bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(tracker): improve roadmap v2 — gaps/bugs addressed

Browse Source 
Review pass additions:
- Add permissions matrix (public/auth-user/PM/agent per action)
- Add improvement + chore item types (B-017)
- Add custom status workflows
- Add real-time updates section (SSE/WebSocket) — new B-011
- Add global search (Ctrl+K) — new B-018
- Add notification preferences + in-app notification centre
- Add optimistic UI callout
- Add API versioning strategy (/v1/, Deprecation/Sunset headers)
- Add cursor pagination + since-timestamp to agent GET example
- Add ciStatus field to PR link payload
- Add `metadata` map documented explicitly for agent KV data
- Add data retention/archival to Phase 5
- Add import wizard (Jira/Linear/GitHub CSV) to Phase 4
- Add upvote cap (server-side, fixes B-004 properly) to Phase 4
- Fix all tracker URLs to https://tracker.bytelyst.com
- Add phase dependency annotations (🔗) on features with prerequisites
- Expand bug table: add B-011..B-018, add Phase column
- Tighten agent API examples: show response shape, cursor, X-Product-Id header

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
root 2026-05-25 10:51:55 +00:00
parent 0f2956884c
commit a6cd7fe965
1 changed files with 386 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

610
dashboards/tracker-web/ROADMAP.md
View File

@ -1,28 +1,49 @@
# Tracker Dashboard — Product Roadmap
> **Living document.** Coding agents, developers, PMs, and public contributors can submit items
> via the [public roadmap](/roadmap) or the [Agent API](#-agent--automation-api).
> Last updated: 2026-05-25.
> via the [public roadmap](https://tracker.bytelyst.com/roadmap) or the [Agent API](#-agent--automation-api).
> Deployed at **https://tracker.bytelyst.com** · Last updated: 2026-05-25.
---
## Legend
| Symbol | Meaning |
| ------ | ----------------------- |
| ✅ | Shipped / complete |
| 🔄 | In progress |
| 🔲 | Planned — not started |
| 🤖 | Agent-targeted feature |
| 🌐 | Public-facing feature |
| 🏢 | Internal / team feature |
| ⚠️ | Known bug / gap |
| Symbol | Meaning |
| ------ | ----------------------------- |
| ✅ | Shipped / complete |
| 🔄 | In progress |
| 🔲 | Planned — not started |
| 🤖 | Agent-targeted feature |
| 🌐 | Public-facing feature |
| 🏢 | Internal / team feature |
| ⚠️ | Known bug / gap |
| 🔗 | Depends on another phase item |
---
## Permissions Matrix
| Action | Public (no login) | Auth User | PM / Admin | Agent (API key) |
| -------------------- | :---------------: | :-------: | :--------: | :-------------: |
| View public roadmap | ✅ | ✅ | ✅ | ✅ |
| Submit public idea | ✅ | ✅ | ✅ | ✅ |
| Vote on public item | ✅ | ✅ | ✅ | ✅ |
| View internal items | ❌ | ✅ | ✅ | ✅ (scoped) |
| Create internal item | ❌ | ✅ | ✅ | ✅ (write key) |
| Edit any item | ❌ | own only | ✅ | ✅ (write key) |
| Delete item | ❌ | ❌ | ✅ | ❌ |
| Change status | ❌ | ✅ | ✅ | ✅ (write key) |
| Claim item | ❌ | ❌ | ❌ | ✅ (write key) |
| Link PR to item | ❌ | ✅ | ✅ | ✅ (write key) |
| Manage API keys | ❌ | ❌ | ✅ | ❌ |
| Configure webhooks | ❌ | ❌ | ✅ | ❌ |
| Access analytics | ❌ | ❌ | ✅ | 🔲 (read key) |
---
## Phase 0 — Foundation (Current State) ✅
Everything checked here is already shipped and running.
Everything checked here is already shipped and running at **https://tracker.bytelyst.com**.
### Core Item Management ✅
@ -66,7 +87,7 @@ Everything checked here is already shipped and running.
### Infrastructure ✅
- [x] Dockerised (standalone Next.js build)
- [x] Caddy reverse proxy with HTTPS
- [x] Caddy reverse proxy with HTTPS (`tracker.bytelyst.com`)
- [x] PostHog analytics integration
- [x] Vitest unit tests
- [x] Playwright E2E scaffolding
@ -81,157 +102,219 @@ Everything checked here is already shipped and running.
