Reference
Enterprise Roadmap Traceability
Code-verified mapping between ENTERPRISE_ROADMAP phases and the current implementation/doc coverage.
This document maps docs/ENTERPRISE_ROADMAP.md to the active implementation and documentation surface.
Verification Snapshot (2026-03-31)
Verified against:
internal/server/routes_public.gointernal/server/routes_protected.gointernal/authz/authz.gopkg/features/features.gopkg/features/community.gointernal/config/config.go
Phase Coverage Matrix
| Roadmap Area | Roadmap Status | Implementation Anchors | Primary Docs |
|---|---|---|---|
| 1.1 Auth, OAuth, MFA, sessions | Complete | routes_public.go auth routes, routes_protected.go MFA routes, internal/server/middleware.go | /docs/platform/auth-and-identity |
| 1.2 IAM, RBAC, teams, approvals, break-glass, service accounts | Mostly complete | internal/authz/authz.go, /api/v2/teams, /api/v2/permissions, /api/v2/approval-policies, /api/v2/org/service-accounts, /api/v2/org/break-glass-sessions | /docs/platform/organization-and-governance, /docs/governance/policy-and-approvals, /docs/governance/api-keys-and-automation |
| 1.3 Promotion pipeline | Partial/active | /api/v2/projects/{slug}/promotion/*, /api/v2/promotions/* (feature-gated) | /docs/deployment/promotion-pipeline |
| 1.4 Deployment history and rollback | Complete with tiered gates | /api/v2/tenants/{id}/envs/{env}/deployments, rollback preview/execute/request routes | /docs/deployment/rollback-operations, /docs/deployment/release-lifecycle |
| 1.5 Notifications and audit | Complete | /api/v2/projects/{slug}/webhooks, /api/v2/notifications/*, /api/v2/audit-logs, /api/v2/iam/audit-* | /docs/governance/notifications-and-audit |
| 1.6 Project/workload model | Complete | /api/v2/projects/*, /api/v2/workloads/*, compatibility /api/v2/services/* | /docs/deployment/projects-and-environments, /docs/deployment/workloads-and-bindings |
| 1.7 Org-level tenants | Complete | /api/v2/org/tenants/* | /docs/deployment/tenant-management |
| 1.8 Org environment catalog | Complete | /api/v2/org/environments/*, /api/v2/projects/{slug}/environments/* | /docs/deployment/projects-and-environments |
| 1.9 Release governance and env policies | Complete (P0) | /api/v2/environments/{envId}/policies, /freeze, release approve/deploy/cancel routes | /docs/deployment/release-lifecycle, /docs/governance/policy-and-approvals |
| 2.1 Smart editor + HQ variables | Complete | /api/v2/projects/{slug}/files/*, /api/v2/projects/{slug}/variables/* | /docs/deployment/git-operations-and-webhooks, /docs/deployment/hq-variables |
| 2.2 K8s schema validation | Partial/active | /api/v2/k8s/versions, /resources, /validate, /deprecations, /crd | /docs/operations/kubernetes-validation |
| 2.4 Kustomize support | Complete | /api/v2/org-kustomize-bases/*, /api/v2/projects/{slug}/kustomize-bindings/* | /docs/platform/registry-and-catalog, /docs/deployment/workloads-and-bindings |
| 2.6 Resource topology | Complete | FeatureResourceTopology, topology render flow in frontend/backend model | /docs/deployment/git-operations-and-webhooks, /docs/operations/dashboard |
| 3.x Registry and OCI | Complete | /v2/ OCI router, /api/v2/org-charts/*, /org-kustomize-bases/*, /org-manifest-bundles/* | /docs/platform/registry-and-catalog |
| 3.9 Delivery generator and cluster targets | Partial/active | /api/v2/projects/{slug}/delivery/{readiness,preview,generate,files}, /cluster-targets | /docs/operations/delivery-generator |
| 4.x Argo integration and multi-cluster ops | Partial/active | /api/v2/clusters/*, /inventory, /applications, /drift, command routes | /docs/platform/clusters-and-agents, /docs/operations/drift-detection |
| 5.0 Values governance engine | Partial/active | /api/v2/policies/sets/*, /evaluate, /playground, /violations, /compliance | /docs/governance/opa-policy-engine |
| 5.1 OPA/Policy as Code | Partial/active | Policy set + playground/evaluate endpoints present; Kyverno integration not yet exposed | /docs/governance/opa-policy-engine |
| 5.2 Audit/compliance reporting | Partial/active | /api/v2/audit-logs, /api/v2/iam/audit-events, /api/v2/iam/audit-report | /docs/governance/notifications-and-audit |
| 5.3 Security scanning | Planned | Feature constant exists (security_scanning) but no dedicated route group yet | /docs/changelog |
| 5.4 Context-aware promotion safety | Planned/partial concept | Promotion endpoints exist; roadmap-level risk scoring flow not fully exposed | /docs/deployment/promotion-pipeline |
| 6.x Platform engineering and self-service | Planned | Feature constants exist (developer_portal, api_sdk, extensibility), no dedicated public route group yet | /docs/changelog |
| 7.x Enterprise operations (HA/observability scale) | Planned | Feature constants exist (high_availability, distributed_tracing) | /docs/operations/observability |
Explicitly Planned (Not Yet Exposed as Dedicated APIs)
- SAML SSO and SCIM provisioning (
FeatureSAML,FeatureSCIM) are defined in the feature model, but there are no dedicated/api/v1/auth/saml*or/api/v2/scim*routes in current router wiring. - Flux-specific control-plane routes are not yet present (even though
FeatureFluxSyncexists). - Secret-management roadmap phase (SOPS/Vault/Sealed Secrets style integrations) remains future-facing in current public API.
- Context-aware promotion risk scoring exists as a roadmap target; current promotion APIs provide workflow controls but not a dedicated risk-scoring endpoint.
Documentation Completeness Guidance
Use this page as the canonical checklist when updating docs after implementation changes:
- If a new roadmap item adds routes, update /docs/reference/api-surface-map.
- If a new roadmap item adds feature gates, update /docs/reference/feature-gates-and-limits.
- If implementation status changes (planned → partial → complete), update this matrix and relevant module pages.