Skip to main content

Roadmap

Missing pieces

  • Formal per-command CTS command contracts (purpose, invocation, inputs, stdout/stderr behavior, machine-readable mode, stability notes)
  • Exit code table mapping implemented exit codes to CTS bands
  • Explicit documentation of machine-readable output policy — currently text-first manifests are used with no formal --json mode or documented "no JSON" statement
  • Documented --version output behavior for both CLIs
  • A release checklist aligned to CTS release blockers (help accuracy, exit-code verification, JSON output rules, destructive-command previews)
  • Structured, machine-readable error examples for automation consumers
  • Preview / --dry-run support or a documented confirmation workflow for the -overwrite flag — the flag exists but there's no dry-run/preview mechanism

Next steps

  1. Publish formal command contracts for archive-hasher and manifest-signer, including exit-code tables and machine-readable behavior notes
  2. Add a documented --version flag and include explicit version output (manifests already carry a Generated-By field, but the CLI itself doesn't expose --version)
  3. Either implement a --json output mode following the CTS JSON envelope, or document an explicit "no JSON" policy
  4. Add a --dry-run/--preview mode for overwrite operations, with documented rollback/recovery behavior
  5. Create a CTS-aligned release checklist; verify help output, exit codes, and example automation runs before releases
  6. Automate integration tests for both signing workflows (PGP and PQ) in CI, to validate external dependency behavior

Potential improvements

  • An optional machine-readable provenance envelope (JSON) alongside snapshot-hashes.txt for automation consumers
  • A resumable/streaming hashing mode for very large archives, to reduce memory/IO pressure
  • Structured progress events on stderr, kept separate from stdout manifest output
  • An audit-logging option recording hashing and signing actions for operator audit trails
  • Platform-agnostic PQ key management examples/scripts for generating SLH-DSA keys with OpenSSL
  • Prebuilt binaries and checksums in releases, to simplify operator installation

Creative enhancements (ideas on file, not committed)

  • A signed, machine-readable provenance bundle — a compact JSON file bundling the AAMHS manifest fields, tool version, and both detached signatures, for simple automation verification without parsing freeform text
  • An "incremental snapshot" mode writing chunk-level partial digests and a resumable index, to resume hashing after interruption and validate partial uploads
  • A local "AAMHS validator" library/small CLI that verifies an artifact against a manifest and signatures, embeddable in other Aptlantis tools and dashboards
  • A plugin API to register additional hash algorithms or alternate hash profiles for special collections
  • A small Tauri-based desktop utility wrapping the CLIs for single-operator convenience, while preserving the same on-disk artifact formats and detached signatures
  • An "archive registry" integration that auto-links generated snapshot manifests to Aptlantis dataset indices, producing an index entry with signed provenance