### 1.1 — Infrastructure Health ⚠️
- [ ] **Fix platform-service health check** — currently reporting `unhealthy`; diagnose valkey (Redis) → platform-service dependency chain
- [ ] **Fix valkey container health** — Redis-compatible cache is unhealthy; all session/queue-dependent services degrade
- [ ] **Fix tracker-web health endpoint** — `/health` should verify DB + platform-service connectivity, not just return 200
- [ ] **Add swap space on VM** — currently 0 B swap; 8 GB minimum to survive build spikes
- [ ] **Kill/limit concurrent CI builds** — Gitea runners spinning up `next build` + `tsc` simultaneously saturate 4-core VM
- [ ] **Add container restart policies** — ensure `restart: unless-stopped` on all services
- [ ] **Fix valkey (Redis) container health** — currently `unhealthy`; root cause of most downstream container failures; all session/queue-dependent services degrade
- [ ] **Fix platform-service health check** — reports `unhealthy` due to valkey connectivity; fix after valkey is stable
- [ ] **Fix tracker-web `/health` route** — must actively probe DB + platform-service reachability, not just return HTTP 200
- [ ] **Add 8 GB swap space on VM** — currently 0 B swap; build spikes cause OOM-kills of running services
- [ ] **Limit concurrent Gitea CI runner jobs** — cap to 12 simultaneous `next build` + `tsc` jobs; 4-core VM cannot survive 4+ parallel builds
- [ ] **Ensure `restart: unless-stopped`** on all docker-compose services — several containers don't auto-recover after VM reboot
### 1.2 — Rate Limiting & Spam Protection 🌐
- [ ] **Rate-limit public `/roadmap/submit`** — no throttling today; bots can flood it
- [ ] **Add hCaptcha / Turnstile to public submission form** — prevent bot submissions
- [ ] **Rate-limit public vote endpoint** — deduplicate votes server-side (not just localStorage)
- [ ] **Validate and sanitize all public inputs** — server-side XSS/injection guards
- [ ] **Rate-limit `POST /public/submit`** — no throttling today; minimum 10 req/min per IP
- [ ] **Add Cloudflare Turnstile (or hCaptcha) to public submission form** — bot-proof without user friction
- [ ] **Server-side vote deduplication per email** — current dedup is localStorage-only and trivially bypassed
- [ ] **Validate and sanitise all public inputs server-side** — XSS / injection guard on title, description, name, email
### 1.3 — Test Coverage
- [ ] **Vitest unit tests ≥ 80% on `src/lib/`** — tracker-client, auth-context, utils
- [ ] **Playwright E2E: login → create item → close item** happy path
- [ ] **Vitest unit tests ≥ 80 % on `src/lib/`** — `tracker-client.ts`, `auth-context.tsx`, `utils.ts`
- [ ] **Playwright E2E: login → create item → transition to done** happy path
- [ ] **Playwright E2E: public roadmap submit + vote** flow
- [ ] **Playwright E2E: Kanban status drag (when drag implemented)**
- [ ] **API contract tests**ensure proxy routes match platform-service schema
- [ ] **Playwright E2E: Kanban status transitions** (update after drag-and-drop ships in Phase 2)
- [ ] **API contract tests**verify proxy routes match platform-service OpenAPI schema
### 1.4 — Error Handling & Observability
- [ ] **Global error boundary with user-friendly fallback UI** — no raw stack traces to users
- [ ] **Structured server-side logging** — use `@bytelyst/logger` on all API routes
- [ ] **Loki log aggregation** — forward Next.js server logs to Loki (already deployed)
- [ ] **Prometheus metrics on tracker-web** — request count, latency, error rate
- [ ] **Alerting** — alert on health-check failures, error rate spikes (Grafana → webhook)
- [ ] **Sentry (or equivalent) for client-side errors** — catch unhandled React errors
- [ ] **Global React error boundary with friendly fallback** — no raw stack traces leaked to users
- [ ] **Structured server-side logging** via `@bytelyst/logger` on all Next.js API routes
- [ ] **Loki log aggregation** — forward Next.js server logs into the already-deployed Loki instance
- [ ] **Prometheus metrics** — expose `/metrics`; scrape request count, latency p50/p95, error rate
- [ ] **Grafana alert** on health-check failure and error rate > 1 %
- [ ] **Sentry (or `@bytelyst/diagnostics-client`)** for client-side unhandled React errors
### 1.5 — Security
- [ ] **Security headers audit** — CSP, HSTS, X-Frame-Options, Referrer-Policy on all routes
- [ ] **CSRF protection on all mutating API routes**
- [ ] **API key rotation mechanism** — for agent API keys (see Phase 3)
- [ ] **Audit log** — record who changed what on every item mutation
- [ ] **PII scrubbing in logs** — emails, names must not appear in raw log lines
- [ ] **Security headers audit** — CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy
- [ ] **CSRF tokens on all mutating API routes**
- [ ] **API key rotation mechanism**prerequisite for Phase 3 agent keys
- [ ] **Audit log on every item mutation** — `{ actor, action, field, before, after, timestamp }` written to append-only log
- [ ] **PII scrubbing in logs** — emails and names must not appear in plaintext log lines
---
## Phase 2 — Rich Item Details (Linear / Jira parity) 🔲
> **Goal:** Items rich enough for developers and PMs to fully spec work without leaving the tool.
> **Goal:** Items rich enough for developers, PMs, and agents to fully spec, reproduce, and track
> work without leaving the tool.
> **Target:** Sprint ending 2026-07-12
### 2.1 — Rich Text & Markdown
### 2.1 — Expanded Item Types & Statuses
- [ ] **Markdown description editor** — live preview, syntax highlighting, toolbar
- [ ] **Acceptance criteria block** — structured checklist inside item; each criterion is checkable
- [ ] **New item types:** `improvement` (enhances existing feature) · `chore` (infra / maintenance / dependency bumps)
- [ ] **Custom status workflows** — products can define extra statuses beyond the default five (e.g., `needs_review`, `blocked`, `in_qa`)
- [ ] **`wont_fix` reason field** — free-text explanation required when closing as `wont_fix`
- [ ] **Reopen flow** — explicit "Reopen" action with mandatory comment; audit-logged
### 2.2 — Rich Text & Markdown
- [ ] **Markdown description editor** — live side-by-side preview, toolbar, keyboard shortcuts (bold, italic, code, link)
- [ ] **Acceptance criteria checklist** — structured `- [ ]` items inside description; individually checkable by any team member or agent
```markdown
## Acceptance Criteria
- [ ] User can submit form without login
- [ ] Email confirmation sent within 60 s
- [ ] Duplicate-email server-side check prevents double vote
- [ ] Rate limit returns 429 with `Retry-After` header
```
Acceptance Criteria
☐ User can submit form without login
☐ Email confirmation sent within 60s
☐ Duplicate email check prevents double-vote
```
- [ ] **Steps to reproduce block** (bug type only) — numbered list with copy-as-markdown button
- [ ] **Expected vs Actual behaviour fields** (bug type only)
- [ ] **Code block support in descriptions and comments** — syntax-highlighted fenced blocks
- [ ] **Mention support `@username`** in comments → notify mentioned user
- [ ] **Steps to reproduce** (bug type only) — numbered list; "Copy as markdown" button
- [ ] **Expected vs Actual behaviour fields** (bug type only) — separate text areas shown side-by-side
- [ ] **Code blocks in descriptions and comments** — syntax-highlighted fenced blocks (Shiki)
- [ ] **`@username` mention in comments** → in-app + email notification to mentioned user
