diff --git a/ROADMAP.md b/ROADMAP.md index 7127182..7c817fa 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -9,12 +9,25 @@ time. The roadmap is intentionally narrow. RackStack is a single-maintainer project; commitments here are realistic, not aspirational. -Last updated: **2026-05-29** (v1.107.0). - -Recently shipped: the five hybrid-cloud / server-role feature modules -(Azure Arc, Microsoft Defender for Endpoint, WSUS, AD CS, Storage -Migration — v1.99.0) and session-wide **Interactive Dry-Run Mode** -(v1.100.0). The security-operations arc followed in v1.102-v1.107: GPO Manager (71), JEA (72), NPS/RADIUS (73), Always-On VPN (74), CIS compliance scanner (75), and SIEM log forwarder (76). RackStack is now 77 modules. +Last updated: **2026-05-30** (v1.119.1). + +Recently shipped: the **v1.109.0 → v1.119.0 feature arc** — eleven +serial minor releases covering VHDX encryption-at-rest verification +(31), AD DS Recycle Bin enablement (61), Failover Cluster Validation +Report (27), richer VM inventory export (50), SMB signing/encryption +enforcement (56), print-server cleanup (35), in-box network throughput +benchmarking (58), NTP clock-tamper protection (19), and three new +modules: **78-CertificateAudit** (service-certificate binding audit), +**79-DFS** (DFS Namespaces & Replication), and +**80-RemoteDesktopServices** (RDS role lifecycle + licensing-mode +configuration). v1.119.1 then cleared two CI deprecation notices +(`actions/attest-sbom` → `actions/attest`; `windows-latest` → +`windows-2025`). RackStack is now **81 modules, 201 CLI actions, and +5,167 structural regression tests** (plus the Pester suite). + +A recurring theme of that arc: where a planned mutation could not be +implemented safely or verified honestly, it was **deferred with a written +rationale rather than shipped untested** — see "Deferred" below. --- @@ -23,17 +36,30 @@ Migration — v1.99.0) and session-wide **Interactive Dry-Run Mode** | Item | Status | Why | |---|---|---| | OpenSSF Best Practices **Silver** badge | **Earned** (Passing + Silver both achieved) | Gold is structurally blocked by the single-maintainer bus factor. | -| In-program defaults editor + Extended Undo (v1.101.0 candidate) | Planned | Edit `defaults.json` / `.defaults.json` from inside the tool with hot-reload, and extend the single-level undo to multi-step. Both compose with the new Dry-Run queue and need no schema break. | -| GPG-signed git tags | Planned | Closes the OpenSSF `version_tags_signed` criterion. One-time `git config commit.gpgsign true` + `tag.gpgsign true` + key registration at https://github.com/TheAbider.gpg. | +| In-program defaults editor + Extended Undo | Planned | Edit `defaults.json` / `.defaults.json` from inside the tool with hot-reload, and extend the single-level undo to multi-step. Both compose with the Dry-Run queue and need no schema break. Still unbuilt as of v1.119.x. | +| GPG-signed git tags | Planned | Closes the OpenSSF `version_tags_signed` criterion. One-time `git config commit.gpgsign true` + `tag.gpgsign true` + key registration at https://github.com/TheAbider.gpg. CI currently auto-tags releases without a maintainer GPG signature. | ## Next quarter (June–August 2026) | Item | Why | |---|---| -| Expand Pester coverage to 4 more modules (`07-IPConfiguration`, `13-Timezone`, `21-Licensing`, `06-NetworkAdapters`) | Currently coverage is measured against 3 modules; broadening the denominator while keeping coverage above 90% improves Codecov / Scorecard signal. | -| `SBOM` for the PSGallery module specifically (separate from the EXE SBOM) | Currently SBOM scans the whole repo as a directory; an explicit module-only SBOM would let consumers verify the `RackStack.psd1` + `RackStack.psm1` dependency surface independently. | +| Expand Pester coverage to 4 more modules (`07-IPConfiguration`, `13-Timezone`, `21-Licensing`, `06-NetworkAdapters`) | Coverage is measured against a small module set; broadening the denominator while keeping coverage above 90% improves Codecov / Scorecard signal. | +| `SBOM` for the PSGallery module specifically (separate from the EXE SBOM) | The SBOM currently scans the whole repo as a directory; an explicit module-only SBOM would let consumers verify the `RackStack.psd1` + `RackStack.psm1` dependency surface independently. | | Documentation generator polish | The PlatyPS-generated cmdlet docs at `theabider.github.io/RackStack/cmdlets/` need a theme + nav. Currently they render as flat markdown. | -| GPO backup / restore + drift detection (`71-GPOManager`) | The last unbuilt Tier-1 feature gap. Wraps `Backup-GPO` / `Get-GPOReport` and diffs against a saved baseline. Additive `defaults.json` only — no schema break. | +| Revisit the windows-2025 → VS2026 image migration (2026-06-15) | The runners are pinned to `windows-2025`; GitHub moves that image's Visual Studio