Single source of truth for all implementation plans and their status. Updated as work progresses.
Last updated: 2026-04-09
Active Sprint (W1 Gaps — Target: Mar 4-11)
| # | Plan | Status | Owner | Target | Blocks |
|---|
| G1 | Exposure Aggregation APIs | NOT STARTED | TBD | Mar 4 | Pilots (UI needs real data) |
| G2 | Remediation Content Generation | SHIPPED — remediation-service.ts shipped in PR #22 with structured PathRemediationAction, compound risk detection, impact scoring, and UI integration via AuthorityPathDetailPage. See arch doc. | Done | ✓ Mar 8 | — |
| G3 | Scope Drift UX | SHIPPED — scope-drift, ownership-drift, and reachability-drift evaluator rules shipped in PR #22. UI surfaces in RiskConditionsStrip on AuthorityPathDetailPage. Plan D extends with governance card format. | Done | ✓ Mar 8 | — |
| G6 | Pilot Readiness Checklist | NOT STARTED | TBD | Mar 4 | First pilot deployment |
| C | Clarity UX Restructure | DRAFT — Sprint priority #1. Supersedes WS1-WS3 of 2026-02-21 UX plan. | TBD | Mar 12 | "So what" experience, pilot demo |
| D | Drift Governance Conditions | DRAFT — Sprint priority #2. Extends G3 with UX card format from Notion spec. | TBD | Mar 12 | Demo narrative |
Remaining effort: ~10-15 days (G1: 2-3d, G2: 1-2d, G3: 1-2d, G6: 1d, C: 3-5d, D: 1-2d)
Sequencing: See W1 Gap Analysis for original dependency graph. Updated sequencing per Notion Gap Analysis: C (Clarity) is sprint priority #1 and supersedes old WS1-WS3. D (Drift Governance) extends G3 and depends on PR #22 evaluator fixes. G2 frontend must land before G3/D frontend (shared components).
Ready to Implement (Spec Complete, Not Started)
| Plan | Date | Summary |
|---|
| AWS Integration — Full Implementation Cycle | Apr 4 | Consolidated execution plan across sv0-connectors, sv0-platform, and docs, based on the March AWS research + competitive analysis. |
| WorkOS Auth Implementation | Apr 9 | Phased migration from placeholder auth to WorkOS-backed multi-tenant B2B authentication. Implements ADR-016 and ADR-017. Status: DRAFT — pending ADR approval and WorkOS sales confirmation on pricing. Includes Phase 6 for customer-facing programmatic access (WorkOS API Keys widget + MCP OAuth). |
Research / Discussion
Decision Required
| Plan | Date | Summary | Blocker |
|---|
| Claude CI Auto-Fix | Feb 23 | GitHub Actions for CI auto-fix and auto-review using Claude Sonnet. | Requires Anthropic API direct usage — per-token cost |
Completed
| Plan | Date | Completed |
|---|
| Hetzner Deployment | Feb 10 | Live at 178.156.245.75 |
| Phase 1 Deltas (ServiceNow PRD) | Feb 10 | Track 1 complete, gate cleared |
| Reconciled Roadmap | Feb 11 | Phases 1-2 shipped; Phase 3 in planning |
| UI Automation-First Implementation | Feb 11 | 7 steps shipped |
| Automation Filtering + Graph Strategy | Feb 12 | Connector-side filtering shipped |
| Phase A0 Compatibility Layer | Feb 14 | Entity type expansion implemented |
| Execution Evidence Linkage | Feb 15 | EVIDENCES edge type, API endpoint, UI Evidence tab (E1 Entra) |
| Visual QA Fixes | Feb 18 | 12 UI issues resolved including posture summary API bug |
| Pre-W1.1 Baseline Tag | Feb 18 | Git tag recorded across all repos |
| Authority-First UX Refactor | Feb 22 | Authority-first messaging, delta removal, ownership count |
| Shared Azure Modules | Feb 27 | All 4 phases: sv0_azure package, ARM normalization bug fixed, CI updated |
| Function Key Authority Paths | Feb 27 | Full Role → GRANTS → Permission → APPLIES_TO → Resource chain, 26+ tests |
| Scan Safety & Observability | Feb 27 | Entity + path circuit breakers, scan scope declaration, integration tests |
| Visual Review Pipeline | Mar 5–8 | reg-cli + Cloudflare Pages sv0-reviews. PRs #25, #26, #27, #28, #44, #46. See as-built notes. |
Deferred (Post-MVP Architecture)
These are intentionally deferred. They have design specs in the Reconciled Roadmap Section 4 but are not needed for pilot.
| Topic | Roadmap Ref | Status |
|---|
| Temporal event model (effective_at/observed_at/ingested_at) | §4A | Design spec ready |
| Canonical execution flow API | §4B | Design spec ready |
| Business flow entity type | §4C | Design spec ready |
| Platform-side correlation engine | §4D | Design spec ready |
| Incremental entity API | §4E | Design spec ready |
| Ingestion pipeline 6-stage redesign | §4F | Design spec ready |
| Swimlane graph layout | §4G | Design spec ready |
| Graph usability solutions S2-S6 | Filtering plan §4-5 | Deferred post-pilot |
Archived
Plans superseded by later work. Kept for historical reference in archive/.
| Plan | Superseded By |
|---|
| Core Platform Implementation (Feb 7) | Phase 1-6 completion |
| Track 2 Architecture Refactor (Feb 10) | Reconciled Roadmap |
| UI Upgrades (Feb 10) | Automation-First Implementation |
| Vision vs Delivered Analysis v1/v2/combined (Feb 10-11) | Reconciled Roadmap |
| February Delivery Plan (Feb) | W1 Gap Analysis |
| User Authentication Plan (Mar 1) | ADR-016 + ADR-017 + 2026-04-09 WorkOS Auth Implementation. Original proposed self-built GitHub OAuth + Resend magic link; does not cover multi-tenant data model, enterprise SSO, Admin Portal, /t/:slug URLs, super-admin switcher, or programmatic access. |