- [ ] **`source: auto_detected` UI badge** — distinct chip on items filed by CI/agents (fixes B-014)
### 2.2 — Attachments & Media
### 2.3 — Attachments & Media
- [ ] **File upload to items** — screenshots, logs, designs (max 25 MB; stored in blob service)
- [ ] **Image paste from clipboard** — paste screenshot directly into description editor
- [ ] **Video embed support** — paste Loom / YouTube URL → embed player inline
- [ ] **Attachment list on item detail**show all files with download + delete
- [ ] **File uploads** — screenshots, logs, designs up to 25 MB; stored via `@bytelyst/blob` service
- [ ] **Clipboard paste into description** — paste screenshot → auto-upload → embed as `![image](url)`
- [ ] **Video embed** — paste Loom / YouTube URL → inline player in description
- [ ] **Attachment list on item detail**filename, size, uploader, uploaded-at, download, delete
### 2.3 — Relationships & Linking
### 2.4 — Relationships & Linking
- [ ] **Linked items**`blocks` / `is blocked by` / `relates to` / `duplicate of`
- [ ] **Sub-tasks** — child items under a parent; progress roll-up on parent
- [ ] **Milestones**group items under a named release milestone with a target date
- [ ] **PR / Commit links** — attach GitHub/Gitea PR URL; show PR title + status badge live
- [ ] **Branch name suggestion** — auto-suggest `feat/tracker-{id}-{slug}` on item detail
- [ ] **External issue links** — link to GitHub issues, Jira, Linear, Notion pages
- [ ] **Linked items**`blocks` / `is blocked by` / `relates to` / `duplicate of` with bidirectional display on both items
- [ ] **Sub-tasks** — child items nested under parent; parent shows `3/5 done` progress chip
- [ ] **Milestones**named groupings with a target date; items can be assigned to one milestone
- [ ] **PR / commit links** — attach GitHub or Gitea PR URL; show live PR title + open/merged/closed badge _(prerequisite for Phase 3 webhook auto-linking)_
- [ ] **Branch name chip** — auto-suggest `feat/tracker-{id}-{slug}` with one-click copy
- [ ] **External links** — arbitrary URL + label pairs (Notion doc, Figma frame, Confluence page, CI run)
### 2.4 — Metadata & Fields
### 2.5 — Metadata & Custom Fields
- [ ] **Effort estimate**story points (Fibonacci) or T-shirt sizes (XS/S/M/L/XL)
- [ ] **Time tracking** — log hours against an item; total vs estimate
- [ ] **Due date / SLA** — date picker; highlight overdue items in red
- [ ] **Effort estimate**Fibonacci story points (1 2 3 5 8 13 21) or T-shirt sizes (XS S M L XL); picker on item detail
- [ ] **Time tracking** — log hours per session; show logged vs estimate; per-sprint burndown
- [ ] **Due date** — date picker; overdue items highlighted red in list and Kanban
- [ ] **Environment**`production` · `staging` · `dev` · `all`
- [ ] **Affected version** — free-text; links to release notes
- [ ] **Fixed in version** — auto-populated when item closes and a release is cut
- [ ] **Stakeholders / Watchers** — subscribe to item updates without being assignee
- [ ] **Custom fields** — per-product key-value pairs (product teams define their own)
- [ ] **Colour-coded labels** — labels get hex colour; shown as chips
- [ ] **Affected version** — free-text; displayed as chip; links to changelog
- [ ] **Fixed in version** — auto-populated when item closes within a milestone
- [ ] **Watchers / stakeholders** — subscribe to all item updates without being the assignee
- [ ] **Custom fields** — per-product admin defines field name + type (text, number, date, single-select); stored in `metadata` map
- [ ] **Colour-coded labels** — each label gets a hex colour; rendered as chips in list, Kanban card, and detail views
- [ ] **`metadata` map for agent data** — agents write arbitrary KV pairs (`{ testRunId, commitSha, ciJobUrl }`) without polluting core fields
### 2.5 — Activity & History
### 2.6 — Activity, History & Notifications
- [ ] **Full activity log on every item** — every field change recorded with actor + timestamp
- [ ] **Full activity log per item** — every field change, status transition, comment, attachment, PR link recorded with actor + timestamp
```
09:14 saravana → changed status: open → in_progress
09:22 codex-agent → linked PR #142
10:05 saravana → changed priority: medium → high
09:14 saravana status: open → in_progress
09:22 codex-agent linked PR #142 (open)
09:45 codex-agent checklist: "Email confirmation sent within 60 s" ✅
10:05 saravana priority: medium → high
10:31 codex-agent PR #142 status: open → merged
10:31 codex-agent status: in_progress → done (reason: PR #142 merged)
```
- [ ] **Comment reactions** — emoji reactions on comments (👍 ✅ 🔥 etc.)
- [ ] **Comment edit + delete** — authors can edit/delete their own comments
- [ ] **@mention notifications** — in-app + email when mentioned in comment
- [ ] **Item history diff view** — show before/after for description edits
- [ ] **Comment reactions** — emoji reactions (👍 ✅ 🔥 💡 ❓) on any comment
- [ ] **Comment edit + delete** — authors can edit within 15 min; admins can delete any comment
- [ ] **Item history diff view** — expandable before/after diff for description edits
- [ ] **Notification preferences** — per user, per item: all activity · mentions only · status changes · none
- [ ] **In-app notification centre** — bell icon with unread count; mark-all-read action
### 2.6 — Views & Filters
### 2.7 — Real-Time Updates
- [ ] **Kanban drag-and-drop** — drag cards between status columns (replace button-only transitions)
- [ ] **Saved filter views** — name and save a filter set; pin to sidebar
- [ ] **Bulk actions** — select multiple items → bulk status change / assign / label / delete
- [ ] **Group by** — group list view by assignee, label, milestone, priority
- [ ] **Timeline / Gantt view** — items with due dates shown on a calendar timeline
- [ ] **My items view** — quick filter: assigned to me / reported by me / watching
- [ ] **Export** — CSV and JSON export of filtered item lists
- [ ] **Server-Sent Events (SSE) on item detail** — status, comments, and activity log refresh live without polling
- [ ] **Kanban board live updates** — card moves and new cards appear in real-time for all active viewers
- [ ] **Optimistic UI** — status/priority changes apply instantly client-side; roll back on server error with toast
### 2.8 — Views, Filters & Search
- [ ] **Kanban drag-and-drop** — drag cards between status columns; persist to server immediately (fixes B-003)
- [ ] **Saved filter views** — name, save, and pin a filter combination to the sidebar
- [ ] **Bulk actions** — checkbox-select multiple items → bulk status change / assign / label / milestone / delete
- [ ] **Group by** — group list view by assignee · label · milestone · priority · type
- [ ] **Timeline / Gantt view** — items with due dates on a horizontal calendar; milestones as vertical markers
- [ ] **My items view** — quick filter tabs: assigned to me · reported by me · watching · mentioned in
- [ ] **Global search** — Ctrl+K full-text search across title + description for all products (admin); per-product search for members
- [ ] **Export** — CSV and JSON download of any filtered view; includes all metadata and custom fields
---
## Phase 3 — Agent & Automation API 🤖
> **Goal:** First-class API for coding agents (Claude Code, Codex, Copilot, custom agents) to
> consume, update, and create tracker items programmatically — closing the loop between
> AI-assisted development and project management.
