Roadmap command surface

ContractPlane.ai roadmap, made operational

This view turns the current GitLab umbrella issue into a typed product surface: workstreams, provider-of-record inventory, foundation validation, and the immediate bootstrap actions needed to build the authority fabric without drifting the architecture.

Open authority workspaceOpen GitLab roadmap issue

Snapshot

blueflyio/contractplane.ai/contractplane.ai

Trust anchor
did:web:discover.duadp.org
Workstreams
10
Active now
4
Must-first
3
Providers
20
Blocking compat rules
9

Validation

Foundation contracts are passing

Status
valid
Issues
0
Trace workflows
9
Release gate workflows
8
Planned providers
8
Private-capable providers
20

No foundation validation issues are currently reported.

Immediate actions

What to build next

Seed authority files in this repoproviders, compatibility, release, trace, and policy directories

The authority boundary exists in code and can be validated in CI

Normalize provider, compatibility, release, and trace filesbootstrap file set

Roadmap workstream A can be implemented and reviewed

Expose the control artifacts through the product shellfoundation loader

Provider inventory and release gates stop drifting from the source artifacts

Wire contract, policy, trace, and terminology gatesCI gate skeleton

Governance becomes enforceable instead of aspirational

Workstreams

Execution order from the roadmap umbrella

A. Contract authority bootstrapmust / active

Establish the authority structure inside this repository for providers, compatibility, release policy, and trace-first evidence.

  • authority boundaries merged into README and repo layout
  • providers/providers.yaml exists
  • compatibility matrix exists
  • release policy exists
  • trace schemas and release gates exist
B. Contract and provider normalizationshould / sequenced

Normalize ownership across repos, contracts, and package ecosystems so nothing critical is ownerless.

  • no unowned contract
  • duplicates resolved or explicitly deferred
  • adapters mapped across npm, python, and composer
C. Federation and trust failure modesshould / sequenced

Lock the trust taxonomy and outage decisions before broad federation or commercial claims.

  • trust-status taxonomy implemented
  • outage-mode matrix published
  • local and central split validated
D. Minimal product-surface cutovershould / active

Move the product shell, labels, and authority workspace toward ContractPlane.ai without breaking internal compatibility.

  • product docs and console labels updated
  • CI terminology gate enabled
  • internal compatibility unchanged
E. Customer replication kitshould / sequenced

Prove a customer can deploy, operate, degrade, and roll back without Bluefly hand-waving.

  • one end-to-end reference deployment
  • one offline or degraded scenario documented
  • upgrade and rollback tested
F. Tooling and governance hardeningmust / active

Enforce branch, promotion, and evidence gates so ContractPlane.ai governs itself credibly.

  • validation gates fail on contract and trace drift
  • no promotion without artifacts enforced
  • branch and release policy enforced
G. Immutable tracing fabricmust / active

Treat tracing as evidence, not optional telemetry, across registration, trust, and promotion flows.

  • required events emitted across critical workflows
  • trace coverage gate blocks promotion on gaps
H. A2H checkpoint protocolshould / sequenced

Define human approval, escalation, structured input, and consent evidence as a first-class ContractPlane protocol surface.

  • A2H provider ownership declared
  • human checkpoint trace workflow mapped
  • manual approval surfaces tied to evidence policy
I. SaaS commercializationcould / blocked

Map product SKUs and procurement outputs only after the ContractPlane.ai surface and evidence model are real.

  • SKUs and pricing mapped to billable units
  • SLA and support model mapped to observable metrics
  • procurement pack complete
J. OEM and white-label channelcould / blocked

Leave OEM packaging until the authority boundary, branding controls, and support model are proven.

