Roadmap¶

This page tracks the implementation status of all platform features and capabilities. Statuses are updated as features are delivered.

Status	Meaning
Complete	Fully implemented and available
In Progress	Currently under active development
Planned	Committed to the roadmap, not yet started
TBD	Not yet scheduled

SaaS Platform¶

Feature	Status
Certificate approval workflows	In Progress

Certificate Discovery¶

Feature	Status
CT log scanning — alert on unexpected issuance	TBD

External CA Integration¶

Feature	Status
Microsoft Active Directory Certificate Services (ADCS)	In Progress
DigiCert	Complete
Sectigo	TBD
GlobalSign	TBD

Bridges¶

Feature	Status
Bridge — Docker container deployment	TBD
Bridge — self-updating binary	TBD
Bridge — certificate deployment to target systems - Windows	TBD
Bridge — relay for Courier connections	TBD

Couriers¶

Feature	Status
Courier — Windows binary	TBD
Courier — connect via Bridge	TBD
Courier auth — SPIFFE/SPIRE (JWT and X.509)	TBD

Target Systems¶

Feature	Status
Microsoft IIS — Windows Remote Management	TBD
Microsoft Windows — Windows Remote Management	TBD

Virtual HSM (vHSM)¶

The vHSM is implemented as a dedicated Rust binary module within the back control plane, providing fine-grained control over cryptographic memory operations.

Feature	Status
vHSM — Rust binary module for back control plane	TBD
vHSM — key pair generation (RSA, EC)	TBD
vHSM — key storage	TBD
vHSM — digital signature operations	TBD
vHSM — key zeroization (explicit memory clearing)	TBD
vHSM — approved random bit generation (DRBG)	TBD
vHSM — symmetric key operations (AES)	TBD
vHSM — power-up self-tests (known answer tests)	TBD
vHSM — conditional self-tests (runtime health checks)	TBD
vHSM — software integrity verification at startup	TBD
vHSM — FIPS 140-3 Level 1 compliance	TBD
Third-party HSM integration — Microsoft Azure	TBD
Third-party HSM integration — Amazon Web Services	TBD
Third-party HSM integration — physical HSM	TBD