> **Goal:** First-class REST API for coding agents (Claude Code, Codex, Copilot Workspace, custom
> agents) to consume, update, and create tracker items — closing the loop between AI-assisted
> development and project management.
> **Target:** Sprint ending 2026-07-26
> **Dependency:** Phase 2 acceptance-criteria checklist and PR link fields must ship first.
### 3.1 — Agent Authentication
- [ ] **API key management UI** — generate / revoke / rotate API keys per agent identity
- [ ] **Agent identity model** — each key has a `name`, `role` (`agent` / `ci` / `webhook`), `productId` scope, and optional IP allowlist
- [ ] **Scoped permissions** — read-only keys, write keys, admin keys
- [ ] **Key usage log** — last-used timestamp, request count per key
- [ ] **Rate limiting per API key** — configurable RPM per key
- [ ] **API key management UI** (admin) — generate, revoke, rotate keys; set name + role + product scope + optional IP allowlist
- [ ] **Agent roles:** `agent-read` · `agent-write` · `ci` · `webhook` — minimum necessary permissions per role (see Permissions Matrix)
- [ ] **Key usage log** — last-used timestamp, request count, error count per key
- [ ] **Rate limits per key** — configurable RPM; `429 Too Many Requests` with `Retry-After` header on breach
- [ ] **Key expiry** — optional expiry date; keys auto-revoked on expiry
- [ ] **API versioning** — all agent routes under `/api/agent/v1/`; breaking changes bump version; old versions supported 6 months with `Deprecation` + `Sunset` headers
### 3.2 — Agent Item Operations
- [ ] **`GET /api/agent/items`** — pull items assigned to agent, by label, by status; supports `since` timestamp for polling
All routes require `Authorization: Bearer <agent-key>` and `X-Product-Id: {productId}`.
**Pull & Claim**
- [ ] **`GET /api/agent/v1/items`** — list items with filters; cursor-based pagination; `since` for incremental sync
```http
GET /api/agent/items?status=open&label=agent-ready&assignee=codex-agent
Authorization: Bearer <agent-key>
```
- [ ] **`POST /api/agent/items`** — agents create items (bug reports from CI, auto-detected regressions)
```json
GET /api/agent/v1/items?status=open&label=agent-ready&limit=20&cursor=<opaque>&since=2026-05-20T00:00:00Z
Authorization: Bearer <TRACKER_AGENT_KEY>
X-Product-Id: chronomind
# 200 Response
{
"type": "bug",
"title": "TypeError in UserCard on null avatar",
"description": "Reproduced in e2e run #4821. Stack trace: ...",
"source": "auto_detected",
"labels": ["ci-failure", "agent-reported"],
"metadata": { "testRun": "4821", "commitSha": "abc123" }
"items": [...],
"next_cursor": "eyJpZCI6IjEyMyJ9",
"has_more": true,
"total": 47
}
```
- [ ] **`PATCH /api/agent/items/:id/claim`** — agent claims an item (sets `assignee`, status → `in_progress`, records claim timestamp); prevents two agents racing on same item
- [ ] **`PATCH /api/agent/items/:id/status`** — update status with a reason and optional evidence
- [ ] **`POST /api/agent/items/:id/comments`** — post implementation notes, test results, error logs
- [ ] **`PATCH /api/agent/items/:id/pr`** — link a PR to an item
- [ ] **`PATCH /api/agent/v1/items/:id/claim`** — atomically assign to calling agent + transition to `in_progress`; returns `409 Conflict` if already claimed (prevents parallel agent races)
**Create & Update**
- [ ] **`POST /api/agent/v1/items`** — create item; `source` auto-set to `auto_detected`
````json
{
"type": "bug",
"title": "TypeError: Cannot read properties of null (reading 'avatar')",
"description": "Reproduced in E2E run #4821 on `main` at commit `abc123`.\n\n```\nTypeError at UserCard.tsx:42\n```",
"source": "auto_detected",
"priority": "high",
"labels": ["ci-failure", "agent-reported", "frontend"],
"metadata": {
"testRun": "4821",
"commitSha": "abc123def456",
"ciJobUrl": "https://gitea.bytelyst.com/org/repo/actions/runs/4821"
}
}
````
- [ ] **`PATCH /api/agent/v1/items/:id/status`** — update status with mandatory `reason` and optional `evidenceUrl`
```json
{
"status": "done",
"reason": "PR #142 merged",
"evidenceUrl": "https://github.com/org/repo/pull/142"
}
```
- [ ] **`PATCH /api/agent/v1/items/:id/checklist`** — check/uncheck acceptance-criteria items by text match 🔗 _(requires Phase 2)_
```json
{ "item": "Email confirmation sent within 60 s", "checked": true }
```
- [ ] **`POST /api/agent/v1/items/:id/comments`** — post implementation notes, test results, diffs, error logs
**PR Integration**
- [ ] **`PATCH /api/agent/v1/items/:id/pr`** — link or update a PR; callable multiple times as PR status evolves
```json
{
"prUrl": "https://github.com/org/repo/pull/142",
@ -239,89 +322,127 @@ Everything checked here is already shipped and running.