  • branding boundary controls defined
  • partner onboarding and support boundary defined

Provider-of-record inventory

Machine-readable ownership and compatibility

contractplane.aiproduct / nextjs-app / ContractPlane product

Public shell, auth, registration, authority workspace, roadmap surface, foundation API, and customer-facing authority APIs

blueflyio/contractplane.ai/contractplane.ai

@contractplane/coreproduct / npm-package / ContractPlane product

Typed contracts for identity, trust, entitlements, discovery, and control-plane composition

blueflyio/contractplane.ai/contractplane.ai

OSSAstandard / specification / OSSA maintainers

Neutral manifest, contract, and capability vocabulary

blueflyio/ossa/openstandardagents

DUADPprotocol / specification / DUADP maintainers

Discovery, identity, addressing, and capability graph

blueflyio/duadp/duadp

A2H human checkpoint protocolprotocol / openapi / ContractPlane product

Human approval, escalation, structured input, and consent evidence under ContractPlane

blueflyio/contractplane.ai/contractplane.ai

agent-buildkitplatform / openapi / Bluefly platform tooling

Bootstrap workflows, deployment kits, workspace orchestration, and CI-facing automation

blueflyio/agent-platform/tools/agent-buildkit

platform-agentsplatform / event-stream / Bluefly platform agents

OSSA manifest inventory and agent registry definitions

blueflyio/agent-platform/tools/platform-agents

cedar-policiesplatform / cedar-pack / Bluefly policy engineering

Release and governance policy packs

blueflyio/cedar-policies

cedar_policyplatform / drupal-module / Bluefly Drupal platform

Drupal-side Cedar policy administration surface that consumes Tool API-backed policy services

blueflyio/agent-platform/drupal/cedar_policy

compliance-engineplatform / openapi / Bluefly compliance

Compatibility evaluation, trust checks, attestation verification, and compliance decisions

blueflyio/agent-platform/services/compliance-engine

agent-tracerplatform / event-stream / Bluefly observability

Immutable trace transport and evidence envelope handling

blueflyio/agent-platform/services/agent-tracer

agent-routerplatform / openapi / Bluefly runtime platform

Model/provider routing, compatibility-aware routing policy, and execution lane selection

blueflyio/agent-platform/services/agent-router

agent-meshplatform / protocol-adapter / Bluefly runtime platform

Agent-to-agent routing and topology exchange

blueflyio/agent-platform/services/agent-mesh

agent-protocolplatform / protocol-adapter / Bluefly runtime platform

MCP-facing execution substrate and governed agent-to-tool runtime adapter

blueflyio/agent-platform/services/agent-protocol

mcp_registryplatform / drupal-module / Bluefly integration platform

MCP discovery and metadata integration surface exposed through Tool API-backed services

blueflyio/agent-platform/drupal/mcp_registry

workflow-engineplatform / openapi / Bluefly workflow orchestration

Durable workflow orchestration for governed operations

blueflyio/agent-platform/services/workflow-engine

api-schema-registryplatform / openapi / Bluefly API governance

Schema publication, OpenAPI authority, and contract distribution

blueflyio/agent-platform/tools/api-schema-registry

iacinfrastructure / container-compose / Bluefly infrastructure

Deployment kits, environment topology, and infrastructure authority for sovereign/private modes

blueflyio/agent-platform/infra/iac

GKG / dependency graph / impact toolingplatform / openapi / Bluefly knowledge systems

Dependency graph, ownership graph, and impact-analysis signals for release and trust decisions

blueflyio/agent-platform/services/gkg

gitlab_componentsplatform / gitlab-component / Bluefly CI platform

CI policy enforcement, release gates, and pipeline composition

blueflyio/gitlab_components

Foundation gates

What promotion will eventually block on

contract_publishminimum events 2

contract.publish.requested, contract.publish.recorded

compatibility_checkminimum events 2

compatibility.check.started, compatibility.check.completed

policy_decisionminimum events 2

policy.decision.requested, policy.decision.recorded

did_resolutionminimum events 2

did.resolution.requested, did.resolution.completed

attestation_verifyminimum events 2

attestation.verify.started, attestation.verify.completed

registration_decisionminimum events 2

registration.decision.requested, registration.decision.recorded

release_promotionminimum events 3

release.promotion.requested, release.promotion.approved, release.promotion.completed

trust_posture_updateminimum events 2

trust.posture.changed, trust.posture.published