Home | Getting Started | CLI Reference | Architecture | Roadmap | Contributing
Roadmap
Planned evolution of custos from first release through platform maturity.
Principles
- Ship
testfirst. A single command that works reliably is worth more than five commands that don’t. - Offline is the differentiator. The ability to test policies without touching Vault is what makes custos unique.
- CI is the growth engine. Adoption happens when someone drops custos into a pipeline and it catches a bad policy on a PR.
- Match Vault’s behavior exactly. If custos says “allow” and Vault says “deny,” trust is gone.
v0.1.0: “It works offline” — Released
The credibility release. One command, one promise: you can test Vault policies without touching Vault.
- Project scaffolding and CI/CD setup
- HCL policy parser with full field support
- YAML test spec loader and validator
- Offline policy evaluation engine
custos testcommand with terminal reporter- Comprehensive evaluation engine tests
- Version command with
--jsonflag - Build and release infrastructure (GoReleaser, Docker, install script, Homebrew)
v0.2.0: “It fits in CI” — Planned
Once the core works, the next unlock is CI/CD integration.
- JUnit XML reporter (
--format junit) - JSON reporter (
--format json) - Proper exit codes (
--fail-on-warn) custos validatecommandcustos init --from policy.hcl- Verbose mode (
-v) improvements
v0.3.0 to v0.5.0: “It’s the platform” — Planned
v0.3.0 — Online mode and security scanning
- Online mode (
--vault-addr,--vault-token) custos scancommand- Severity filtering (
--severity)
v0.4.0 — Deep analysis
- Overprivilege detection
- Policy conflict detection
- Path coverage reporting
v0.5.0 — Enterprise
- Namespace-aware evaluation
- Sentinel policy integration
- Timeout and retry configuration
Version history
| Version | Status | Theme |
|---|---|---|
| v0.1.0 | Released | Offline policy testing |
| v0.2.0 | Planned | CI/CD integration |
| v0.3.0 | Planned | Online mode and scanning |
| v0.4.0 | Planned | Deep analysis |
| v0.5.0 | Planned | Enterprise features |