Sunday at 2 AM, backup all DBs and rotate logs")
- Manual Execution: Trigger workflows on demand with optional context data
- Execution History: Track workflow execution status, per-node results, and timestamped logs
- Script Nodes: Custom Shell script execution nodes with output capture
- Notification Nodes: Send alerts via configured notification channels
- One-Click Stack Deployment: Deploy full infrastructure (databases, apps, domains) from a workflow diagram
Priority: High
Let users personalize what they see. Not everyone runs email servers or manages Docker — the sidebar should adapt to each user's needs.
- Sidebar configuration page in Settings
- Preset view profiles (Full, Web Hosting, Email Admin, Docker/DevOps, Minimal)
- Custom view builder — toggle individual sidebar items on/off
- Per-user preference storage (saved to user profile)
Priority: High
Complete the workflow engine with proper execution logic, missing triggers, and production-grade reliability.
- DAG Execution: Full directed acyclic graph traversal with parallel branch support (replace current linear BFS)
- Logic Node Evaluation: If/Else condition evaluation with true/false branching
- Variable Interpolation: Pass data between steps using
${node_id.field}and{{placeholder}}syntax in node configs - Webhook Triggers: Register
/hooks/<webhook_id>endpoint to fire workflows on incoming HTTP requests - Event Triggers: Run workflows on system events (health check failure, high CPU/memory, git push, app stopped)
- Notification Templating: Message placeholder substitution (
${node_id.stdout},{{workflow_name}}) in notification nodes - Execution Timeouts: Configurable timeout per node (1–3600s) to prevent hung workflows
- Retry on Failure: Configurable retry count (0–5) and delay per node
- Circular Dependency Detection: Kahn's algorithm validates graph on save and before execution
- Script Sandboxing: Timeout enforcement, output size limits, explicit
bash -c/python3 -cexecution
Priority: High
Level up agent management from "connect and monitor" to full fleet control.
- Agent version tracking and compatibility matrix (panel version ↔ agent version)
- Push agent upgrades from the panel (single server or fleet-wide rollout)
- Staged rollout support — upgrade agents in batches with health checks between waves
- Agent health dashboard — connection uptime, heartbeat latency, command success rate per agent
- Auto-discovery of new servers on the local network (mDNS/broadcast scan)
- Agent registration approval workflow (admin must approve before agent joins fleet)
- Bulk agent operations — restart, upgrade, rotate keys across selected servers
- Agent changelog and release notes visible in UI
- Offline agent command queue — persist commands and deliver when agent reconnects
- Command retry with configurable backoff for failed/timed-out operations
- Agent connection diagnostics — test connectivity, latency, firewall check from panel
Priority: High
Fleet-wide visibility — see everything at a glance and catch problems early.
- Fleet overview dashboard — heatmap of all servers by CPU/memory/disk usage
- Server comparison charts — overlay metrics from multiple servers on one graph
- Per-server alert thresholds (CPU > 80% for 5 min → warning, > 95% → critical)
- Anomaly detection — automatic baseline learning, alert on deviations
- Custom metric dashboards — drag-and-drop widgets, save layouts per user
- Metric correlation view — spot relationships between metrics across servers
- Capacity forecasting — trend-based predictions (disk full in X days, memory growth rate)
- Metrics export — Prometheus endpoint (
/metrics), CSV download, JSON API - Grafana integration guide and pre-built dashboard templates
- Fleet-wide search — find which server is running a specific container, service, or port
Priority: High
Make the agent extensible — let users add custom capabilities without modifying agent core. This is the foundation for future integrations (Android device farms, IoT fleets, custom hardware monitoring, etc.).
- Plugin specification — standard interface (init, healthcheck, metrics, commands)
- Plugin manifest format (YAML/JSON) — name, version, dependencies, capabilities, permissions
- Plugin lifecycle management — install, enable, disable, uninstall, upgrade
- Plugin isolation — each plugin runs in its own process/sandbox with resource limits
- Plugin communication — standardized IPC between plugin and agent core
- Custom metrics reporters — plugins can push arbitrary metrics to the panel
- Custom health checks — plugins define checks that feed into the status system
- Custom commands — plugins register new command types the panel can invoke
- Scheduled tasks — plugins can register periodic jobs (cron-like)
- Event hooks — plugins can react to agent events (connect, disconnect, command, alert)
Priority: Medium
Define what a server should look like, apply it, and detect when it drifts.
- Server template builder — define expected state (packages, services, firewall rules, users, files)
- Template library — save and reuse templates (e.g., "Web Server", "Database Server", "Mail Server")
- Apply template to server — install packages, configure services, set firewall rules via agent
- Config drift detection — periodic comparison of actual vs. expected state
- Drift report UI — visual diff showing what changed and when
- Auto-remediation option — automatically fix drift back to template (with approval toggle)
- Template versioning — track changes to templates over time
- Template inheritance — base template + role-specific overrides
- Bulk apply — roll out template changes across server groups
- Compliance dashboard — percentage of fleet in compliance per template
Priority: Medium
Isolate servers by team, client, or project. Essential for agencies, MSPs, and larger teams.
