What we're planning, organized by quarter rather than by date. This is directional, not committed — a single-maintainer project (see GOVERNANCE.md) reprioritizes as reality demands, items move between quarters, and some won't happen. Roadmap discussion happens in the open in GitHub Discussions; that's the place to push back or suggest something missing.
Items tagged Commercial relate to the business extension (multi-tenant SaaS, billing, enterprise) maintained by Node Alchemy LLC and are not part of the MIT open-source release — see the open-core boundary in README.md. Everything else is core/community work under MIT.
Distilled and grouped from the auto-generated project status in docs/reference/auto/todo.md — that file is the live source; this is the human-readable, deduplicated view.
- Production deployment baseline — Stand up production hosting for the API, frontend, and worker, with PostgreSQL + pgvector tuned (pooling, backups). (todo.md: production hosting + production database)
- Core test coverage — Auth controller tests, comprehensive model tests, full factory coverage, and integration tests for critical flows (signup, subscription lifecycle). (todo.md: Phase 1 backend foundation)
- Security monitoring & incident response — Monitoring, alerting, and a written incident-response procedure across services. (todo.md: security monitoring and incident response)
- Pre-launch security audit — A final security audit and penetration test before any production launch. (todo.md: final security audit and penetration testing)
- Operational visibility — Centralized log aggregation and analysis for all platform services. (todo.md: log aggregation and analysis)
- Frontend performance & delivery — CDN for static assets to cut load times and server load. (todo.md: configure CDN)
- Accessibility & cross-browser — WCAG compliance work and cross-browser testing (Chrome, Firefox, Safari, Edge). (todo.md: accessibility + cross-browser)
- Frontend test hardening — Continue lifting frontend test pass-rate toward a stable high bar. (todo.md: test optimization session 4)
- Compliance documentation — Buyer-credible security, privacy, and regulatory documentation, building on the existing
SECURITY.mdposture. (todo.md: compliance documentation) Commercial— Hosted multi-tenant beta — Run Powernode as a hosted service on the business extension (tenant isolation, billing in test mode, signup/waitlist). Gated on the deployment and security work above.Commercial— Enterprise compliance packs — Enterprise compliance tier, including the PCI DSS certification path for payment processing. (todo.md: PCI DSS compliance certification)Commercial— Module marketplace groundwork (year-two option) — Explore signed third-party module distribution with revenue share. Not started; revisited only if external module authors appear organically.
Have a view on priorities? Open a thread in GitHub Discussions.