A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
1# ATCR UI - Feature Roadmap
2
3This document tracks the status of ATCR features beyond the V1 MVP. Features are marked with their current status:
4
5- **DONE** — Fully implemented and shipping
6- **PARTIAL** — Some parts implemented
7- **BACKEND ONLY** — Backend exists, no UI yet
8- **NOT STARTED** — Future work
9- **BLOCKED** — Waiting on external dependency
10
11---
12
13## What's Already Built (not in original roadmap)
14
15These features were implemented but weren't in the original future features list:
16
17| Feature | Location | Notes |
18|---------|----------|-------|
19| **Billing (Stripe)** | `pkg/hold/billing/` | Checkout sessions, customer portal, subscription webhooks, tier upgrades. Build with `-tags billing`. |
20| **Garbage collection** | `pkg/hold/gc/` | Mark-and-sweep for orphaned blobs. Preview (dry-run) and execute modes. Triggered from hold admin UI. |
21| **libSQL embedded replicas** | AppView + Hold | Sync to Turso, Bunny DB, or self-hosted libsql-server. Configurable sync interval. |
22| **Hold successor/migration** | `pkg/hold/` | Promote a hold as successor to migrate users to new storage. |
23| **Relay management** | Hold admin | Manage firehose relay connections from admin panel. |
24| **Data export** | `pkg/appview/handlers/export.go` | GDPR-compliant export of all user data from AppView + all holds where user is member/captain. |
25| **Dark/light mode** | AppView UI | System preference detection, toggle, localStorage persistence. |
26| **Credential helper install page** | `/install` | Install scripts for macOS/Linux/Windows, version API. |
27| **Stars** | AppView UI | Star/unstar repos stored as `io.atcr.star` ATProto records, counts displayed. |
28
29---
30
31## Advanced Image Management
32
33### Multi-Architecture Image Support — DONE (display) / NOT STARTED (creation)
34
35**Display image indexes — DONE:**
36- Show when a tag points to an image index (multi-arch manifest) — `IsMultiArch` flag, "Multi-arch" badge
37- Display all architectures/platforms in the index — platform badges (e.g., linux/amd64, linux/arm64)
38- Allow viewing individual manifests within the index
39- Show platform-specific details
40
41**Image index creation — NOT STARTED:**
42- UI for combining multiple single-arch manifests into an image index
43- Automatic platform detection from manifest metadata
44- Validate that all manifests are for the same image (different platforms)
45
46### Layer Inspection & Visualization — NOT STARTED
47
48DB stores layer metadata (digest, size, media type, layer index) but there's no UI for any of this.
49
50**Layer details page:**
51- Show Dockerfile command that created each layer (if available in history)
52- Display layer size and compression ratio
53- Show file changes in each layer (added/modified/deleted files)
54- Visualize layer hierarchy (parent-child relationships)
55
56**Layer deduplication stats:**
57- Show which layers are shared across images
58- Calculate storage savings from layer sharing
59- Identify duplicate layers with different digests (potential optimization)
60
61### Image Operations — PARTIAL (delete only)
62
63**Tag/manifest deletion — DONE:**
64- Delete tags with `DeleteTagHandler` (cascade + confirmation modal)
65- Delete manifests with `DeleteManifestHandler` (handles tagged manifests gracefully)
66
67**Tag Management — NOT STARTED:**
68- Tag promotion workflow (dev → staging → prod)
69- Tag aliases (multiple tags → same digest)
70- Tag patterns (auto-tag based on git commit, semantic version, date)
71- Tag protection (mark tags as immutable)
72
73**Image Copying — NOT STARTED:**
74- Copy image from one repository to another
75- Copy image from another user's repository (fork)
76- Bulk copy operations
77
78**Image History — NOT STARTED:**
79- Timeline view of tag changes
80- Rollback functionality
81- Audit log of image operations
82
83### Vulnerability Scanning — DONE (backend) / NOT STARTED (UI)
84
85**Backend — DONE:**
86- Separate scanner service (`scanner/` module) with Syft (SBOM) + Grype (vulnerabilities)
87- WebSocket-based job queue connecting scanner to hold service
88- Priority queue with tier-based scheduling (quartermaster > bosun > deckhand)
89- Scan results stored as ORAS artifacts in S3, referenced in hold PDS
90- Automatic scanning dispatched by hold on manifest push
91- See `docs/SBOM_SCANNING.md`
92
93**AppView UI — NOT STARTED:**
94- Display CVE count by severity (critical, high, medium, low)
95- Show detailed CVE information (description, CVSS score, affected packages)
96- Filter images by vulnerability status
97- Subscribe to CVE notifications for your images
98- Compare vulnerability status across tags/versions
99
100### Image Signing & Verification — NOT STARTED
101
102Concept doc exists at `docs/SIGNATURE_INTEGRATION.md` but no implementation.
