Planned features
Forward-looking capabilities that complement ROADMAP.md: deferred work (🔮),
phased ⬜ backlog, and items that need a design pass before implementation. For build-order status
(Phase 0–4, shipped vs in progress), see the phase tables in the roadmap. For locked decisions, see
ADR index.
Not a commitment
Items here are intent and backlog, not release promises. Status may change as ADRs land or
scope is rejected. Pre-beta APIs may shift until the first release candidate.
Last updated: 2026-06-09 — main @ 72674ecf4. Phase 1 audit-fix wave ✅; v0.6.0 cut 🚧;
BigQuery + NATS v0.7.x lanes in flight. UI program frozen.
Status legend
| Status |
Meaning |
| Planned |
Accepted direction; implementation not started (⬜ on roadmap where phased) |
| Spec needed |
Problem space agreed; ADR or RFC required before code |
| Exploring |
Active design spike or RFC in review |
| Deferred |
Accepted but explicitly not on the near-term path (🔮 on roadmap) |
| Sample / docs |
Reference implementation or walkthrough, not operator code |
Read API & UI (frozen)
The UI program is frozen — maintenance-only
The ui/ mock SPA and the experimental inventory HTTP API are frozen: no active SPA, fleet-
console, or Read-API-freeze milestones. The Read API freeze is deferred (it only ever served
to stabilize the UI contract). The ui/ subtree and kollect-ui chart/image are kept building in
CI but may be removed before v1 if no external adopter materializes. See
ROADMAP § Read API + UI console (frozen).
Read API contract freeze
|
|
| Status |
Deferred — only needed for the UI; not gating any tranche |
| Roadmap |
Read API + UI console (frozen) · Phase 1 HTTP 🚧 (experimental, gated off) |
| Summary |
Hardening and freezing the Read API as a UI contract (list/filter/search, envelope schemaVersion, OpenAPI) is deferred while the UI is frozen. The durable read surface remains the sink export (FR-READ-1), not the live HTTP API. |
| Related ADRs |
ADR-0408 · ADR-0411 · ADR-0405 · ADR-0103 |
Inventory UI — mock SPA
|
|
| Status |
Frozen — maintenance-only (mock MVP on main; keep CI green, may remove pre-v1) |
| Roadmap |
Read API + UI console (frozen) |
| Summary |
A read-only mock SPA (ui/, separate kollect-ui image): GET-only catalog/inventory/targets/sinks views against an MSW mock and an unfrozen live API. It is not a production read path and has no validated external users. No further SPA milestones are planned; effort goes to export/sinks instead. |
| Related ADRs |
ADR-0408 · ADR-0409 · ADR-0410 · ADR-0412 |
Portal / fleet console — Postgres/Parquet adapter + drift
|
|
| Status |
Exploring (design only) — frozen, not active v0.x work |
| Roadmap |
Read API + UI console (frozen) |
| Summary |
Portal mode on Postgres/Parquet backing stores (multi-cluster rollup, attribute drift over time, optional kollect-server split) remains a design-only read-stream consumer per ADR-0418 — no hub (ADR-0501). Not started; thaws only if the UI program reopens. |
| Related ADRs |
ADR-0418 · ADR-0408 · ADR-0401 · ADR-0411 |
oauth2-proxy OIDC browser auth (optional Helm sidecar)
|
|
| Status |
Deferred |
| Roadmap |
Deferred |
| Summary |
Optional oauth2-proxy sidecar (oauth2Proxy.enabled: false) for browser OIDC at ingress. Primary auth remains Kubernetes TokenReview + SAR on the Read/inventory HTTP API (ADR-0404). |
| Related ADRs |
ADR-0404 · ADR-0409 |
Sinks & export
Sink config layering (ADR-0416)
|
|
| Status |
Shipped (v0.5.0) |
| Roadmap |
Phase 1 ✅ |
| Summary |
Cross-cutting spec.serialization, spec.provisioning, and spec.options on family sinks; capability matrix + status.preview surface. |
| Related ADRs |
ADR-0416 · ADR-0419 |
MongoDB database sink (ADR-0417)
|
|
| Status |
Shipped on main post-v0.5.0 |
| Roadmap |
Phase 1 ✅ |
| Summary |
KollectDatabaseSink.type: mongodb — document upsert/delete reconciliation peer to Postgres. |
