Roadmap: MCP Control Plane Web Console (phased delivery) #653

Open
opened 2026-07-10 14:48:05 -05:00 by jcwalker3 · 2 comments
Owner

Purpose

This issue is the phased delivery roadmap and epic sequencing for the MCP Control Plane Web Console.

Phases sequence work; they do not delete vision. Anything not linked under a phase remains in Preserved but not yet scheduled until converted to issues or controller-rejected on #652.


Phase 1 — Read-only operational visibility

Goals

Safe operator and API visibility without privileged writes.

Included capabilities

Architecture; auth/audit model design; system-health API; project registry API; session/lease/lock/namespace/runtime/worktree inventory API; workflow-event/conversation timeline model; application shell; system-health dashboard; traffic-control view; runtime/session view.

Dependencies

Existing webui/ MVP; control-plane DB/allocator where available (#613/#600); Gitea read access.

Exit criteria

  • Versioned read APIs for health, projects, inventory, timeline model exist with tests.
  • Shell navigates Phase 1 views; health/traffic/runtime dashboards render live or fixture-backed data.
  • Auth/audit architecture documented enough to gate Phase 2.
  • No ungated browser mutations.

Risks

Stale runtime false safety (#610); secret leakage in inventory; scope creep into Phase 2 actions.

Deferred (still in vision #652)

Restart/stop/start; request initiation; full SSO; multi-provider admin; AI insights; notifications channels.

Linked implementation issues

Issue Title Status
#632 Architecture and information architecture open
#633 Authorization, RBAC, secret redaction, audit model open
#634 Read-only system-health API open
#635 Project registry API evolution open
#636 Session/lease/lock/worktree inventory API open
#637 Workflow-event and conversation timeline model open
#638 Application shell evolution open
#639 System-health dashboard open
#640 Workflow traffic-control view open
#641 Runtime and session view open

Current status

Active / recommended next work: #632 then #633, then APIs (#634–#637), then shell/views (#638–#641). Claim one issue lease at a time.


Phase 2 — Controlled operational actions

Goals

Gated, audited operational controls after Phase 1 auth model.

Included capabilities

Sanctioned restart/stop/start/graceful reload; request creation/intent preview/authorization/workflow initiation; pause/cancel/reprioritize (as designed); stale-runtime recovery; worktree rebind; reconciliation controls; quarantine/cleanup previews.

Dependencies

#633 auth/audit; #634 health; #636 inventory; #642–#644; #630 contamination rules.

Exit criteria

All Phase 2 actions gated + confirmed + audited; post-action revalidation; no pkill recovery path.

Risks

Unsafe process control; lease steal; contaminated clean claims.

Deferred

Full dual-control policy editing; SSO step-up; multi-channel notifications.

Linked implementation issues

Issue Title Status
#642 Sanctioned restart and graceful reload open
#643 Requests, intent preview, authorization, initiation open
#644 Stale-runtime recovery, worktree rebind, reconciliation open

Current status

Blocked on Phase 1 auth/health/inventory readiness (soft).


Phase 3 — Workflow orchestration

Goals

Console participates in orchestration visibility and controlled request flow with Gitea linkage and attention routing.

Included capabilities

Gitea (and later GitHub) issue/PR linkage; queue/traffic integration with allocator; dependency-aware states; human-attention routing; notification routing (console inbox first).

Dependencies

Phase 1 traffic/timeline; Phase 2 requests; #628/#626 handoffs; #605 menu complement.

Exit criteria

Operators can see ready/active/blocked/waiting/review/controller/reconciliation/complete/stale/abandoned; attention inbox works without spam.

Risks

Duplicating allocator; treating console as forge of record.

Linked implementation issues

Issue Title Status
#645 Gitea issue and PR linkage console open
#648 Notifications and human-attention routing open
#640 Traffic-control view (Phase 1 foundation for orchestration UI) open

Current status

Not started beyond linkage issues filed.


Phase 4 — AI-assisted insights and optimization

Goals

Evidence-backed insights, provider status, cost/latency analytics — never uncited automation that bypasses gates.

