# MadBase Development Roadmap This document outlines the development plan for **MadBase**, a high-performance, resource-efficient, Supabase-compatible API layer written in Rust. The roadmap is derived from the requirements specified in [SPECIFICATIONS.md](./SPECIFICATIONS.md). ## Phase 1: Remaining Foundation Work **Goal:** Complete the remaining authentication flows to reach full feature parity with standard auth requirements. ### 1.1 Authentication Service (`/auth/v1`) - [x] **Password Reset**: Implement email-based password reset flow (request reset, verify token, update password). - [x] **Email Confirmation**: Implement email verification flow for new signups (send confirmation email, verify token). --- ## Phase 2: Realtime & Storage Enhancements **Goal:** Upgrade Realtime reliability and add advanced Storage features. ### 2.1 Realtime Service (`/realtime/v1`) - [ ] **Advanced Replication**: Connect to Postgres replication slot (`pgoutput`) via `tokio-postgres` or `sqlx` (Replace current `LISTEN/NOTIFY` fallback for better reliability and performance). - [x] **Resume Support**: Implement message history table to allow clients to resume from a specific LSN/ID after disconnection. - [x] **Presence**: Implement user state tracking (online/offline, typing indicators) to match `supabase-js` Realtime Presence API. ### 2.2 Storage Service (`/storage/v1`) - [x] **Signed URLs**: Implement generation of time-limited signed URLs for accessing private objects. - [x] **Image Transformations**: Implement on-the-fly image resizing and format conversion (e.g., `?width=100&height=100&format=webp`). - [x] **Resumable Uploads**: Implement TUS protocol support for reliable large file uploads. --- ## Phase 3: Edge Functions (New Feature) **Goal:** Implement the serverless function runtime using Wasmtime. ### 3.1 Function Runtime (`/functions/v1`) - [x] **Runtime Environment**: Integrate `Wasmtime` to execute WASM modules securely. - [x] **Invocation API**: Implement `POST /functions/v1/` endpoint to trigger functions. - [x] **Deployment API**: Implement endpoints to upload and version function artifacts. - [x] **Sandboxing**: Enforce resource limits (CPU, Memory) and network access controls. - [x] **Context Injection**: Inject environment variables and secrets (encrypted) into the runtime. --- ## Phase 4: Admin UI & Observability **Goal:** Enhance the management interface and observability stack for production readiness. ### 4.1 Management UI - [x] **Storage Browser**: Advanced file browser with folder support and file preview. - [x] **Realtime Inspector**: Tool to inspect active WebSocket connections and channel subscriptions. - [x] **Logs Viewer**: Detailed log viewer integrated with Loki (search, filter by correlation ID). ### 4.2 Observability & Testing - [ ] **Load Testing**: Create a load testing suite to verify performance under high concurrency (thousands of WS connections). - [x] **Advanced Metrics**: Add detailed metrics for Edge Function execution time and resource usage. --- ## Phase 5: Full Compatibility & Advanced Features **Goal:** Achieve 100% compatibility with `supabase-js` client SDK and support enterprise-grade features. ### 5.1 Advanced Authentication - [x] **MFA (TOTP)**: Implement Time-based One-Time Password multi-factor authentication. - [x] **Enterprise SSO**: Implement SAML 2.0 and OIDC support for enterprise identity providers. - [x] **Extended OAuth Providers**: Add support for Apple, Azure, GitLab, Bitbucket, Discord, etc. ### 5.2 Database Extensions - [x] **pgvector Support**: Native support for vector embeddings and similarity search in Data API and RPC. - [ ] **GraphQL Support**: Implement a GraphQL adapter (pg_graphql compatible) for alternative query interface. --- ## Milestone Summary 1. **MVP**: Completed (Auth, Data API, Basic Realtime, Basic Storage). 2. **Beta**: + Auth Flows (Reset/Confirm) + Advanced Realtime + Signed URLs (Phase 1 & 2). 3. **RC**: + Edge Functions (Phase 3). 4. **v1.0**: + Advanced Admin UI + Production Hardening (Phase 4). 5. **v1.1**: + Full Supabase-JS Compatibility (Phase 5).