| Related ADRs |
ADR-0417 · ADR-0416 |
Sink family CRDs (ADR-0414)
|
|
| Status |
Shipped (v0.2.0-rc.1) |
| Roadmap |
Phase 1 ✅ |
| Summary |
KollectSnapshotSink, KollectEventSink, KollectDatabaseSink replace monolithic KollectSink; family reconcilers, validating webhooks, and e2e bootstrap. |
| Related ADRs |
ADR-0414 |
S3/GCS Parquet snapshot sink
|
|
| Status |
Planned |
| Roadmap |
Phase 1 ⬜ |
| Summary |
Parquet snapshot layout on S3 and GCS (JSON snapshot export is shipped today) for DuckDB/Athena-style queries without running Postgres — whole-file snapshots per export generation, partition paths, and documented "latest generation" views. |
| Related ADRs |
ADR-0401 § Parquet snapshot · ADR-0407 |
BigQuery sink (DatabaseSink, v0.7.x)
|
|
| Status |
Exploring — ADR-0420 drafted on main; implementation lane in flight (re-admits bigquery only with a real backend) |
| Summary |
KollectDatabaseSink.type: bigquery as a relational / analytics projection of the canonical snapshot — batch load (or streaming insert) of inventory rows into BigQuery for SQL dashboards and fleet analytics. Shipped as a real backend with L3 testcontainers/emulator coverage and a sample, not a webhook stub. |
| Scope |
New ADR (theme 04, e.g. ADR-0420) covering: role vs Postgres (ADR-0402); CRD fields (dataset, table, partitionField/clusteringFields, writeMode load vs streaming); delete reconciliation (truncate-and-load vs MERGE on (cluster, ns, name, uid)); credential model (Workload Identity Federation vs service-account JSON key in secretRef); connection-test probe (ADR-0403). Remove bigquery from the webhook stub allowlist when the backend lands. |
| Tests/samples |
L0 config/validation units, L3 integration (BigQuery emulator or testcontainers GCP), golden OpenAPI schema for the new type, config/samples/ KollectDatabaseSink example, CRD reference page. |
| Related ADRs |
ADR-0401 · ADR-0402 · ADR-0406 · ADR-0403 |
NATS event sink — first-class hardening (v0.7.x)
|
|
| Status |
Planned / in flight — v0.7.x (promote the shipped JetStream emitter to fully supported; worker lane active) |
| Summary |
KollectEventSink.type: nats already ships a JetStream emitter (internal/sink/nats/, envelope publish with content-hash dedupe, TLS, connection probe). The v0.7 work hardens it to first-class: deepen L3 testcontainers coverage, raise unit coverage to standard, add a golden OpenAPI schema, document the subject/stream contract, and ship a config/samples/ KollectEventSink example with a consumer walkthrough. |
| Scope |
No new CRD shape expected; harden config validation, ensure delete/tombstone semantics match Kafka, document at-least-once + idempotent MsgID dedupe, and add the sink to the parallel-export sample. |
| Related ADRs |
ADR-0401 · ADR-0402 · ADR-0403 · KollectEventSink |
Parallel multi-sink export (differentiator)
|
|
| Status |
Shipped (code) — docs 🚧 (hero harness + DEMO-GIF-GUIDE on main; ARCHITECTURE fan-out prose + recorded GIF ⬜) |
| Roadmap |
Phase 1 ✅ · Near-term tranches |
| Summary |
A single KollectInventory fans out to all referenced sinks concurrently in one debounced pass — the same snapshot reaches Git, a database, and an event stream together, each with its own exportMinInterval and per-sink circuit breaker; partial failure degrades to PartiallySynced. Phase 1 also landed EC-P1-06 error aggregation + WB-02 debounce coverage. Remaining work is docs/marketing: fan-out diagram in ARCHITECTURE and a recorded hero GIF. |
| Related ADRs |
ADR-0401 · ADR-0413 |
Azure Blob Storage sink
|
|
| Status |
Spec needed — azureblob removed from admission (EC-P1-04); re-entry needs a real backend |
| Summary |
KollectSink.type: azureblob (name TBD) as a snapshot store peer to S3/GCS — same canonical JSON (and future Parquet) contract, Azure-specific auth (secretRef, managed identity patterns). |