"prTitle": "fix: null-check avatar in UserCard",
"prStatus": "open",
"branch": "fix/tracker-789-null-avatar",
"commitSha": "abc123def456"
"commitSha": "abc123def456",
"ciStatus": "pending"
}
```
- [ ] **`POST /api/agent/items/:id/checklist`** — update acceptance-criteria checklist items (check/uncheck)
- [ ] **`GET /api/agent/items/:id/context`** — fetch full item context formatted for LLM prompt injection (title + description + acceptance criteria + comments + linked PRs as markdown)
`prStatus`: `open` · `merged` · `closed` · `draft`
`ciStatus`: `pending` · `success` · `failure` · `cancelled`
### 3.3 — Webhook Integration (Inbound)
**Context**
- [ ] **`GET /api/agent/v1/items/:id/context`** — full item as LLM-ready markdown: title, description, acceptance criteria, comments, linked PRs, activity log; ideal for agent system-prompt injection
```markdown
# Tracker #789: TypeError in UserCard on null avatar
**Status:** open **Priority:** high **Assignee:** unassigned
## Description
...
## Acceptance Criteria
- [ ] Null-check avatar before rendering
- [ ] Unit test covers null case
- [ ] No snapshot regression
## Recent Activity
2026-05-25 09:14 saravana: opened
```
### 3.3 — Inbound Webhooks
- [ ] **GitHub webhook receiver**`POST /api/webhooks/github`
- PR opened → link to item if branch matches `tracker-{id}` pattern; status → `in_progress`
- PR merged → status → `done`; post merge comment on item
- PR closed without merge → comment on item; status stays
- CI check failed → post failure summary as comment on linked item
- [ ] **Gitea webhook receiver**`POST /api/webhooks/gitea` (same events as GitHub)
- [ ] **Webhook signature verification** — HMAC-SHA256 on all inbound webhooks
- [ ] **Webhook delivery log** — show last 100 inbound webhook events per product; replayable
- PR opened → auto-link to item if branch matches `tracker-{id}` or `feat/tracker-{id}-*`; status → `in_progress`
- PR merged → status → `done`; post commit SHA + PR URL as comment
- PR closed without merge → post closure comment; status unchanged
- CI check failed → post failure summary + job URL as comment on linked item
- CI check passed → update `ciStatus` on linked PR
- [ ] **Gitea webhook receiver**`POST /api/webhooks/gitea` (identical event handling, targeting `localhost:3300`)
- [ ] **HMAC-SHA256 signature verification** — reject unsigned inbound webhooks
- [ ] **Webhook event log** — last 100 inbound events per product; each replayable via UI
### 3.4 — Webhook Integration (Outbound)
### 3.4 — Outbound Webhooks
- [ ] **Outbound webhook configuration UI** — register URLs to receive tracker events
- [ ] **Events fired:** `item.created` · `item.updated` · `item.status_changed` · `comment.added` · `pr.linked` · `item.closed`
- [ ] **Retry with exponential backoff** — retry failed deliveries up to 5× over 24 h
- [ ] **Delivery log** — show status of every outbound delivery (200 ✅ / 5xx ❌ / timeout)
- [ ] **Slack integration** — built-in Slack webhook sender; configurable per product
- [ ] **Outbound webhook configuration UI** — register target URLs per product; choose subscribed event types
- [ ] **Events emitted:** `item.created` · `item.updated` · `item.status_changed` · `comment.added` · `pr.linked` · `pr.status_changed` · `checklist.checked` · `item.closed`
- [ ] **Retry with exponential backoff**up to 5 retries over 24 h on non-2xx; final failure fires `webhook.delivery_failed` alert
- [ ] **Delivery log UI** — timestamp · target URL · event type · HTTP status · duration · response body snippet
- [ ] **Built-in Slack integration** — send formatted item cards to a Slack channel; configurable per product + per event type
### 3.5 — Agent SDK / CLI
### 3.5 — Agent SDK & Tooling
- [ ] **`@bytelyst/tracker-client` npm package** — typed Node.js client; auto-handles pagination cursor, retry, rate-limit backoff
- [ ] **`@bytelyst/tracker-client` npm package** — typed client for Node.js agents
```ts
import { TrackerClient } from '@bytelyst/tracker-client';
const tracker = new TrackerClient({ apiKey: process.env.TRACKER_KEY, productId: 'chronomind' });
const items = await tracker.items.list({ status: 'open', label: 'agent-ready' });
await tracker.items.claim(items[0].id);
const tracker = new TrackerClient({
apiKey: process.env.TRACKER_AGENT_KEY,
productId: 'chronomind',
});
for await (const item of tracker.items.stream({ status: 'open', label: 'agent-ready' })) {
await tracker.items.claim(item.id);
// ... implement fix ...
await tracker.items.linkPr(item.id, { prUrl, prNumber, prTitle, prStatus: 'open' });
}
```
- [ ] **Claude Code hook template** — ready-made `PostToolUse` hook that files a tracker item when tests fail
- [ ] **CI integration guide** — docs + example GitHub Actions step to post build failures as tracker bugs
- [ ] **Claude Code hook template** — ready-made `PostToolUse` hook that auto-files a tracker `bug` when tests fail; add to `.claude/settings.json`
- [ ] **CI integration guide** — GitHub Actions + Gitea Actions example steps to file bugs and update PR status
- [ ] **OpenAPI spec** — auto-generated; browsable at `/api-docs`
### 3.6 — AI-Assisted Triage
- [ ] **Auto-classify incoming submissions** — LLM call on new public submissions to suggest type + priority + labels
- [ ] **Duplicate detection** — embedding similarity check on new items vs existing open items; surface "possible duplicate of #42" banner
- [ ] **Auto-assign** — configurable rules: items with label `frontend` → assign to frontend agent; `ci-failure` → assign to CI agent
- [ ] **Sentiment analysis on public submissions** — flag angry/urgent submissions for faster triage
- [ ] **Auto-generate acceptance criteria** — for feature requests, LLM suggests a checklist based on description
- [ ] **Auto-classify new submissions** — LLM call on every new item suggests `type`, `priority`, `labels`; shown as "AI suggestions" (human confirms or dismisses; never auto-applied)
- [ ] **Duplicate detection** — embedding similarity vs open items; surface "Possible duplicate of #42" if cosine similarity > 0.85
- [ ] **Auto-assign rules** — configurable routing table: label `frontend``frontend-agent`; label `ci-failure``ci-agent`; editable by PM in settings
- [ ] **Sentiment analysis on public submissions** — flag angry/urgent submissions for fast-lane triage queue
- [ ] **Auto-generate acceptance criteria** 🔗 _(requires Phase 2 checklist)_ — LLM suggests starter `- [ ]` checklist for `feature` and `improvement` items; editable before saving
---
## Phase 4 — Multi-Source Intake 🌐🏢
> **Goal:** Every stakeholder — public users, company team, developers, and agents — has a
> **Goal:** Every stakeholder — public users, internal team, developers, and agents — has a
> frictionless native path to submit and track items.