Included capabilities

Sentry/GlitchTip console integration; AI-provider connection status; summaries/blocker explanations/duplicate detection/recurring-failure analysis/risk/workflow-health scoring/next-work recommendations with evidence+confidence labels; usage/cost/latency/success analytics; human-intervention metrics.

Dependencies

#637 timeline; #633 redaction; #606/#607/#612 bridges; #649–#651.

Exit criteria

Insights require evidence refs; missing metrics labeled unknown; no auto-merge/close from insights.

Linked implementation issues

Issue Title Status
#649 Sentry/GlitchTip connections, correlation, durable issues open
#650 AI-provider connections and evidence-backed insights open
#651 Model usage, cost, latency, workflow-performance analytics open

Current status

Not started.


Phase 5 — Governance, policy, security, and long-term platform maturity

Goals

Hardening for multi-operator production use: SSO, advanced RBAC, policy lifecycle, audit immutability, maintenance mode, emergency fail-closed, platform extensions.

Included capabilities

SSO; project permissions; auditor roles; step-up auth; encryption posture; rate limiting; CSRF; privileged-action dual control; versioned policy edit/validate/simulate/approve/rollback (#646/#647); immutable audit; maintenance mode; emergency fail-closed; HA/read-replica topology; feature flags; WCAG track; localization; air-gapped mode; plugin adapters — as prioritized from #652 §O.

Dependencies

Phase 1 auth model; Phase 2 gated actions; #646/#647.

Exit criteria

Documented security baseline met; policy changes audited; emergency controls tested; vision items either shipped or still listed preserved/rejected on #652.

Risks

Over-building enterprise surface before core ops value; secret mismanagement.

Linked implementation issues

Issue Title Status
#646 Policy and guardrail configuration visibility open
#647 Versioned policy editing, validation, simulation, approval, rollback open
#633 Auth/RBAC/redaction/audit model (foundation for Phase 5) open

Current status

Partial issues filed; many maturity items only in preserved list.


Preserved but not yet scheduled

Valid product ideas from #652 without a dedicated implementation issue yet. Remain visible until converted or controller-rejected on #652.

System / process control

  • Explicit stop/start (beyond reload) UI with per-namespace targeting
  • Maintenance mode banner and write-freeze
  • Emergency fail-closed switch (global mutation deny)
  • Degraded-state explanation engine (structured why-not-ready narratives)

Projects / forges

  • Full guided onboarding wizard (discovery → manifest → labels → branch protection → test commands → roles → readiness score)
  • GitHub connection admin (parity with Gitea)
  • Multi-project readiness scoring dashboard
  • Branch protection verification UI

Connections / credentials

  • Credential rotation workflows with expiration warnings
  • Scope and least-privilege matrix per connection
  • Connection validation job history
  • Ollama / local OpenAI-compatible endpoint management UI
  • Gemini / xAI / Anthropic / OpenAI admin panels (beyond status)

Requests / orchestration

  • Pause / cancel / reprioritize request controls (if not fully in #643)
  • Autonomous next-action recommendations UI (allocator-backed)
  • Abandoned / stale work sweeper UI
  • Dependency graph visualization (not prose-only)
  • Concurrent lane map (“city traffic” visual)

Sessions / recovery

  • Lease adoption wizard
  • Lock clearing with dual-control
  • Worktree quarantine workflow
  • Session contamination dashboard (pkill markers, #630)

Conversations / search / export

  • Full internal conversation browser UI
  • Global search across conversations, issues, PRs, sessions, events, projects
  • Transcript export with redaction profiles
  • Retention policy UI

AI insights (beyond #650)

  • Duplicate detection productization
  • Recurring-failure clustering UI
  • Risk detection scoring
  • Workflow-health score product surface
  • Inference labeling standards enforcement UI

Observability (beyond #649)

  • Error grouping UI
  • Regression detection
  • Deployment correlation views
  • Error-to-issue bulk workflows

Notifications (beyond #648)

  • Email / Slack / webhook adapters
  • Digest schedules
  • Controller-only alert channels

Security / platform maturity

  • SSO integration
  • Step-up authentication
  • Project-scoped permissions matrix UI
  • Auditor role experience
  • Rate limiting / CSRF operational dashboards
  • Immutable audit export
  • Encryption-at-rest posture reporting