| Open design |
Shared object-store backend abstraction vs separate package; connection test probe shape (ADR-0403); path template parity with ADR-0407. |
| Related ADRs |
ADR-0401 · ADR-0406 · ADR-0403 |
GCS and NATS connection test probes
|
|
| Status |
Shipped (Phase 1) |
| Roadmap |
Phase 1 ✅ |
| Summary |
KollectConnectionTest and family sink annotation probes for gcs (KollectSnapshotSink) and nats (KollectEventSink) — alongside Git, Postgres, Kafka, S3, and GitLab probes. |
| Related ADRs |
ADR-0403 · ADR-0414 · KollectSnapshotSink · KollectEventSink |
Export data contract — versioned envelope
|
|
| Status |
Exploring |
| Summary |
Ship a versioned envelope on sink JSON and Read API responses (schemaVersion in body, stable ordering per ADR-0405) so portals and golden tests detect breaking contract changes independently of CRD apiVersion. |
| Related ADRs |
ADR-0405 · ADR-0206 · ADR-0408 |
KollectClusterSink — cluster-scoped sink API
|
|
| Status |
Deferred |
| Roadmap |
Phase 3 🔮 · Deferred |
| Summary |
KollectClusterSink for platform-shared backends referenced from KollectClusterInventory and future KollectClusterScope.sinkRefs. Namespaced KollectSink is the team default today (ADR-0201). |
| Related ADRs |
ADR-0204 · ADR-0201 |
Collection & samples
Helm values profile + operator export scrub
|
|
| Status |
Shipped (Phase 1) |
| Roadmap |
Phase 1 ✅ |
| Summary |
helm-release-values-redacted sample profile and operator scrubKeys[] extraction-time redaction so full Helm values inventory is safe without leaking secrets (ADR-0303). |
| Related ADRs |
ADR-0303 · ADR-0104 |
helm: decode for helm.sh/v1 Secret releases
|
|
| Status |
Shipped (v0.1.0-rc.3) |
| Roadmap |
Phase 1 ✅ |
| Summary |
Gated helm: decode path for plain helm.sh/v1 release Secrets (Flux HelmRelease secondary sample exists; Argo Application is primary). |
| Related ADRs |
ADR-0303 |
Target collection filtering — resourceRules and CEL matchPolicy
|
|
| Status |
Planned |
| Summary |
Phase 2 resourceRules[] (OR-union GVK/label rules on Target) and Phase 3 per-rule CEL matchPolicy evaluated before store insert — platform deny via Scope, team intent via Target (ADR-0207). |
| Related ADRs |
ADR-0207 · ADR-0205 |
Sample project — Git sink → Confluence (external CI)
|
|
| Status |
Sample / docs |
| Summary |
End-to-end reference project showing Kollect exporting inventory to a Git snapshot sink, then an external pipeline (CI job or small tool) rendering Markdown/HTML and publishing to Confluence or another wiki. |
| Why external |
In-operator doc-sync and KollectPublication are out of scope — Kollect collects and exports; templating and CMS credentials stay outside the cluster (ADR-0702). |
| Deliverable |
Standalone sample repo (manifests + CI template + optional render script), linked from Examples. |
| Related ADRs |
ADR-0401 · ADR-0407 · ADR-0702 |
API & tenancy
Finalizers on reconciled kinds
|
|
| Status |
Shipped (v0.1.0-rc.3) |
| Roadmap |
Phase 1 ✅ |
| Summary |
Finalizers on KollectTarget, KollectInventory, and cluster rollup kinds — deletion waits for store teardown, in-flight exports, and hub report cleanup. |
| Related ADRs |
ADR-0201 · ADR-0202 |
API v1beta1 + conversion webhook
|
|
| Status |
Exploring |
| Summary |
Introduce v1beta1 as storage version with a conversion webhook (v1alpha1 ↔ v1beta1) at the v0.10 presentation gate (or post) — until then v1alpha1 breaks freely. |
| Related ADRs |
ADR-0206 · ADR-0201 |
|
|
| Status |
Deferred |
| Roadmap |
Phase 3 🔮 |
| Summary |
Cluster-scoped KollectClusterScope for platform teams to cap GVKs, namespaces, and (future) sink allowlists across tenant namespaces — complement to namespaced KollectScope. |
| Related ADRs |
ADR-0203 · ADR-0207 |
KollectReceiver and KollectTargetSet
|
|
| Status |
Deferred |
| Roadmap |
Phase 3 🔮 · Deferred |
