docs: update roadmap with v0.5.0-v0.11.0 plan and current state

srmdn · srmdn · commit 6a7a52f7bd2c · 2026-04-14T13:24:00.000+07:00
diff --git a/docs/internal/roadmap.md b/docs/internal/roadmap.md
@@ -0,0 +1,229 @@
+# maild roadmap (internal)
+
+## Goal
+
+Deliver a technically robust BYO-SMTP outbound operations control plane with
+strong reliability, safety controls, and operator workflows.
+
+## Version history
+
+### v0.4.0 (April 14, 2026) ✓
+Frontend product UX expansion.
+
+Completed:
+- [x] Operator dashboard redesign (Warm Brutalist design system)
+- [x] Onboarding checklist workflow with domain readiness checks
+- [x] Incident management screens with timeline and attempt history
+- [x] Landing page, signup/login flow, user dashboard
+- [x] Session-based auth layer with Redis session store
+
+## Current state (as of April 14, 2026)
+
+### Open bugs
+- [#7](https://github.com/srmdn/maild/issues/7): missing nav link back to dashboard from `/ui` pages
+- [#8](https://github.com/srmdn/maild/issues/8): `/ui` pages accessible without authentication
+
+### Product work completed
+
+- [x] Core message pipeline: API -> queue -> worker -> SMTP send.
+- [x] Bounded retry and status transitions.
+- [x] Suppression and unsubscribe enforcement.
+- [x] Domain readiness checks (SPF, DKIM, and DMARC).
+- [x] Signed webhook ingest, dead-letter handling, and replay.
+- [x] Provider failover (manual and automatic).
+- [x] Tenant policy controls.
+- [x] Metering, analytics summary, and export.
+- [x] Operator console (`/ui/logs`) with logs, timeline, retry, suppression, domain checks.
+- [x] Landing page with product value props and signup CTA.
+- [x] User auth layer with session-based login.
+- [x] User dashboard at `/dashboard`.
+
+### Commercial validation status
+
+- [~] Design partner and paid pilot activities are intentionally deferred.
+- [~] Case study publication is deferred until commercial work resumes.
+
+Deferred commercial context (kept for later resume):
+- [~] Recruit five design partners.
+- [ ] Convert two design partners into paid pilots.
+- [ ] Publish one partner case study draft with real metrics.
+- [ ] Freeze GA v1 scope with explicit in-scope and out-of-scope list.
+
+## How users use `maild` today (backend-first)
+
+Users do not need a full frontend product to run `maild`.
+
+1. API-first integration from their app/backend.
+- App/backend calls `POST /v1/messages`.
+- Existing SMTP accounts remain in place.
+- `maild` adds policy, retries, logs, and webhook processing.
+
+2. Operator workflows through lightweight UI.
+- Operators use `/ui/logs` and `/ui/policy`.
+- They inspect status, run retries, apply suppression and unsubscribe rules,
+  and run domain readiness checks.
+
+3. Operational automation via scripts/CLI.
+- Teams call endpoints with `curl`, cron jobs, and runbooks.
+- This is enough for technical pilot teams.
+
+---
+
+## Version plan
+
+### v0.5.0: Auth hardening and pilot prep
+
+**Goal**: Fix auth gaps, prepare for design partner onboarding.
+
+Focus areas:
+- [ ] Fix [#8](../issues/8): require auth for `/ui/*` pages in all environments
+- [ ] Fix [#7](../issues/7): add dashboard nav link in `/ui` pages
+- [ ] Add workspace-scoped auth (current user can only access their workspace)
+- [ ] Add session expiry and refresh handling
+- [ ] Add "remember me" extended session option
+
+Exit criteria: `/ui/*` pages properly protected, session UX smooth.
+
+---
+
+### v0.6.0: Design partner onboarding
+
+**Goal**: Enable five design partners to onboard successfully.
+
+Focus areas:
+- [ ] Build design partner onboarding runbook (document in `docs/internal/`)
+- [ ] Add onboarding progress tracker in UI
+- [ ] Add workspace invitation flow (email invite to workspace)
+- [ ] Add first-login onboarding checklist
+- [ ] Add API key rotation UX in user dashboard
+
+Exit criteria: Runbook complete, five design partners onboarded.
