Roadmap
This page outlines the Hoard development roadmap.
Current Version: 0.1.1
v0.1.1 — Setup UX Hardening & Remote-First Server
- Write-ready by default — fresh installs auto-generate a server secret and enable writes out of the box
- Auto-generated server secret persisted to
~/.hoard/server.key(0600 perms) onhoard init/hoard setup hoard setup --verifychecks write-readiness, not just basic connectivity- Structured post-setup summary with server health, secret source, token status, and client configs
- Health endpoint —
GET /healthreturns liveness, DB readiness, and migration status - Remote bind guard — non-loopback bind requires
--allow-remoteflag hoard setup remote— configure local clients against a remote Hoard instance- Docker deployment stack —
Dockerfile,docker-compose.yml, Caddy reverse proxy with auto-TLS HOARD_DATA_DIR— relocate all runtime paths for containerized environments- HTTP retry helper — exponential backoff for transient network failures in CLI
- Duplicate and conflict detection in background worker
- