Now
Freeze feature parity and API truth.
Customer frontends build to Blackboard. Every screen action maps to `/v1`, every state change emits an event, and the local HTTP preview gives integrators a smoked route-and-payload fixture to start from.
Next
| Phase | Outcome | Gate |
|---|---|---|
| Hosted API gateway | Turn the local HTTP preview into authenticated hosted REST service. | Same preview smoke passes against hosted gateway with production auth fixtures. |
| R0.5 | Real auth, Postgres append-only events, RLS, projections, object store, search index, circuit breakers. | Write/read/search/export smoke across tenants. |
| Parity API | Assets, risk, approvals, evidence, regulatory, vendors, incidents, reviews, team, notifications, exports. | OpenAPI/JSON Schema and CLI/MCP smoke. |
| Proof Packet v1 | Deterministic packet with hash-chain root, redaction manifest, access log ids and non-claims. | Coherence verifier and receipt binding. |
| Proof Desk v1 | Timeline, evidence panel, confidence view, redaction/export and access log. | No proof claim without event hydration. |
Later
BYO harness SDK, managed MCP hardening, enterprise SSO/SAML, customer vault, SIEM/GRC exports, multi-region posture, lifecycle/right-to-erasure edge cases and incident replay.
Release gates
- No customer SSH or maintenance bridge in onboarding.
- Risk evaluation is server-side and event-backed.
- Search hydrates from authority before proof or export.
- Every export is access-logged and redacted where policy requires.
- Tenant isolation passes API, RLS, search and object-store tests.