> **Target:** Sprint ending 2026-08-09
### 4.1 — Public Submission Enhancements 🌐
- [ ] **Public user account (optional)** — create lightweight account to track your own submissions without full platform login
- [ ] **Submission status page**public URL `/submissions/{token}` shows status of your submitted idea without login
- [ ] **Email notifications to submitters** — "Your idea is now In Progress" / "shipped in v2.3"
- [ ] **Public changelog**`/changelog` page auto-generated from items closed with `public` visibility + release notes field
- [ ] **Upvote limit per email** — max N votes per product per email to prevent ballot stuffing
- [ ] **Optional public account** — lightweight sign-up (email only) to track your own submissions; no access to internal items
- [ ] **Submission status page**`/submissions/{token}` shows item status without login; token emailed on submit
- [ ] **Email notifications to submitters** — "Your idea moved to In Progress" / "Shipped in v2.3! Thanks for the report."
- [ ] **Public changelog**`/changelog` auto-generated from `done` + `visibility: public` items grouped by milestone
- [ ] **Vote cap** — max 5 votes per email per product; server-enforced (proper fix for B-004)
### 4.2 — Internal Team Intake 🏢
- [ ] **Quick-capture widget** — floating button on any internal bytelyst dashboard → pre-fills product + reporter; one-click submit
- [ ] **Browser extension**capture bugs from any web page with screenshot + URL auto-filled
- [ ] **Email-to-tracker** — send email to `tracker+{product}@bytelyst.com` → creates item; threading = comments
- [ ] **Slack `/tracker` slash command**submit item from Slack; subscribe to updates in channel
- [ ] **Microsoft Teams bot**same as Slack integration (for teams using Teams)
- [ ] **Quick-capture widget** — floating "Report issue" button embeddable in any internal dashboard via `<script>` tag; pre-fills `productId` and `reportedBy`
- [ ] **Browser extension**one-click bug capture from any web page; auto-fills URL, captures screenshot, lets user annotate before submitting
- [ ] **Email-to-tracker** — send to `tracker+{productId}@bytelyst.com` → creates item; reply threading = item comments
- [ ] **Slack `/tracker` slash command**`/tracker bug This crashes` → creates item and replies with link; `/tracker list` shows your open items
- [ ] **Microsoft Teams bot**equivalent to Slack bot for Teams-based teams
### 4.3 — Developer Intake 🏢
- [ ] **GitHub issue sync (bidirectional)** — link a GitHub repo; issues sync to tracker; tracker status updates push back as GitHub labels
- [ ] **Gitea issue sync** — same as GitHub, targeting the local Gitea instance
- [ ] **`tracker` CLI** — `npx @bytelyst/tracker create --type bug --title "..."` from terminal
- [ ] **VS Code extension** — view assigned items, update status, file bugs without leaving editor
- [ ] **Test failure → auto-item** — CI step that files a `bug` item on test failures with full test output attached
- [ ] **GitHub Issues bidirectional sync** — link a GitHub repo; new issues → tracker items; tracker status changes → GitHub labels and vice versa
- [ ] **Gitea Issues bidirectional sync** — same as GitHub, targeting `localhost:3300`
- [ ] **`npx @bytelyst/tracker` CLI** — `tracker create --type bug --title "..."`, `tracker list --status open`, `tracker show 789`
- [ ] **VS Code extension** — sidebar panel: view assigned items, change status, file bugs without leaving the editor
- [ ] **CI test-failure auto-item** — Vitest/Jest/Playwright reporter plugin that auto-files `bug` items on failure with full test output attached
- [ ] **Import wizard** — CSV import from Jira, Linear, or GitHub Issues with field-mapping UI; avoids cold-start problem when migrating
### 4.4 — PM / Stakeholder Views 🏢
### 4.4 — PM / Stakeholder Features 🏢
- [ ] **Roadmap presentation mode** — clean full-screen roadmap grouped by milestone; shareable link
- [ ] **Sprint planning board** — drag items into sprints; velocity charts
- [ ] **Release notes generator** — from `done` items in a milestone → draft release notes markdown
- [ ] **Weekly digest email** — per-product summary: items opened, closed, blocked; sent to watchers
- [ ] **Roadmap presentation mode** — clean full-screen view grouped by milestone; shareable read-only link (no login required)
- [ ] **Sprint planning board** — drag items into sprint buckets; velocity chart (items closed per sprint)
- [ ] **Release notes generator** — from `done` + `public` items in a milestone → draft release notes markdown; one-click copy
- [ ] **Weekly digest email** — per-product: N opened, N closed, N blocked, top-voted ideas; sent to all watchers every Monday
---
@ -331,23 +452,25 @@ Everything checked here is already shipped and running.
