building in public

Public roadmap.

What we are building, in order of priority. Updated monthly. No dates, because an early software deadline promise is a broken promise.

Done · 4 In progress · 0 Next · 1 Planned · 6
  1. Phase 0 Done

    Foundation v0.1.0-alpha

    Modernizing the technical base. Current stack on Go 1.23, builds with Vite, deploy on a distroless Docker image, CI with lint and coverage. Complete rebrand of the original fork.

  2. Phase 1 Done

    Multi-tenant v0.2.0-alpha

    Native support for multiple organizations on a single instance: workspaces, roles (admin, campaign manager, analyst, viewer), audit log and per-plan quotas.

  3. Phase 2 Done

    Data infrastructure v0.3.0-alpha

    Postgres as the primary database, distributed job queue, structured logging, metrics and tracing via OpenTelemetry, S3-compatible storage.

  4. Phase 3 Done

    New dashboard v0.5.0-alpha

    completed in May 2026

    Web interface rewritten in React + TypeScript + shadcn/ui. API described in OpenAPI 3.1. Modern template editor. Support for PT-BR, EN and ES.

  5. Phase 4 Next

    Identity

    SSO via SAML 2.0 and OIDC. MFA with WebAuthn (passkeys) and TOTP. SCIM 2.0 for provisioning. Sync with Azure AD, Google Workspace, Okta and LDAP.

  6. Phase 5 Planned

    ChatOps

    Native connectors for Slack, Microsoft Teams and Discord. A rules engine to automate event-based actions. Per-channel configurable digests.

  7. Phase 6 Planned

    Threat intel and SIEM

    Exporters for Splunk, Microsoft Sentinel, Elastic, CrowdStrike and CEF/Syslog. Threat-intel import via STIX 2.1 and TAXII.

  8. Phase 7 Planned

    Email provider APIs + AI Assist

    Delivery via Microsoft Graph, Gmail API and Amazon SES with OAuth. Multi-provider AI assistance (Claude, OpenAI, Gemini, DeepSeek, OpenRouter and local Ollama) to generate and localize attack templates, and explain why a target fell for it — provider chosen per workspace.

  9. Phase 8 Planned

    Awareness training

    Integrated microlearning with event-based auto-enroll. SCORM 1.2/2004 and xAPI support. Awareness score per user and organization. Traceable certificates.

  10. Phase 9 Planned

    Public SaaS

    Self-serve signup, billing via Stripe, per-seat plans. Multi-region with data residency: Brazil (São Paulo), EU (Frankfurt) and US (Virginia).

  11. Phase 10 Planned

    Continuous compliance

    SOC 2 Type II, full LGPD/GDPR, quarterly pentests and a public bug bounty program.

Have a feature that is critical to your operation?

Companies in the alpha weigh in on roadmap decisions. Talk to us before signing a contract with any other vendor.