Analytics (beyond #651)

  • Human-intervention rate reporting
  • Workflow-efficiency scorecards
  • Cost budgets and alerts
  • Model performance comparison boards

Future extension points (#652 §O)

  • Multi-tenant operator orgs
  • Provider adapter plugins
  • Mobile-responsive optimization
  • Inbound webhook event bus
  • Multi-agent traffic simulation
  • Automatic model-routing policies (controller-approved)
  • Read replicas / HA topology
  • Customer-facing portal decision (fork vs never)
  • Public/GraphQL API decision
  • Offline/air-gapped mode
  • WCAG certification track
  • Localization
  • Blue/green + feature flags

Recommended next work

  1. Author claims #632 (architecture) with lease.
  2. Then #633 (auth/audit model).
  3. Then #634–#637 APIs in dependency order.
  4. Then #638–#641 views.
  5. Controller updates this roadmap status as children complete; convert preserved items to issues only when scheduling.

Non-goals

  • Implementing features on this roadmap issue.
  • Deleting vision items by omitting them from phases without #652 change log.
  • Recreating #632–#641.

Canonical issue state

STATE: roadmap-active
WHO_IS_NEXT: author
NEXT_ACTION: Execute Phase 1 starting at #632; keep preserved list current
NEXT_PROMPT: Author implements one Phase 1 child linked to #652 and this roadmap; PR; stop
## Purpose This issue is the **phased delivery roadmap and epic sequencing** for the MCP Control Plane Web Console. * **Canonical product vision (enduring scope):** #652 * **Implementation umbrella (existing children):** #631 * **Foundation MVP (closed):** #425–#436 under `webui/` **Phases sequence work; they do not delete vision.** Anything not linked under a phase remains in **Preserved but not yet scheduled** until converted to issues or controller-rejected on #652. --- ## Phase 1 — Read-only operational visibility ### Goals Safe operator and API visibility without privileged writes. ### Included capabilities Architecture; auth/audit model design; system-health API; project registry API; session/lease/lock/namespace/runtime/worktree inventory API; workflow-event/conversation timeline model; application shell; system-health dashboard; traffic-control view; runtime/session view. ### Dependencies Existing `webui/` MVP; control-plane DB/allocator where available (#613/#600); Gitea read access. ### Exit criteria * Versioned read APIs for health, projects, inventory, timeline model exist with tests. * Shell navigates Phase 1 views; health/traffic/runtime dashboards render live or fixture-backed data. * Auth/audit architecture documented enough to gate Phase 2. * No ungated browser mutations. ### Risks Stale runtime false safety (#610); secret leakage in inventory; scope creep into Phase 2 actions. ### Deferred (still in vision #652) Restart/stop/start; request initiation; full SSO; multi-provider admin; AI insights; notifications channels. ### Linked implementation issues | Issue | Title | Status | |-------|--------|--------| | #632 | Architecture and information architecture | open | | #633 | Authorization, RBAC, secret redaction, audit model | open | | #634 | Read-only system-health API | open | | #635 | Project registry API evolution | open | | #636 | Session/lease/lock/worktree inventory API | open | | #637 | Workflow-event and conversation timeline model | open | | #638 | Application shell evolution | open | | #639 | System-health dashboard | open | | #640 | Workflow traffic-control view | open | | #641 | Runtime and session view | open | ### Current status **Active / recommended next work:** #632 then #633, then APIs (#634–#637), then shell/views (#638–#641). Claim one issue lease at a time. --- ## Phase 2 — Controlled operational actions ### Goals Gated, audited operational controls after Phase 1 auth model. ### Included capabilities Sanctioned restart/stop/start/graceful reload; request creation/intent preview/authorization/workflow initiation; pause/cancel/reprioritize (as designed); stale-runtime recovery; worktree rebind; reconciliation