### 5.1 — Item Analytics
- [ ] **Cycle time tracking** — time from `open``in_progress``done` per item; p50/p95 dashboard
- [ ] **Throughput chart** — items closed per week/sprint over time
- [ ] **Bug burn-down** — open bug count over time; goal line for zero-bug releases
- [ ] **Feature request popularity** — vote leaderboard; trending this week vs all time
- [ ] **Agent productivity** — items closed by agent vs human; PR merge rate per agent
- [ ] **Cycle time tracking** — time in each status per item; p50/p95/p99 across all items and per-label
- [ ] **Throughput chart** — items closed per week/sprint over a rolling 12-week window
- [ ] **Bug burn-down** — open bug count over time; configurable target line for zero-bug releases
- [ ] **Feature request leaderboard** — ranked by vote count; trending (vote velocity this week vs all-time)
- [ ] **Agent productivity dashboard** — items claimed/closed/abandoned per agent; PR merge rate; average cycle time vs human baseline
### 5.2 — SLA & Alerting
- [ ] **SLA breach alerts**`critical` bugs open > 24 h → alert assignee + PM
- [ ] **Stale item detector** — items with no activity for N days → auto-ping assignee
- [ ] **Blocked item escalation** — items blocked > 3 days → escalate to team lead
- [ ] **SLA rules** — configurable per priority: `critical` > 4 h, `high` > 24 h, `medium` > 7 days before auto-alert
- [ ] **SLA breach alert** — notify assignee + PM via in-app, email, and outbound webhook
- [ ] **Stale item detector** — no activity for N days → auto-ping assignee; N configurable per product
- [ ] **Blocked item escalation** — item in `blocked` status > 3 days → escalate to team lead
### 5.3 — Reporting
- [ ] **CSV / PDF export of any view**
- [ ] **Scheduled email reports** — configure frequency + recipients per product
- [ ] **Embeddable status widget**`<iframe>` / JS snippet for public status pages
- [ ] **CSV / PDF export** of any filtered view, including all metadata and custom fields
- [ ] **Scheduled email reports** — configurable frequency (daily/weekly/monthly) and recipients per product
- [ ] **Embeddable public status widget**`<script>` snippet; shows open bug count + last-updated on any external page
- [ ] **Data retention policy UI** — archive items older than N months; archived items searchable but excluded from live views
---
@ -355,35 +478,52 @@ Everything checked here is already shipped and running.
> **Target:** Sprint ending 2026-09-13
- [ ] **Responsive mobile layout** — full feature parity on < 768 px screens
- [ ] **Progressive Web App (PWA)** — installable, works offline for read-only views
- [ ] **WCAG 2.1 AA compliance audit** — keyboard navigation, screen reader labels, colour contrast
- [ ] **Dark mode** — system-preference aware; toggle in user settings
- [ ] **Native mobile apps** (stretch) — React Native wrapper for iOS/Android
### 6.1 — Responsive & Mobile
- [ ] **Fully responsive layout** — all views fully usable on < 768 px (phone); no horizontal scroll, no hidden controls
- [ ] **Touch-friendly Kanban** — drag-and-drop via touch events 🔗 _(requires Phase 2 Kanban)_
- [ ] **PWA** — installable from browser; offline read-only access to cached item list
- [ ] **Web push notifications** — opt-in browser push for item updates / mentions / SLA breaches
### 6.2 — Accessibility
- [ ] **WCAG 2.1 AA compliance audit** — full keyboard navigation, correct ARIA roles, colour contrast ≥ 4.5 : 1
- [ ] **Screen reader tested** — VoiceOver (Safari/macOS) + NVDA (Chrome/Windows) on all main flows
- [ ] **Focus management** — modal / sheet close returns focus to trigger; no focus traps
- [ ] **Reduced motion** — all animations respect `prefers-reduced-motion`
- [ ] **Dark mode** — system-preference aware; manual toggle in user settings
### 6.3 — Native Apps (Stretch)
- [ ] **React Native wrapper** — iOS + Android with push notifications and offline queue
---
## Known Bugs & Gaps ⚠️
These are confirmed issues in the current build, ordered by severity.
Confirmed issues ordered by severity. File new bugs via the
[public roadmap](https://tracker.bytelyst.com/roadmap).
| # | Severity | Description | Affects |
| ----- | ----------- | ---------------------------------------------------------------------------------------------- | -------------------------- |
| B-001 | 🔴 Critical | `platform-service` container reporting `unhealthy` — root cause: valkey connectivity | All apps |
| B-002 | 🔴 Critical | `valkey` (Redis) container `unhealthy` — sessions and queues degraded | platform-service, all apps |
| B-003 | 🟠 High | Kanban board has no drag-and-drop — status changes require button clicks only | Board view |
| B-004 | 🟠 High | Public vote deduplication is localStorage-only — server has no per-email enforcement | Roadmap |
| B-005 | 🟠 High | No rate limiting on `POST /public/submit` — open to spam/bot flooding | Roadmap |
| B-006 | 🟡 Medium | Item `description` is plain text — no markdown rendering in detail view | Item detail |
| B-007 | 🟡 Medium | Comment edit/delete not implemented — posted comments are permanent | Item detail |
| B-008 | 🟡 Medium | No `@mention` support in comments — no notifications triggered | Comments |
| B-009 | 🟡 Medium | `tracker-web` health check always `unhealthy``/health` route needs proper dependency checks | Infra |
| B-010 | 🟡 Medium | No audit log — no record of who changed what and when on items | Item detail |
| B-011 | 🟢 Low | Kanban board does not persist scroll position between page refreshes | Board view |
| B-012 | 🟢 Low | Product switcher selection lost on hard refresh (localStorage cleared by some browsers) | Nav |
| B-013 | 🟢 Low | `source: auto_detected` items have no distinguishing UI badge | Items list |
| B-014 | 🟢 Low | No loading skeleton on item detail page — blank flash before data loads | Item detail |
| B-015 | 🟢 Low | Public roadmap stats do not refresh after submitting a new idea | Roadmap |
| ID | Severity | Description | Affects | Phase |
| ----- | ----------- | ------------------------------------------------------------------------------------ | ------------ | ----- |
| B-001 | 🔴 Critical | `valkey` (Redis) container `unhealthy` — root cause of most downstream failures | All services | 1.1 |
| B-002 | 🔴 Critical | `platform-service` container `unhealthy` — caused by B-001 | All apps | 1.1 |
| B-003 | 🟠 High | Kanban has no drag-and-drop — status changes via buttons only | Board view | 2.8 |
| B-004 | 🟠 High | Vote deduplication is localStorage-only — server has no per-email enforcement | Roadmap | 4.1 |
| B-005 | 🟠 High | No rate limiting on `POST /public/submit` — open to bot spam | Roadmap | 1.2 |
| B-006 | 🟡 Medium | Description is plain text — no markdown rendering in detail view | Item detail | 2.2 |
| B-007 | 🟡 Medium | Comment edit/delete not implemented — all comments are permanent | Comments | 2.6 |
| B-008 | 🟡 Medium | No `@mention` support in comments — no notifications triggered | Comments | 2.6 |
| B-009 | 🟡 Medium | `/health` route returns 200 without checking dependencies | Infra | 1.1 |
| B-010 | 🟡 Medium | No audit log — no record of field changes with actor + timestamp | Item detail | 1.5 |
| B-011 | 🟡 Medium | No real-time updates — item detail requires manual refresh for new activity | Item detail | 2.7 |
| B-012 | 🟢 Low | Kanban scroll position lost on page refresh | Board view | 2.8 |
| B-013 | 🟢 Low | Product switcher selection lost on hard refresh | Nav | 2.8 |
| B-014 | 🟢 Low | `source: auto_detected` items have no UI badge to distinguish them | Items list | 2.2 |
| B-015 | 🟢 Low | Item detail has no loading skeleton — blank flash before data loads | Item detail | 2.2 |
| B-016 | 🟢 Low | Public roadmap stats don't refresh after submitting a new idea | Roadmap | 4.1 |
| B-017 | 🟢 Low | No `improvement` or `chore` item types — everything shoehorned into bug/feature/task | Item create | 2.1 |
| B-018 | 🟢 Low | No global search across items — only per-page search bar | Items list | 2.8 |
---
@ -391,47 +531,69 @@ These are confirmed issues in the current build, ordered by severity.
