ATCR UI - Feature Roadmap#

This document tracks the status of ATCR features beyond the V1 MVP. Features are marked with their current status:

• DONE — Fully implemented and shipping
• PARTIAL — Some parts implemented
• BACKEND ONLY — Backend exists, no UI yet
• NOT STARTED — Future work
• BLOCKED — Waiting on external dependency

What's Already Built (not in original roadmap)#

These features were implemented but weren't in the original future features list:

Advanced Image Management#

Multi-Architecture Image Support — DONE (display) / NOT STARTED (creation)#

Display image indexes — DONE:

• Show when a tag points to an image index (multi-arch manifest) — IsMultiArch flag, "Multi-arch" badge
• Display all architectures/platforms in the index — platform badges (e.g., linux/amd64, linux/arm64)
• Allow viewing individual manifests within the index
• Show platform-specific details

Image index creation — NOT STARTED:

• UI for combining multiple single-arch manifests into an image index
• Automatic platform detection from manifest metadata
• Validate that all manifests are for the same image (different platforms)

Layer Inspection & Visualization — NOT STARTED#

DB stores layer metadata (digest, size, media type, layer index) but there's no UI for any of this.

Layer details page:

• Show Dockerfile command that created each layer (if available in history)
• Display layer size and compression ratio
• Show file changes in each layer (added/modified/deleted files)
• Visualize layer hierarchy (parent-child relationships)

Layer deduplication stats:

• Show which layers are shared across images
• Calculate storage savings from layer sharing
• Identify duplicate layers with different digests (potential optimization)

Image Operations — PARTIAL (delete only)#

Tag/manifest deletion — DONE:

• Delete tags with DeleteTagHandler (cascade + confirmation modal)
• Delete manifests with DeleteManifestHandler (handles tagged manifests gracefully)

Tag Management — NOT STARTED:

• Tag promotion workflow (dev → staging → prod)
• Tag aliases (multiple tags → same digest)
• Tag patterns (auto-tag based on git commit, semantic version, date)
• Tag protection (mark tags as immutable)

Image Copying — NOT STARTED:

• Copy image from one repository to another
• Copy image from another user's repository (fork)
• Bulk copy operations

Image History — NOT STARTED:

• Timeline view of tag changes
• Rollback functionality
• Audit log of image operations

Vulnerability Scanning — DONE (backend) / NOT STARTED (UI)#

Backend — DONE:

• Separate scanner service (scanner/ module) with Syft (SBOM) + Grype (vulnerabilities)
• WebSocket-based job queue connecting scanner to hold service
• Priority queue with tier-based scheduling (quartermaster > bosun > deckhand)
• Scan results stored as ORAS artifacts in S3, referenced in hold PDS
• Automatic scanning dispatched by hold on manifest push
• See docs/SBOM_SCANNING.md

AppView UI — NOT STARTED:

• Display CVE count by severity (critical, high, medium, low)
• Show detailed CVE information (description, CVSS score, affected packages)
• Filter images by vulnerability status
• Subscribe to CVE notifications for your images
• Compare vulnerability status across tags/versions

Image Signing & Verification — NOT STARTED#

Concept doc exists at docs/SIGNATURE_INTEGRATION.md but no implementation.

• Sign images
• Display signature verification status
• Display signature metadata
• Require signatures for protected repositories

SBOM (Software Bill of Materials) — DONE (backend) / NOT STARTED (UI)#

Backend — DONE:

• Syft generates SPDX JSON format SBOMs
• Stored as ORAS artifacts (referenced via artifactType: "application/spdx+json")
• Blobs in S3, metadata in hold's PDS
• Accessible via ORAS CLI and hold XRPC endpoints

UI — NOT STARTED:

• Display package list from SBOM
• Show license information
• Link to upstream package sources
• Compare SBOMs across versions

Hold Management Dashboard — DONE (on hold admin panel)#

Hold management is implemented as a separate admin panel on the hold service itself (pkg/hold/admin/), not in the AppView UI. This makes sense architecturally — hold owners manage their own holds.