103
104- Sign images
105- Display signature verification status
106- Display signature metadata
107- Require signatures for protected repositories
108
109### SBOM (Software Bill of Materials) — DONE (backend) / NOT STARTED (UI)
110
111**Backend — DONE:**
112- Syft generates SPDX JSON format SBOMs
113- Stored as ORAS artifacts (referenced via `artifactType: "application/spdx+json"`)
114- Blobs in S3, metadata in hold's PDS
115- Accessible via ORAS CLI and hold XRPC endpoints
116
117**UI — NOT STARTED:**
118- Display package list from SBOM
119- Show license information
120- Link to upstream package sources
121- Compare SBOMs across versions
122
123---
124
125## Hold Management Dashboard — DONE (on hold admin panel)
126
127Hold management is implemented as a separate admin panel on the hold service itself (`pkg/hold/admin/`), not in the AppView UI. This makes sense architecturally — hold owners manage their own holds.
128
129### Hold Discovery & Registration — PARTIAL
130
131**Hold registration — DONE:**
132- Automatic registration on hold startup (captain + crew records created in embedded PDS)
133- Auto-detection of region from cloud metadata
134
135**NOT STARTED:**
136- UI wizard for deploying hold service
137- One-click deployment to cloud platforms
138- Configuration generator
139- Test connectivity UI
140
141### Hold Configuration — DONE (admin panel)
142
143**Hold settings — DONE (hold admin):**
144- Toggle public/private flag
145- Toggle allow-all-crew
146- Toggle Bluesky post announcements
147- Set successor hold DID for migration
148- Writes changes back to YAML config file
149
150**Storage config — YAML-only:**
151- S3 credentials, region, bucket, endpoint, CDN pull zone all configured via YAML
152- No UI for editing S3 credentials or rotating keys
153
154**Quotas — DONE (read-only UI):**
155- Tier-based limits (deckhand 5GB, bosun 50GB, quartermaster 100GB)
156- Per-user quota tracking and display in admin
157- Not editable via UI (requires YAML change)
158
159**NOT STARTED:**
160- Retention policies (auto-delete old blobs)
161- Hold service log viewer
162
163### Crew Management — DONE (hold admin panel)
164
165**Implemented in `pkg/hold/admin/handlers_crew.go`:**
166- Add crew by DID with role, permissions (`blob:read`, `blob:write`, `crew:admin`), and tier
167- Crew list showing handle, role, permissions, tier, usage, quota
168- Edit crew permissions and tier
169- Remove crew members
170- Bulk JSON import/export with deduplication (`handlers_crew_io.go`)
171
172**NOT STARTED:**
173- Invitation links (OAuth-based, currently must know DID)
174- Invite by handle (currently DID-only)
175- Crew request workflow (users can't self-request access)
176- Approval/rejection flow
177
178### Hold Analytics — PARTIAL
179
180**Storage metrics — DONE (hold admin):**
181- Total blobs, total size, unique digests
182- Per-user quota stats (total size, blob count)
183- Top users by storage (lazy-loaded HTMX partial)
184- Crew count and tier distribution
185
186**NOT STARTED:**
187- Access metrics (downloads, pulls, bandwidth)
188- Growth over time charts
189- Cost estimation
190- Geographic distribution
191- Access logs
192
193---
