Roadmap
Our vision for STOA Platform β building the gateway for the AI era.
Living Document
This roadmap reflects our current priorities and may evolve based on community feedback and market needs. Have ideas? Join the discussion on Discord.
Latest Release
v2.2.0 (March 2026) β LLM Proxy, Self-Service Signup, Skills System, MCP 2025-11-25, OAuth 2.1 DPoP, and 12 new API endpoints.
Available Todayβ
Core Platform, MCP Gateway, LLM Proxy & Multi-Vendor Support
| Feature | Status | Since |
|---|---|---|
| Control Plane API (Python/FastAPI) | Done | v0.1.0 |
| STOA Gateway (Rust/Tokio/axum) | Done | v0.2.0 |
| MCP Protocol 2025-11-25 β tool discovery, resources, prompts, completion | Done | v2.2.0 |
| Developer Portal β self-service API discovery + signup | Done | v0.1.0 |
| Admin Console β API catalog, observability, tenant ops | Done | v0.1.0 |
| Multi-tenant Architecture β namespace-level isolation | Done | v0.1.0 |
| Keycloak SSO β OIDC, LDAP federation, multi-realm | Done | v0.1.0 |
| LLM Proxy β multi-provider routing (OpenAI, Azure, Mistral) | Done | v2.2.0 |
| LLM Cost Management β per-tenant budgets, enforcement, dashboard | Done | v2.2.0 |
| Self-Service Signup β tenant provisioning, trial limits | Done | v2.2.0 |
| Skills System β gateway-native CRUD with circuit breaker | Done | v2.2.0 |
| UAC (Universal API Contract) β JSON Schema validator, OpenAPI transform | Done | v2.2.0 |
| OAuth 2.1 β DPoP binding, RFC 7592 DCR management | Done | v2.2.0 |
| Rate Limiting β per-consumer quotas | Done | v0.2.0 |
| Circuit Breaker β per-upstream with zombie reaper | Done | v0.2.0 |
| mTLS β certificate-bound tokens (RFC 8705) | Done | v0.2.0 |
| Security Headers β OWASP best practices, SSRF blocklist | Done | v0.2.0 |
| PII Masking β middleware + admin endpoints | Done | v2.2.0 |
| Security Posture Scanner | Done | v2.2.0 |
| Gateway Adapters β webMethods, Kong, Gravitee, Apigee, AWS, Azure APIM | Done | v2.2.0 |
| Gateway Auto-Registration β zero-config heartbeat | Done | v0.2.0 |
| Observability β Prometheus, Grafana, OpenSearch | Done | v0.1.0 |
| Gateway Arena β continuous benchmark lab (20 enterprise dimensions) | Done | v2.2.0 |
| Platform Continuous Verification β 3 CUJs every 15 min | Done | v2.2.0 |
| W3C Traceparent β distributed tracing propagation | Done | v2.2.0 |
| Helm Charts β full platform deployment | Done | v0.1.0 |
| OPA Policy Engine | Done | v0.1.0 |
| Consumer Onboarding β data model, Keycloak sync, quotas | Done | v0.2.0 |
| Born GitOps β declarative API lifecycle (ADR-040) | Done | v0.2.0 |
| Audit Trail β PG dual-write + OpenSearch pipeline | Done | v2.2.0 |
| ArgoCD Integration β GitOps deployment on OVH + Hetzner | Done | v0.2.0 |
| CRDs β Tool, ToolSet, GatewayInstance, GatewayBinding | Done | v0.2.0 |
| Usage Metering Pipeline | Done | v2.2.0 |
| Billing β budgets, consumers, models API | Done | v2.2.0 |
| Contract Lifecycle Management | Done | v2.2.0 |
| Data Governance Endpoints | Done | v2.2.0 |
| SCIM-to-Gateway Reconciliation | Done | v2.2.0 |
| i18n Framework (Console) | Done | v2.2.0 |
| Integrated AI Chat Assistant | Done | v2.2.0 |
| Tenant Export/Import (Disaster Recovery) | Done | v2.2.0 |
| Documentation β 100+ guides, references, ADRs, and API docs | Done | v2.2.0 |
In Progressβ
GitOps Operator, Sidecar Mode & Developer Experience
| Feature | Status |
|---|---|
| GitOps Reconciliation Operator β K8s operator replacing AWX (ADR-042) | In Progress |
| Gateway Sidecar Mode β coexist with Kong, Envoy, etc. (ADR-024) | In Progress |
CLI Tool (stoactl) β kubectl-style management (Go/Cobra) | In Progress |
| Landing Page & Pricing (gostoa.dev) | In Progress |
Plannedβ
Performance, Scale & Ecosystem
| Feature | Status |
|---|---|
| Gateway Proxy Mode β transparent proxy for legacy backends | Planned (Q3 2026) |
| Gateway Shadow Mode β traffic mirroring and UAC generation | Planned (Q4 2026) |
| Terraform Provider | Planned |
| OpenAPI Import β auto-register from spec | Planned |
| SDK (Python, TypeScript) | Planned |
| Edge Deployment | Planned |
| WebAssembly Plugins | Planned |
| Response Caching | Planned |
| Pre-built MCP Connectors | Planned |
| GitOps Templates (ArgoCD) | Planned |
| Public Helm Registry | Planned |
Under Considerationβ
- Policy as Code β Define access policies in natural language
- Marketplace β Discover and share MCP tool configurations
- Multi-Cloud Native β Provider-specific optimizations
- Agent Observability β End-to-end AI agent workflow tracing
Get Involvedβ
We build in public and welcome contributions!
- Discord: Join the community
- Issues: Report bugs or request features
- Contribute: Contributing guide
- Contact: hello@gostoa.dev
This roadmap is directional and subject to change. For enterprise roadmap discussions, contact sales@gostoa.dev.