controls; quarantine/cleanup previews. ### Dependencies #633 auth/audit; #634 health; #636 inventory; #642–#644; #630 contamination rules. ### Exit criteria All Phase 2 actions gated + confirmed + audited; post-action revalidation; no pkill recovery path. ### Risks Unsafe process control; lease steal; contaminated clean claims. ### Deferred Full dual-control policy editing; SSO step-up; multi-channel notifications. ### Linked implementation issues | Issue | Title | Status | |-------|--------|--------| | #642 | Sanctioned restart and graceful reload | open | | #643 | Requests, intent preview, authorization, initiation | open | | #644 | Stale-runtime recovery, worktree rebind, reconciliation | open | ### Current status Blocked on Phase 1 auth/health/inventory readiness (soft). --- ## Phase 3 — Workflow orchestration ### Goals Console participates in orchestration visibility and controlled request flow with Gitea linkage and attention routing. ### Included capabilities Gitea (and later GitHub) issue/PR linkage; queue/traffic integration with allocator; dependency-aware states; human-attention routing; notification routing (console inbox first). ### Dependencies Phase 1 traffic/timeline; Phase 2 requests; #628/#626 handoffs; #605 menu complement. ### Exit criteria Operators can see ready/active/blocked/waiting/review/controller/reconciliation/complete/stale/abandoned; attention inbox works without spam. ### Risks Duplicating allocator; treating console as forge of record. ### Linked implementation issues | Issue | Title | Status | |-------|--------|--------| | #645 | Gitea issue and PR linkage console | open | | #648 | Notifications and human-attention routing | open | | #640 | Traffic-control view (Phase 1 foundation for orchestration UI) | open | ### Current status Not started beyond linkage issues filed. --- ## Phase 4 — AI-assisted insights and optimization ### Goals Evidence-backed insights, provider status, cost/latency analytics — never uncited automation that bypasses gates. ### Included capabilities Sentry/GlitchTip console integration; AI-provider connection status; summaries/blocker explanations/duplicate detection/recurring-failure analysis/risk/workflow-health scoring/next-work recommendations with evidence+confidence labels; usage/cost/latency/success analytics; human-intervention metrics. ### Dependencies #637 timeline; #633 redaction; #606/#607/#612 bridges; #649–#651. ### Exit criteria Insights require evidence refs; missing metrics labeled unknown; no auto-merge/close from insights. ### Linked implementation issues | Issue | Title | Status | |-------|--------|--------| | #649 | Sentry/GlitchTip connections, correlation, durable issues | open | | #650 | AI-provider connections and evidence-backed insights | open | | #651 | Model usage, cost, latency, workflow-performance analytics | open | ### Current status Not started. --- ## Phase 5 — Governance, policy, security, and long-term platform maturity ### Goals Hardening for multi-operator production use: SSO, advanced RBAC, policy lifecycle, audit immutability, maintenance mode, emergency fail-closed, platform extensions. ### Included capabilities SSO; project permissions; auditor roles; step-up auth; encryption posture; rate limiting; CSRF; privileged-action dual control; versioned policy edit/validate/simulate/approve/rollback (#646/#647); immutable audit; maintenance mode; emergency fail-closed; HA/read-replica topology; feature flags; WCAG track; localization; air-gapped mode; plugin adapters — as prioritized from #652 §O. ### Dependencies Phase 1 auth model; Phase 2 gated actions; #646/#647. ### Exit criteria Documented security baseline met; policy changes audited; emergency controls tested; vision items either shipped or still listed preserved/rejected on #652. ### Risks Over-building enterprise surface before core ops value; secret mismanagement. ### Linked implementation issues | Issue | Title | Status | |-------|--------|--------| | #646 | Policy and guardrail configuration visibility | open | | #647 | Versioned policy editing, validation, simulation, approval, rollback | open | | #633 | Auth/RBAC/redaction/audit model (foundation for Phase 5) | open | ### Current status Partial issues filed; many maturity items only in preserved list. --- ## Preserved but not yet scheduled Valid product ideas from #652 **without a dedicated implementation issue yet**. Remain visible until converted or controller-rejected on #652. ### System / process control * Explicit stop/start (beyond reload) UI with per-namespace targeting * Maintenance mode banner and write-freeze * Emergency fail-closed switch (global mutation deny) * Degraded-state explanation engine (structured why-not-ready narratives) ### Projects / forges * Full guided onboarding wizard (discovery → manifest → labels → branch protection → test commands → roles → readiness score) * GitHub connection admin (parity with Gitea) * Multi-project readiness scoring dashboard * Branch protection verification UI ### Connections / credentials * Credential rotation workflows with expiration warnings * Scope and least-privilege matrix per connection * Connection validation job history * Ollama / local OpenAI-compatible endpoint management UI * Gemini / xAI / Anthropic / OpenAI admin panels (beyond status) ### Requests / orchestration * Pause / cancel / reprioritize request controls (if not fully in #643) * Autonomous next-action recommendations UI (allocator-backed) * Abandoned / stale work sweeper UI * Dependency graph visualization (not prose-only) * Concurrent lane map (“city traffic” visual) ### Sessions / recovery * Lease adoption wizard * Lock clearing with dual-control * Worktree quarantine workflow * Session contamination dashboard (pkill markers, #630) ### Conversations / search / export * Full internal conversation browser UI * Global search across conversations, issues, PRs, sessions, events, projects * Transcript export with redaction profiles * Retention policy UI ### AI insights (beyond #650) * Duplicate detection productization * Recurring-failure clustering UI * Risk detection scoring * Workflow-health score product surface * Inference labeling standards enforcement UI ### Observability (beyond #649) * Error grouping UI * Regression detection * Deployment correlation views * Error-to-issue bulk workflows ### Notifications (beyond #648) * Email / Slack / webhook adapters * Digest schedules * Controller-only alert channels ### Security / platform maturity * SSO integration * Step-up authentication * Project-scoped permissions matrix UI * Auditor role experience * Rate limiting / CSRF operational dashboards * Immutable audit export * Encryption-at-rest posture reporting ### Analytics (beyond #651) * Human-intervention rate reporting * Workflow-efficiency scorecards * Cost budgets and alerts * Model performance comparison boards ### Future extension points (#652 §O) * Multi-tenant operator orgs * Provider adapter plugins * Mobile-responsive optimization * Inbound webhook event bus * Multi-agent traffic simulation * Automatic model-routing policies (controller-approved) * Read replicas / HA topology * Customer-facing portal decision (fork vs never) * Public/GraphQL API decision * Offline/air-gapped mode * WCAG certification track * Localization * Blue/green + feature flags --- ## Recommended next work 1. Author claims **#632** (architecture) with lease. 2. Then **#633** (auth/audit model). 3. Then **#634–#637** APIs in dependency order. 4. Then **#638–#641** views. 5. Controller updates this roadmap status as children complete; convert preserved items to issues only when scheduling. ## Non-goals * Implementing features on this roadmap issue. * Deleting vision items by omitting them from phases without #652 change log. * Recreating #632–#641. ## Canonical issue state ```text STATE: roadmap-active WHO_IS_NEXT: author NEXT_ACTION: Execute Phase 1 starting at #632; keep preserved list current NEXT_PROMPT: Author implements one Phase 1 child linked to #652 and this roadmap; PR; stop ```
Author
Owner