194
195## Discovery & Social Features
196
197### Federated Browse & Search — PARTIAL
198
199**Basic search — DONE:**
200- Full-text search across handles, DIDs, repo names, and annotations
201- Search UI with HTMX lazy loading and pagination
202- Navigation bar search component
203
204**NOT STARTED:**
205- Filter by user, hold, architecture, date range
206- Sort by popularity, recency, size
207- Advanced query syntax
208- Popular/trending images
209- Categories and user-defined tags
210
211### Sailor Profiles — PARTIAL
212
213**Public profile page — DONE:**
214- `/u/{handle}` shows user's avatar, handle, DID, and all public repositories
215- OpenGraph meta tags and JSON-LD structured data
216
217**NOT STARTED:**
218- Bio/description field
219- Website links
220- Statistics (total images, total pulls, joined date)
221- Pinned/featured repositories
222
223### Social Features — PARTIAL (stars only)
224
225**Stars — DONE:**
226- Star/unstar repositories stored as `io.atcr.star` ATProto records
227- Star counts displayed on repository pages
228
229**NOT STARTED:**
230- Follow other sailors
231- Comment on images
232- Like/upvote images
233- Activity feed
234- Federated timeline / custom feeds
235- Sharing to Bluesky/ATProto social apps
236
237---
238
239## Access Control & Permissions
240
241### Hold-Level Access Control — DONE
242
243- Public/private hold toggle (admin UI + OCI enforcement)
244- Crew permissions: `blob:read`, `blob:write`, `crew:admin`
245- `blob:write` implicitly grants `blob:read`
246- Captain has all permissions implicitly
247- See `docs/BYOS.md`
248
249### Repository-Level Permissions — BLOCKED
250
251- **Private repositories blocked by ATProto** — no private records support yet
252- Repository-level permissions, collaborator invites, read-only tokens all depend on this
253- May require proxy layer or encrypted blobs when ATProto adds private record support
254
255### Team/Organization Accounts — NOT STARTED
256
257- Organization accounts, RBAC, SSO, audit logs
258- Likely a later-stage feature
259
260---
261
262## Analytics & Monitoring
263
264### Dashboard — PARTIAL
265
266**Hold dashboard — DONE (hold admin):**
267- Storage usage, crew count, tier distribution
268
269**Personal dashboard — NOT STARTED:**
270- Overview of your images, holds, activity
271- Quick stats, recent activity, alerts
272
273### Pull Analytics — NOT STARTED
274
275- Pull count per image/tag
276- Pull count by client, geography, over time
277- User analytics (authenticated vs anonymous)
278
279### Alerts & Notifications — NOT STARTED
280
281- Alert types (quota exceeded, vulnerability detected, hold down, etc.)
282- Notification channels (email, webhook, ATProto, Slack/Discord)
283
284---
285
286## Developer Tools & Integrations
287
288### Credential Helper — DONE
289
290- Install page at `/install` with shell scripts
291- Version API endpoint for automatic updates
292
293### API Documentation — NOT STARTED
294
295- Swagger/OpenAPI specs
296- Interactive API explorer
297- Code examples, SDKs
298
299### Webhooks — NOT STARTED
300
301- Repository-level webhook registration
302- Events: manifest.pushed, tag.created, scan.completed, etc.