| Summary |
Reserved CRDs: KollectReceiver (webhook-triggered collection) and KollectTargetSet (generator-style target grouping). Design-only placeholders; no controller until a concrete use case lands. |
| Related ADRs |
ADR-0201 · ADR-0304 |
KollectCollectionRule CRD
|
|
| Status |
Deferred |
| Summary |
Standalone KollectCollectionRule CRD deferred until inline resourceRules[] on Target (ADR-0207) proves insufficient for reuse across many targets. |
| Related ADRs |
ADR-0207 |
Multi-cluster & transport
Hub federated mTLS
|
|
| Status |
Deferred |
| Roadmap |
Deferred |
| Summary |
Cancelled — hub/spoke tier removed; multi-cluster uses shared-sink fan-in (ADR-0501). |
| Related ADRs |
ADR-0501 |
Queue transport TLS/ACL production hardening
|
|
| Status |
Deferred |
| Roadmap |
Phase 2 🚧 (TLS shipped; ACL allowlist stub) · Deferred |
| Summary |
Production-grade TLS/ACL hardening for Redis/NATS/Kafka hub transport backends — beyond cluster_id wire metadata and dev/test defaults (ADR-0502). |
| Related ADRs |
ADR-0502 · ADR-0501 |
Prometheus metrics scoped to targets / inventory rows
|
|
| Status |
Exploring |
| Summary |
Richer domain metrics at target/inventory boundaries — beyond operator health counters on /metrics. Target-scoped collection gauges, inventory rollup gauges, optional per-target domain series (metricsScope). Fleet: scrape /metrics on each cluster operator (ADR-0501). |
| Spec |
ADR-0604 — three metric tiers; affirms no KollectSink.type: prometheus (ADR-0601). metricsScope CRD field not shipped — defer until alerting need is proven. |
| Related ADRs |
ADR-0604 · ADR-0304 · ADR-0601 · ADR-0602 · ADR-0603 · ADR-0706 |
Prometheus metrics from collected attribute values
|
|
| Status |
Proposed (Exploring) — spec only, no implementation yet |
| Summary |
Export scalar numeric values from CEL/JSONPath attributes as Prometheus gauges/counters on /metrics — complementing ADR-0304 sum series. Label vs value rules and cardinality guardrails. |
| Spec |
RFC: Prometheus attribute metrics — revisit after ADR-0604 Tier B/C lands. |
| Related |
ADR-0604 · ADR-0304 · ADR-0302 |
OpenTelemetry tracing
|
|
| Status |
Deferred |
| Summary |
Distributed tracing for reconcile, collection, and export (OTel SDK, OTLP export). Parked — no code in v0.x; Prometheus + logs cover SLOs today. |
| Spec |
ADR-0605 — design reference only; spans would cover kollect.reconcile, kollect.collect.refresh, kollect.export in-process. Reopen when OTLP is mandated or UI needs trace IDs. |
| Related ADRs |
ADR-0605 (Parked) · ADR-0602 · ADR-0603 |
|
|
| Status |
Planned |
| Roadmap |
Performance and scalability ⬜ |
| Summary |
Configurable informer resync period flag (and Helm value) for operators who need periodic full relist beyond event-driven reconcile — default remains conservative for large fleets (ADR-0301). |
| Related ADRs |
ADR-0301 · ADR-0603 |
Helm chart docs generation (helm-docs)
|
|
| Status |
Done |
| Roadmap |
Phase 0 ✅ |
| Summary |
Automate helm-docs generation for charts/kollect/README.md from values.yaml comments — keep chart reference in sync with values schema (ADR-0704). |
| Related ADRs |
ADR-0704 |
Release supply chain attestations (post-rc)
|
|
| Status |
Planned |
| Summary |
Post-release-candidate hardening: cosign attestations, Helm chart signing, OpenSSF scorecard — documented in ADR-0705, deferred until after first rc to avoid maintainer self-approval friction. Local task release-dry-run passes today; GH Actions workflow_dispatch rc remains 🚧 on roadmap. |
| Related ADRs |
ADR-0705 · RELEASE.md |
How items graduate
- Spec needed → draft an RFC or ADR in Exploring status (ADR/RFC process).
- Accepted ADR → track implementation on ROADMAP.md with phase and status marks.
- Rejected → move to ROADMAP Rejected or ADR Dropped with rationale (see ADR-0702).
See also