madbase/ROADMAP.md

MadBase Development Roadmap

This document outlines the development plan for MadBase, a high-performance, resource-efficient, Supabase-compatible API layer written in Rust. The roadmap is derived from the requirements specified in SPECIFICATIONS.md.

Phase 1: Remaining Foundation Work

Goal: Complete the remaining authentication flows to reach full feature parity with standard auth requirements.

1.1 Authentication Service (/auth/v1)

• Password Reset: Implement email-based password reset flow (request reset, verify token, update password).
• Email Confirmation: Implement email verification flow for new signups (send confirmation email, verify token).

---

Phase 2: Realtime & Storage Enhancements

Goal: Upgrade Realtime reliability and add advanced Storage features.

2.1 Realtime Service (/realtime/v1)

• Advanced Replication: Connect to Postgres replication slot (pgoutput) via tokio-postgres or sqlx (Replace current LISTEN/NOTIFY fallback for better reliability and performance).
• Resume Support: Implement message history table to allow clients to resume from a specific LSN/ID after disconnection.
• Presence: Implement user state tracking (online/offline, typing indicators) to match supabase-js Realtime Presence API.

2.2 Storage Service (/storage/v1)

• Signed URLs: Implement generation of time-limited signed URLs for accessing private objects.
• Image Transformations: Implement on-the-fly image resizing and format conversion (e.g., ?width=100&height=100&format=webp).
• Resumable Uploads: Implement TUS protocol support for reliable large file uploads.

---

Phase 3: Edge Functions (New Feature)

Goal: Implement the serverless function runtime using Wasmtime.

3.1 Function Runtime (/functions/v1)

• Runtime Environment: Integrate Wasmtime to execute WASM modules securely.
• Invocation API: Implement POST /functions/v1/<name> endpoint to trigger functions.
• Deployment API: Implement endpoints to upload and version function artifacts.
• Sandboxing: Enforce resource limits (CPU, Memory) and network access controls.
• Context Injection: Inject environment variables and secrets (encrypted) into the runtime.

---

Phase 4: Admin UI & Observability

Goal: Enhance the management interface and observability stack for production readiness.

4.1 Management UI

• Storage Browser: Advanced file browser with folder support and file preview.
• Realtime Inspector: Tool to inspect active WebSocket connections and channel subscriptions.
• Logs Viewer: Detailed log viewer integrated with Loki (search, filter by correlation ID).

4.2 Observability & Testing

• Load Testing: Create a load testing suite to verify performance under high concurrency (thousands of WS connections).
• Advanced Metrics: Add detailed metrics for Edge Function execution time and resource usage.

---

Phase 5: Full Compatibility & Advanced Features

Goal: Achieve 100% compatibility with supabase-js client SDK and support enterprise-grade features.

5.1 Advanced Authentication

• MFA (TOTP): Implement Time-based One-Time Password multi-factor authentication.
• Enterprise SSO: Implement SAML 2.0 and OIDC support for enterprise identity providers.
• Extended OAuth Providers: Add support for Apple, Azure, GitLab, Bitbucket, Discord, etc.

5.2 Database Extensions

• pgvector Support: Native support for vector embeddings and similarity search in Data API and RPC.
• GraphQL Support: Implement a GraphQL adapter (pg_graphql compatible) for alternative query interface.

---

Milestone Summary

1. MVP: Completed (Auth, Data API, Basic Realtime, Basic Storage).
2. Beta: + Auth Flows (Reset/Confirm) + Advanced Realtime + Signed URLs (Phase 1 & 2).
3. RC: + Edge Functions (Phase 3).
4. v1.0: + Advanced Admin UI + Production Hardening (Phase 4).
5. v1.1: + Full Supabase-JS Compatibility (Phase 5).