Canonical Issue State

STATE:
roadmap-active

WHO_IS_NEXT:
author

NEXT_ACTION:
Execute Phase 1 starting with #632 architecture, then #633 auth/audit, then APIs #634–#637, then views #638–#641; update this roadmap as children complete

NEXT_PROMPT:

You are the AUTHOR for Scaled-Tech-Consulting/Gitea-Tools on prgs.
Vision: #652 (scope authority). Roadmap: #653 (this issue). Umbrella: #631.
Claim exactly one Phase 1 issue with gitea_lock_issue. Preferred order: #632 → #633 → #634 → #635 → #636 → #637 → #638 → #639 → #640 → #641.
Extend webui/ MVP (#425–#436); do not recreate. Link PRs to vision #652 and roadmap #653. Stop after PR; no self-review/merge.
Preserved ideas stay on #653 until scheduled as new issues.

WHAT_HAPPENED:
Roadmap #653 filed with Phases 1–5, linked issues, and Preserved but not yet scheduled catalog. Phase 1 batch is existing #632–#641 (not recreated).

WHY:
Sequence delivery without deleting vision (#652).

RELATED_ISSUES:
#652 vision; #631 umbrella; #632–#651 children; #425–#436 foundation

RELATED_PRS:
none

BLOCKERS:
none

VALIDATION:
Phase 1 issues pre-exist; roadmap adds Phase 5 + preserved catalog

LAST_UPDATED_BY:
jcwalker3 / prgs-author / author / 2026-07-10

## Canonical Issue State STATE: roadmap-active WHO_IS_NEXT: author NEXT_ACTION: Execute Phase 1 starting with #632 architecture, then #633 auth/audit, then APIs #634–#637, then views #638–#641; update this roadmap as children complete NEXT_PROMPT: ```text You are the AUTHOR for Scaled-Tech-Consulting/Gitea-Tools on prgs. Vision: #652 (scope authority). Roadmap: #653 (this issue). Umbrella: #631. Claim exactly one Phase 1 issue with gitea_lock_issue. Preferred order: #632 → #633 → #634 → #635 → #636 → #637 → #638 → #639 → #640 → #641. Extend webui/ MVP (#425–#436); do not recreate. Link PRs to vision #652 and roadmap #653. Stop after PR; no self-review/merge. Preserved ideas stay on #653 until scheduled as new issues. ``` WHAT_HAPPENED: Roadmap #653 filed with Phases 1–5, linked issues, and Preserved but not yet scheduled catalog. Phase 1 batch is existing #632–#641 (not recreated). WHY: Sequence delivery without deleting vision (#652). RELATED_ISSUES: #652 vision; #631 umbrella; #632–#651 children; #425–#436 foundation RELATED_PRS: none BLOCKERS: none VALIDATION: Phase 1 issues pre-exist; roadmap adds Phase 5 + preserved catalog LAST_UPDATED_BY: jcwalker3 / prgs-author / author / 2026-07-10
Author
Owner

Canonical Issue State

STATE:
roadmap-active

WHO_IS_NEXT:
author

NEXT_ACTION:
Track restart governance #655–#669 under platform safety / Phase 2–5; preferred implementation start #656 then #657; keep #668 in preserved-or-Phase-5 even if deferred

NEXT_PROMPT:

AUTHOR or CONTROLLER for Gitea-Tools prgs: Roadmap #653 now includes restart governance umbrella #655 (children #656–#669).
Phase 1 web console (#632–#641) remains first UI batch.
Restart substrate should advance in parallel as guardrail work starting at #656 policy and #657 path inventory.
Vision authority remains #652. Do not drop HA design #668 from the roadmap.

WHAT_HAPPENED:
Linked #655–#669 into roadmap #653 sequencing notes.

WHY:
Restart safety is sequencing-critical dogfooding work alongside console phases.

RELATED_ISSUES:
#655–#669 #652 #630 #642

RELATED_PRS:
none

BLOCKERS:
none

VALIDATION:
no implementation this session

LAST_UPDATED_BY:
jcwalker3 / prgs-author / author / 2026-07-10

## Canonical Issue State STATE: roadmap-active WHO_IS_NEXT: author NEXT_ACTION: Track restart governance #655–#669 under platform safety / Phase 2–5; preferred implementation start #656 then #657; keep #668 in preserved-or-Phase-5 even if deferred NEXT_PROMPT: ```text AUTHOR or CONTROLLER for Gitea-Tools prgs: Roadmap #653 now includes restart governance umbrella #655 (children #656–#669). Phase 1 web console (#632–#641) remains first UI batch. Restart substrate should advance in parallel as guardrail work starting at #656 policy and #657 path inventory. Vision authority remains #652. Do not drop HA design #668 from the roadmap. ``` WHAT_HAPPENED: Linked #655–#669 into roadmap #653 sequencing notes. WHY: Restart safety is sequencing-critical dogfooding work alongside console phases. RELATED_ISSUES: #655–#669 #652 #630 #642 RELATED_PRS: none BLOCKERS: none VALIDATION: no implementation this session LAST_UPDATED_BY: jcwalker3 / prgs-author / author / 2026-07-10
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Scaled-Tech-Consulting/Gitea-Tools#653