+
+---
+
+### v0.7.0: Paid pilot conversion
+
+**Goal**: Convert two design partners to paid pilots.
+
+Focus areas:
+- [ ] Define success metrics for paid pilots (setup time, delivery rate, incident recovery time)
+- [ ] Add usage metrics dashboard per workspace
+- [ ] Add billing-ready metering export
+- [ ] Add per-workspace SMTP usage tracking
+- [ ] Prepare case study template
+
+Exit criteria: Two paid pilots, measurable before/after metrics captured.
+
+---
+
+### v0.8.0: Multi-tenant workspace management
+
+**Goal**: Allow workspace owners to manage team members.
+
+Focus areas:
+- [ ] Add workspace member roles (owner, admin, viewer)
+- [ ] Add member invite and remove flows
+- [ ] Add workspace settings UI (name, domain, limits)
+- [ ] Add workspace-level API key management
+- [ ] Add audit log for workspace actions
+
+Exit criteria: Workspace owner can manage team without direct database access.
+
+---
+
+### v0.9.0: SMTP credentials per workspace
+
+**Goal**: Replace single global SMTP account with per-workspace credentials.
+
+Focus areas:
+- [ ] Add SMTP account CRUD per workspace
+- [ ] Add SMTP account activation/deactivation
+- [ ] Add credential rotation UX
+- [ ] Add SMTP health check endpoint
+- [ ] Deprecate global SMTP account config
+
+Exit criteria: Each workspace has its own SMTP credentials, global config removed.
+
+---
+
+### v0.10.0: Webhook event persistence and delivery
+
+**Goal**: Provide webhook history and retry controls for workspace events.
+
+Focus areas:
+- [ ] Persist outbound webhook events (not just dead-letter)
+- [ ] Add webhook delivery status history per event
+- [ ] Add outbound webhook retry UI
+- [ ] Add webhook delivery failure alerts
+- [ ] Add per-workspace webhook endpoint configuration
+
+Exit criteria: Users can see webhook delivery history and retry failed webhooks.
+
+---
+
+### v0.11.0: GA v1 scope freeze
+
+**Goal**: Lock GA v1 feature set and declare completeness.
+
+Focus areas:
+- [ ] Finalize in-scope / out-of-scope list
+- [ ] Add migration guide for v0.x to v1.0 upgrade
+- [ ] Add deprecation notices for any v0.x-only features
+- [ ] Complete architecture documentation sync
+- [ ] Publish case study from pilot data
+
+Exit criteria: GA v1 scope documented, migration path clear, case study drafted.
+
+---
+
+## Deferred tracks (resumed after v0.7.0)
+
+### Track D: pilot acquisition and onboarding
+
+- [ ] Build a list of 20 candidate teams (founders, agencies, and SaaS).
+- [ ] Run outreach and secure five onboarding calls.
+- [ ] Onboard first three design partners with the onboarding runbook.
+- [ ] Define partner success metrics before traffic starts.
+
+### Track E: paid conversion and proof
+
+- [ ] Convert at least two onboarded partners to paid pilots.
+- [ ] Capture before/after metrics for one partner:
+  - setup time,
+  - unknown delivery state rate,
+  - incident recovery time, and
+  - weekly manual ops effort.
+- [ ] Publish one case study draft from real pilot data.
+
+---
+
+## GA v1 scope draft (working)
+
+### In scope
+
+- BYO-SMTP setup and validation.
+- Transactional message pipeline and retries.
+- Suppression and unsubscribe guardrails.
+- Domain readiness checks.
+- Webhook ingest, dead-letter handling, and replay.
+- Operator console for core operations.
+- Multi-tenant workspace management.
+- SMTP credentials per workspace.
+- Webhook event persistence and delivery.
+
+### Out of scope
+
+- campaign builder,
+- inbox and reply management,
+- IMAP, POP, and JMAP features,
+- multi-region active-active deployment, and
+- AI content generation.
+
+---
+
+## Exit criteria for this roadmap cycle
+
+- Technical backlog items for console, reliability tests, and runbooks are
+  completed or explicitly deferred.
+- No unresolved critical reliability gaps in retry/replay/failover flows.
+- Root docs stay aligned with shipped behavior.
