Roadmap progress across platform stages.
Етапи и статус
Stage 0 - Foundation
Environment, solution structure and first project guardrails.
- Solution skeleton and baseline web/API projects.
- Initial docs and roadmap tracking.
- Smoke-test path for local status checks.
Stage 1 - Tenant and API Core
Tenant isolation, API keys and guarded integration entry points.
- Tenant-aware API authorization.
- Protected integration headers and safe error responses.
- Baseline admin/smoke coverage.
Stage 2 - Storage, Evidence and Guardrails
Private encrypted storage plus protected artifact/status/download boundaries.
- Private encrypted storage and field-level signer protection.
- Protected workflow/document status, download, artifact, start, cancel and expire boundaries.
- No-store/no-cache/nosniff headers on protected streams and safe JSON responses.
- PostgreSQL-backed rate-limit policy, counter admin and cleanup.
- Evidence ZIP/report scaffolds without real PDF sealing or final evidence generation.
- Legal policy admin, ERP/CRM smoke examples and redaction coverage.
- +18 още guardrails са проследени в roadmap/docs.
Stage 3 - Workflow Engine
Signer-role workflows, safe session setup/read models, guarded command routes and display-only task surfaces.
- WorkflowTemplate, signer steps, transition rules and EF-backed evidence events.
- Protected engine-status and admin/template visibility.
- Signer command preflight and execution endpoints for viewed, signed, decline and resend.
- Fingerprint-only signer-session proof setup with bounded lifetime and cleanup.
- Protected task-session read model with no session material or command execution in the DTO.
- GET/POST method closure plus OPTIONS/HEAD no-CORS hardening for signer runtime paths.
- Protected admin signer task-session lookup renders the shared display-only panel.
- Protected admin signer-command preflight visibility renders the shared display-only panel.
- Protected admin signer-session setup renders the shared display-only setup panel.
- Admin signer task/setup/preflight validation closes unsafe markers before tenant or identity lookup.
- Shared signer-command execution results render through a DTO-only display panel.
- MAUI shell placeholder renders shared task/preflight/setup/execution panels with null DTOs only.
- MAUI CSS shell guardrails block remote assets and hidden signer task panels.
Stage 4 - ERP/CRM Packaging
Package repeatable operator flows and external system handoff examples.
- Keep smoke examples aligned with protected workflow APIs.
- Document operator handoff and failure-mode playbooks.
- Preserve no-public-link and no-delivery-surprise defaults.
Stage 5 - PDF Signing and Legal Evidence
Implement real PDF sealing only after the current guardrails are stable.
- Real PDF signing remains disabled.
- Final legal evidence generation remains disabled.
- Existing placeholders must keep saying they are placeholders.
Stage 6 - Cloud/Virtual QES/KEP
Keep external trust-service integrations documented while the browser + 2FA MVP proves out.
- Provider metadata must stay out of safe DTOs until implemented.
- No provider SDK, callback, public link or signing session wiring in the MVP.
- Secrets stay server-side when the shelf is reopened.
Stage 7 - MAUI App
Mobile/desktop client work after runtime signing surfaces are safe.
- Use protected APIs only.
- No embedded public signing links.
- No raw session material in client-visible state.
- Wacom/S Pen/biometric SDK capture stays shelved.
Stage 8 - Product Hardening
Polish observability, training materials and later analytics/anti-abuse setup.
- GA and reCAPTCHA stay on the shelf until explicit runtime work starts.
- Training and readiness docs continue to track shipped behavior.
- Hardening tests stay close to every newly opened surface.