- Workspace model — isolated container for servers, users, and settings
- Workspace CRUD — create, rename, archive workspaces
- Server assignment — each server belongs to exactly one workspace
- User workspace membership — users can belong to multiple workspaces with different roles
- Workspace switching — quick-switch dropdown in the header
- Per-workspace settings — notification preferences, default templates, branding
- Workspace-scoped API keys — API keys restricted to a single workspace
- Cross-workspace admin view — super-admin can see all workspaces and usage
- Workspace usage quotas — limit servers, users, or API calls per workspace
- Workspace billing integration — track resource usage per workspace for invoicing
Priority: Medium
- Certificate expiry monitoring
- Wildcard SSL certificates via DNS-01 challenge
- Multi-domain certificates (SAN)
- Custom certificate upload (key + cert + chain)
- Certificate expiry notifications (email/webhook alerts before expiration)
- SSL configuration templates (modern, intermediate, legacy compatibility)
- SSL health check dashboard (grade, cipher suites, protocol versions)
Priority: Medium
Full DNS record management with provider API integration.
- DNS zone editor UI (A, AAAA, CNAME, MX, TXT, SRV, CAA records)
- Cloudflare API integration (list/create/update/delete records)
- Route53 API integration
- DigitalOcean DNS integration
- DNS propagation checker (query multiple nameservers)
- Auto-generate recommended records for hosted services (SPF, DKIM, DMARC, MX)
- DNS template presets (e.g., "standard web hosting", "email hosting")
- Bulk record import/export (BIND zone file format)
Priority: Medium
Go beyond basic virtual hosts — full reverse proxy and performance configuration.
- Visual reverse proxy rule builder (upstream servers, load balancing methods)
- Load balancing configuration (round-robin, least connections, IP hash)
- Caching rules editor (proxy cache zones, TTLs, cache bypass rules)
- Rate limiting at proxy level (per-IP, per-route)
- Custom location block editor with syntax validation
- Header manipulation (add/remove/modify request/response headers)
- Nginx config syntax check before applying changes
- Config diff preview before saving
- Access/error log viewer per virtual host
Priority: Medium
Public-facing status page and automated health monitoring.
- Automated health checks (HTTP, TCP, DNS, SMTP) with configurable intervals
- Public status page (standalone URL, no auth required)
- Status page customization (logo, colors, custom domain)
- Service grouping on status page (e.g., "Web Services", "Email", "APIs")
- Incident management — create, update, resolve incidents with timeline
- Uptime percentage display (24h, 7d, 30d, 90d)
- Scheduled maintenance windows with advance notifications
- Status page subscribers (email/webhook notifications on incidents)
- Historical uptime graphs
- Status badge embeds (SVG/PNG for README files)
Priority: Medium
Spin up and manage cloud servers directly from the panel.
- DigitalOcean API integration (create/destroy/resize droplets)
- Hetzner Cloud API integration
- Vultr API integration
- Linode/Akamai API integration
- Server creation wizard (region, size, OS, SSH keys)
- Auto-install ServerKit agent on provisioned servers
- Server cost tracking and billing overview
- Snapshot management (create/restore/delete)
- One-click server cloning
- Destroy server with confirmation safeguards
Priority: Low
- Redis caching for frequently accessed data (metrics, server status)
- Database query optimization and slow query logging
- Background job queue (Celery or RQ) for long-running tasks
- Lazy loading for large datasets (paginated API responses)
- WebSocket connection pooling and reconnection improvements
- Frontend bundle optimization and code splitting
Priority: Low — v3.0+
- React Native or PWA mobile application
- Push notifications for alerts and incidents
- Quick actions (restart services, view stats, acknowledge alerts)
- Biometric authentication (fingerprint/Face ID)
- Offline mode with cached server status
Priority: Low — v3.0+
- Plugin/extension system with API hooks
- Community marketplace for plugins
- Custom dashboard widgets
- Theme customization (colors, layout, branding)
- Extension SDK and developer documentation
| Version | Target Features | Status |
|---|---|---|
| v0.9.0 | Core features, 2FA, Notifications, Security | Completed |
| v1.0.0 | Production-ready stable release, DB migrations | Completed |
| v1.1.0 | Multi-server, Git deployment | Completed |
| v1.2.0 | Backups, Advanced SSL, Advanced Security | Completed |
| v1.3.0 | Email server, API enhancements | Completed |
| v1.4.0 | Team & permissions, SSO & OAuth login | Completed |
| v1.5.0 | New UI, Visual Designer, Services Page | Completed |
| v1.6.0 | Workflow triggers & completion, fleet management | Current |
| v1.7.0 | Cross-server monitoring, agent plugin system | Completed |
| v1.8.0 | Server templates, multi-tenancy | Completed |
| v1.9.0 | Advanced SSL, DNS management, Nginx config | Completed |
| v2.0.0 | Status pages, server provisioning, performance | Completed |
| v3.0.0 | Mobile app, Marketplace | Completed |
Want to help? See CONTRIBUTING.md for guidelines.
Priority areas for contributions:
- Agent plugin SDK and example plugins
- Fleet management and monitoring dashboard
- DNS provider integrations (Cloudflare, Route53)
- Status page and health check system
- UI/UX improvements
- Documentation
Have a feature idea? Open an issue on GitHub with the enhancement label.
ServerKit Roadmap
Last updated: March 2026