Hold Discovery & Registration — PARTIAL#

Hold registration — DONE:

• Automatic registration on hold startup (captain + crew records created in embedded PDS)
• Auto-detection of region from cloud metadata

NOT STARTED:

• UI wizard for deploying hold service
• One-click deployment to cloud platforms
• Configuration generator
• Test connectivity UI

Hold Configuration — DONE (admin panel)#

Hold settings — DONE (hold admin):

• Toggle public/private flag
• Toggle allow-all-crew
• Toggle Bluesky post announcements
• Set successor hold DID for migration
• Writes changes back to YAML config file

Storage config — YAML-only:

• S3 credentials, region, bucket, endpoint, CDN pull zone all configured via YAML
• No UI for editing S3 credentials or rotating keys

Quotas — DONE (read-only UI):

• Tier-based limits (deckhand 5GB, bosun 50GB, quartermaster 100GB)
• Per-user quota tracking and display in admin
• Not editable via UI (requires YAML change)

NOT STARTED:

• Retention policies (auto-delete old blobs)
• Hold service log viewer

Crew Management — DONE (hold admin panel)#

Implemented in pkg/hold/admin/handlers_crew.go:

• Add crew by DID with role, permissions (blob:read, blob:write, crew:admin), and tier
• Crew list showing handle, role, permissions, tier, usage, quota
• Edit crew permissions and tier
• Remove crew members
• Bulk JSON import/export with deduplication (handlers_crew_io.go)

NOT STARTED:

• Invitation links (OAuth-based, currently must know DID)
• Invite by handle (currently DID-only)
• Crew request workflow (users can't self-request access)
• Approval/rejection flow

Hold Analytics — PARTIAL#

Storage metrics — DONE (hold admin):

• Total blobs, total size, unique digests
• Per-user quota stats (total size, blob count)
• Top users by storage (lazy-loaded HTMX partial)
• Crew count and tier distribution

NOT STARTED:

• Access metrics (downloads, pulls, bandwidth)
• Growth over time charts
• Cost estimation
• Geographic distribution
• Access logs

Discovery & Social Features#

Federated Browse & Search — PARTIAL#

Basic search — DONE:

• Full-text search across handles, DIDs, repo names, and annotations
• Search UI with HTMX lazy loading and pagination
• Navigation bar search component

NOT STARTED:

• Filter by user, hold, architecture, date range
• Sort by popularity, recency, size
• Advanced query syntax
• Popular/trending images
• Categories and user-defined tags

Sailor Profiles — PARTIAL#

Public profile page — DONE:

• /u/{handle} shows user's avatar, handle, DID, and all public repositories
• OpenGraph meta tags and JSON-LD structured data

NOT STARTED:

• Bio/description field
• Website links
• Statistics (total images, total pulls, joined date)
• Pinned/featured repositories

Social Features — PARTIAL (stars only)#

Stars — DONE:

• Star/unstar repositories stored as io.atcr.star ATProto records
• Star counts displayed on repository pages

NOT STARTED:

• Follow other sailors
• Comment on images
• Like/upvote images
• Activity feed
• Federated timeline / custom feeds
• Sharing to Bluesky/ATProto social apps

Access Control & Permissions#

Hold-Level Access Control — DONE#

• Public/private hold toggle (admin UI + OCI enforcement)
• Crew permissions: blob:read, blob:write, crew:admin
• blob:write implicitly grants blob:read
• Captain has all permissions implicitly
• See docs/BYOS.md

Repository-Level Permissions — BLOCKED#

• Private repositories blocked by ATProto — no private records support yet
• Repository-level permissions, collaborator invites, read-only tokens all depend on this
• May require proxy layer or encrypted blobs when ATProto adds private record support

Team/Organization Accounts — NOT STARTED#

• Organization accounts, RBAC, SSO, audit logs
• Likely a later-stage feature

Analytics & Monitoring#

Dashboard — PARTIAL#

Hold dashboard — DONE (hold admin):

• Storage usage, crew count, tier distribution

Personal dashboard — NOT STARTED:

• Overview of your images, holds, activity
• Quick stats, recent activity, alerts

Pull Analytics — NOT STARTED#

• Pull count per image/tag
• Pull count by client, geography, over time
• User analytics (authenticated vs anonymous)

Alerts & Notifications — NOT STARTED#

• Alert types (quota exceeded, vulnerability detected, hold down, etc.)
• Notification channels (email, webhook, ATProto, Slack/Discord)

Developer Tools & Integrations#

Credential Helper — DONE#

• Install page at /install with shell scripts
• Version API endpoint for automatic updates

API Documentation — NOT STARTED#

• Swagger/OpenAPI specs
• Interactive API explorer
• Code examples, SDKs

Webhooks — NOT STARTED#

• Repository-level webhook registration
• Events: manifest.pushed, tag.created, scan.completed, etc.
• Test, retry, delivery history