sub-image to VS2026 on 2026-06-15. RackStack's pipeline never invokes the VS toolchain, so this is expected to be a no-op — confirm green after the migration and update this line. | + +## Deferred (built or scoped, then intentionally held back) + +These were prototyped or designed during the v1.109–v1.119 arc and +deferred for correctness/safety reasons. They are the most likely source +of the next feature releases once they can be validated safely. + +| Item | Why deferred | What unblocks it | +|---|---|---| +| RDP listener certificate **rotation** (extends `78-CertificateAudit`, which today only audits) | An adversarial review surfaced a real RDP lock-out risk — a freshly self-signed cert's private key is not readable by `NETWORK SERVICE` by default, and CIM writability of `SSLCertificateSHA1Hash` varies by Windows build. | A correct private-key ACL grant, validated on a live, elevated, RDP-enabled server (not testable on the dev workstation). | +| RDS **session-collection quick-deploy** + CAL activation (extends `80-RemoteDesktopServices`, which today does role install + licensing mode) | `New-RDSessionDeployment` reconfigures the server and needs a reboot; CAL activation is done against a license agreement in RD Licensing Manager, where that key material belongs. | A real RDS-capable server to validate the deployment flow; CAL/key handling stays in the GUI by design. | +| `diskspd` storage benchmarking | `diskspd.exe` is a separate Microsoft download, not in-box, and RackStack does not auto-download unverified binaries. | A detect-and-orchestrate model: run only when the operator has placed `diskspd.exe` on the host (same pattern as any operator-provided tool). | +| WinRM HTTPS listener certificate rotation (read-only in `78` today) | Rebuilding the HTTPS listener can disrupt an active remoting session. | Same RDP-rotation groundwork above, plus a safe listener-swap path. | ## Later (September 2026 – April 2027) @@ -47,8 +73,9 @@ Migration — v1.99.0) and session-wide **Interactive Dry-Run Mode** | Item | Why not | |---|---| +| Server Core ↔ Server-with-Desktop conversion | Dropped during roadmap design. Windows Server 2019 and later removed in-place conversion between the Server Core and Desktop Experience installation options, so there is no supported, reversible operation for the tool to wrap. | | Cross-platform port (Linux, macOS) | RackStack's entire purpose is Windows Server configuration. Hyper-V, BitLocker, Failover Clustering, MPIO, AD DS, iSCSI initiator — none of these have a meaningful Linux/macOS equivalent in the same workflow. A port would be a different project. | -| Switch from PowerShell to C# / Go / Rust | The existing 77 modules + 4,990 regression tests would be lost. Rewrite cost-benefit is not justifiable. | +| Switch from PowerShell to C# / Go / Rust | The existing 81 modules + 5,167 regression tests would be lost. Rewrite cost-benefit is not justifiable. | | GUI front-end | The 72-char box-drawing console UI is intentional; it works over RDP, SSH-tunneled PowerShell, and emergency console-only scenarios where a GUI cannot. | | Web dashboard | Out of scope. Operators integrate via the `-OutputFormat JSON` CLI surface and route into their own dashboards. | | External REST API | Same as above — `-OutputFormat JSON` is the integration surface. | @@ -58,15 +85,15 @@ Migration — v1.99.0) and session-wide **Interactive Dry-Run Mode** ## Release cadence -- **Patch releases** (`x.y.Z`) ship as needed for security fixes (Tier 1: within 14 days of confirmed disclosure, per `SECURITY.md`). -- **Minor releases** (`x.Y.0`) — feature batches, typically every few weeks during active development. +- **Patch releases** (`x.y.Z`) ship as needed for security fixes (Tier 1: within 14 days of confirmed disclosure, per `SECURITY.md`) and for CI/maintenance fixes (e.g. v1.119.1). +- **Minor releases** (`x.Y.0`) — feature batches; the v1.109–v1.119 arc shipped them one feature at a time. - **Major releases** (`X.0.0`) — only when a backwards-incompatible `defaults.json` schema or CLI surface change is unavoidable. None currently planned. -- The current line is **1.100.x**. CI auto-bumps and auto-releases on every commit to `master` that bumps `Header.ps1` `.VERSION`. +- The current line is **1.119.x**. CI auto-bumps and auto-releases on every commit to `master` that bumps `Header.ps1` `.VERSION`. ## How this roadmap is maintained This file is updated: -- On every patch release that completes a "Now" item (item moves to a "Completed" section in the next revision and the changelog records it). +- On every release that completes or defers a roadmap item (the item moves to the appropriate section and the changelog records it). - Quarterly, to refresh the "Next quarter" and "Later" sections. - Whenever the maintainer decides to add or remove a "Not on the roadmap" item.