### 🌐 Public Users
Go to **[https://tracker.bytelyst.com/roadmap](https://tracker.bytelyst.com/roadmap)** and click
**"Submit an idea"**. No account needed — just a name and email. Vote on existing items too.
Visit **[https://tracker.bytelyst.com/roadmap](https://tracker.bytelyst.com/roadmap)** → click
**"Submit an idea"**. No account required — just name + email. You can also upvote items you care
about. After submitting you receive a link to track your item's status without logging in.
### 🏢 Company Team / PMs / Developers
Log in at **/login** with your ByteLyst credentials. Use **/dashboard/items → Create** for internal
items. Set `visibility: internal` to keep it off the public roadmap.
Log in at **[https://tracker.bytelyst.com/login](https://tracker.bytelyst.com/login)** with your
ByteLyst credentials. Go to **Dashboard → Items → Create**. Set `visibility: internal` to keep an
item off the public roadmap. Use labels to route to the right agent or team.
### 🤖 Coding Agents (API)
### 🤖 Coding Agents (REST API)
> Agent API keys are managed by an admin at `/dashboard/settings/api-keys` _(ships Phase 3)_.
> Until then, agents use a standard JWT token.
```http
# 1. Pull items ready for agent work
GET /api/agent/items?status=open&label=agent-ready
### 1. Pull items labelled for agent work (cursor-paginated, incremental via `since`)
GET /api/agent/v1/items?status=open&label=agent-ready&limit=10&since=2026-05-20T00:00:00Z
Authorization: Bearer <TRACKER_AGENT_KEY>
X-Product-Id: chronomind
### 2. Claim one atomically (prevents another agent racing on the same item)
PATCH /api/agent/v1/items/{id}/claim
Authorization: Bearer <TRACKER_AGENT_KEY>
# 2. Claim an item (prevent race conditions)
PATCH /api/agent/items/{id}/claim
Authorization: Bearer <TRACKER_AGENT_KEY>
# 3. Link your PR when you open one
PATCH /api/agent/items/{id}/pr
### 3. Open a PR → link it
PATCH /api/agent/v1/items/{id}/pr
Content-Type: application/json
Authorization: Bearer <TRACKER_AGENT_KEY>
{
"prUrl": "https://github.com/org/repo/pull/42",
"prNumber": 42,
"prTitle": "fix: your fix title",
"prTitle": "fix: null-check avatar in UserCard",
"prStatus": "open",
"branch": "fix/tracker-{id}-short-slug"
"branch": "fix/tracker-{id}-null-avatar",
"commitSha": "abc123def456",
"ciStatus": "pending"
}
# 4. Update status when PR merges
PATCH /api/agent/items/{id}/status
{ "status": "done", "reason": "PR #42 merged" }
### 4. Check off an acceptance criterion
PATCH /api/agent/v1/items/{id}/checklist
Content-Type: application/json
Authorization: Bearer <TRACKER_AGENT_KEY>
# 5. Post implementation notes
POST /api/agent/items/{id}/comments
{ "body": "Implemented X by doing Y. Tests added in Z." }
{ "item": "Null-check avatar before rendering", "checked": true }
### 5. Post implementation notes as a comment
POST /api/agent/v1/items/{id}/comments
Content-Type: application/json
Authorization: Bearer <TRACKER_AGENT_KEY>
{ "body": "Fixed in `UserCard.tsx:42` by adding `avatar ?? defaultAvatar`. Unit test added in `UserCard.null-avatar.test.tsx`." }
### 6. Mark done when PR merges
PATCH /api/agent/v1/items/{id}/status
Content-Type: application/json
Authorization: Bearer <TRACKER_AGENT_KEY>
{ "status": "done", "reason": "PR #42 merged to main" }
```
Full agent API docs → **[/api-docs](/api-docs)** _(Phase 3)_
Full OpenAPI spec → **[https://tracker.bytelyst.com/api-docs](https://tracker.bytelyst.com/api-docs)** _(ships Phase 3)_
---
@ -451,11 +613,11 @@ Full agent API docs → **[/api-docs](/api-docs)** _(Phase 3)_
## Contributing
1. **File an item** via the [public roadmap](/roadmap) or the dashboard
2. **Upvote** items you care about — prioritisation is vote-weighted
3. **Comment** with context, edge cases, or design input
4. **PRs welcome** — branch as `feat/tracker-{id}-{slug}` so the webhook auto-links your PR
1. **File an item** via the [public roadmap](https://tracker.bytelyst.com/roadmap) or the dashboard
2. **Upvote** items you care about — priority is vote-weighted
3. **Comment** with context, edge cases, or design notes
4. **Open a PR** — branch as `feat/tracker-{id}-{slug}` so the inbound webhook auto-links it _(Phase 3)_
---
_Maintained by the ByteLyst platform team. Questions → `platform@bytelyst.com`_
_Maintained by the ByteLyst platform team · Questions → `platform@bytelyst.com`_