CI/CD Integration — NOT STARTED#

• GitHub Actions, GitLab CI, CircleCI example workflows
• Pre-built actions/plugins
• Build status badges

Infrastructure as Code — PARTIAL#

DONE:

• Custom UpCloud deployment tool (deploy/upcloud/) with Go-based provisioning, cloud-init, systemd, config templates
• Docker Compose for dev and production

NOT STARTED:

• Terraform modules
• Helm charts
• Kubernetes manifests (only an example verification webhook exists)
• GitOps integrations (ArgoCD, FluxCD)

Documentation & Onboarding — PARTIAL#

DONE:

• Install page with credential helper setup
• Learn more page
• Internal developer docs (docs/)

NOT STARTED:

• Interactive onboarding wizard
• Product tour / tooltips
• Help center with FAQs
• Video tutorials
• Comprehensive user-facing documentation site

Advanced ATProto Integration#

Data Export — DONE#

• GDPR-compliant data export (ExportUserDataHandler)
• Fetches data from AppView DB + all holds where user is member/captain

Record Viewer — NOT STARTED#

• Browse io.atcr.* records with raw JSON view
• Record history, diff viewer
• ATP URI links

PDS Integration — NOT STARTED#

• Multi-PDS support, PDS health monitoring
• PDS migration tools
• "Verify on PDS" button

Federation — NOT STARTED#

• Cross-AppView image pulls
• AppView discovery
• Federated search

UI/UX Enhancements#

Theming — PARTIAL#

DONE:

• Light/dark mode with system preference detection and toggle
• Responsive design (Tailwind/DaisyUI, mobile-friendly)
• PWA manifest with icons (no service worker yet)

NOT STARTED:

• Custom themes
• WCAG 2.1 AA accessibility audit
• High contrast mode
• Internationalization (i18n)
• Native mobile apps

Performance — PARTIAL#

DONE:

• HTMX lazy loading for data-heavy partials
• Efficient server-side rendering

NOT STARTED:

• Service worker for offline caching
• Virtual scrolling for large lists
• GraphQL API
• Real-time WebSocket updates in UI

Enterprise Features — NOT STARTED (except billing)#

Billing — DONE#

• Stripe integration (pkg/hold/billing/, requires -tags billing build tag)
• Checkout sessions, customer portal, subscription webhooks
• Tier upgrades/downgrades

Everything Else — NOT STARTED#

• Organization accounts with SSO (SAML, OIDC)
• RBAC, audit logs for compliance
• SOC 2, HIPAA, GDPR compliance tooling (data export exists, see above)
• Image scanning policy enforcement
• Paid tier SLAs

Miscellaneous Ideas — NOT STARTED#

These remain future ideas with no implementation:

• Image build service — Cloud-based Dockerfile builds
• Registry mirroring — Pull-through cache for Docker Hub, ghcr.io, etc.
• Deployment tools — One-click deploy to K8s, ECS, Fly.io
• Image recommendations — ML-based "similar images" and "people also pulled"
• Gamification — Achievement badges, leaderboards
• Advanced search — Semantic/AI-powered search, saved searches

Updated Priority List#

Already done (was "High Priority"):

1. Multi-architecture image support — display working
2. Vulnerability scanning integration — backend complete
3. Hold management dashboard — implemented on hold admin panel
4. Basic search — working

Remaining high priority:

1. Scan results UI in AppView (backend exists, just needs frontend)
2. SBOM display UI in AppView (backend exists, just needs frontend)
3. Webhooks for CI/CD integration
4. Enhanced search (filters, sorting, advanced queries)
5. Richer sailor profiles (bio, stats, pinned repos)

Medium priority:

1. Layer inspection UI
2. Pull analytics and monitoring
3. API documentation (Swagger/OpenAPI)
4. Tag management (promotion, protection, aliases)
5. Onboarding wizard / getting started guide

Low priority / long-term:

1. Team/organization accounts
2. Image build service
3. Registry mirroring
4. Federation features
5. Internationalization

Blocked on external dependencies:

1. Private repositories (requires ATProto private records)
2. Federated timeline (requires ATProto feed infrastructure)

Note: This is a living document. Features may be added, removed, or reprioritized based on user feedback, technical feasibility, and ATProto ecosystem evolution.

Last audited: 2026-02-12