303- Test, retry, delivery history
304
305### CI/CD Integration — NOT STARTED
306
307- GitHub Actions, GitLab CI, CircleCI example workflows
308- Pre-built actions/plugins
309- Build status badges
310
311### Infrastructure as Code — PARTIAL
312
313**DONE:**
314- Custom UpCloud deployment tool (`deploy/upcloud/`) with Go-based provisioning, cloud-init, systemd, config templates
315- Docker Compose for dev and production
316
317**NOT STARTED:**
318- Terraform modules
319- Helm charts
320- Kubernetes manifests (only an example verification webhook exists)
321- GitOps integrations (ArgoCD, FluxCD)
322
323---
324
325## Documentation & Onboarding — PARTIAL
326
327**DONE:**
328- Install page with credential helper setup
329- Learn more page
330- Internal developer docs (`docs/`)
331
332**NOT STARTED:**
333- Interactive onboarding wizard
334- Product tour / tooltips
335- Help center with FAQs
336- Video tutorials
337- Comprehensive user-facing documentation site
338
339---
340
341## Advanced ATProto Integration
342
343### Data Export — DONE
344
345- GDPR-compliant data export (`ExportUserDataHandler`)
346- Fetches data from AppView DB + all holds where user is member/captain
347
348### Record Viewer — NOT STARTED
349
350- Browse `io.atcr.*` records with raw JSON view
351- Record history, diff viewer
352- ATP URI links
353
354### PDS Integration — NOT STARTED
355
356- Multi-PDS support, PDS health monitoring
357- PDS migration tools
358- "Verify on PDS" button
359
360### Federation — NOT STARTED
361
362- Cross-AppView image pulls
363- AppView discovery
364- Federated search
365
366---
367
368## UI/UX Enhancements
369
370### Theming — PARTIAL
371
372**DONE:**
373- Light/dark mode with system preference detection and toggle
374- Responsive design (Tailwind/DaisyUI, mobile-friendly)
375- PWA manifest with icons (no service worker yet)
376
377**NOT STARTED:**
378- Custom themes
379- WCAG 2.1 AA accessibility audit
380- High contrast mode
381- Internationalization (i18n)
382- Native mobile apps
383
384### Performance — PARTIAL
385
386**DONE:**
387- HTMX lazy loading for data-heavy partials
388- Efficient server-side rendering
389
390**NOT STARTED:**
391- Service worker for offline caching
392- Virtual scrolling for large lists
393- GraphQL API
394- Real-time WebSocket updates in UI
395
396---
397
398## Enterprise Features — NOT STARTED (except billing)
399
400### Billing — DONE
401
402- Stripe integration (`pkg/hold/billing/`, requires `-tags billing` build tag)
403- Checkout sessions, customer portal, subscription webhooks
404- Tier upgrades/downgrades
405
406### Everything Else — NOT STARTED
407
408- Organization accounts with SSO (SAML, OIDC)
409- RBAC, audit logs for compliance
410- SOC 2, HIPAA, GDPR compliance tooling (data export exists, see above)
411- Image scanning policy enforcement
412- Paid tier SLAs
413
414---
415
416## Miscellaneous Ideas — NOT STARTED
417
418These remain future ideas with no implementation:
419
420- **Image build service** — Cloud-based Dockerfile builds
421- **Registry mirroring** — Pull-through cache for Docker Hub, ghcr.io, etc.
422- **Deployment tools** — One-click deploy to K8s, ECS, Fly.io
423- **Image recommendations** — ML-based "similar images" and "people also pulled"
424- **Gamification** — Achievement badges, leaderboards
425- **Advanced search** — Semantic/AI-powered search, saved searches
426
427---
428
429## Updated Priority List
430
431**Already done (was "High Priority"):**
4321. ~~Multi-architecture image support~~ — display working
4332. ~~Vulnerability scanning integration~~ — backend complete
4343. ~~Hold management dashboard~~ — implemented on hold admin panel
4354. ~~Basic search~~ — working
436
437**Remaining high priority:**
4381. Scan results UI in AppView (backend exists, just needs frontend)
4392. SBOM display UI in AppView (backend exists, just needs frontend)
4403. Webhooks for CI/CD integration
4414. Enhanced search (filters, sorting, advanced queries)
4425. Richer sailor profiles (bio, stats, pinned repos)
443
444**Medium priority:**
4451. Layer inspection UI
4462. Pull analytics and monitoring
4473. API documentation (Swagger/OpenAPI)
4484. Tag management (promotion, protection, aliases)
4495. Onboarding wizard / getting started guide
450
451**Low priority / long-term:**
4521. Team/organization accounts
4532. Image build service
4543. Registry mirroring
4554. Federation features
4565. Internationalization
457
458**Blocked on external dependencies:**
4591. Private repositories (requires ATProto private records)
4602. Federated timeline (requires ATProto feed infrastructure)
461
462---
463
464**Note:** This is a living document. Features may be added, removed, or reprioritized based on user feedback, technical feasibility, and ATProto ecosystem evolution.
465
466*Last audited: 2026-02-12*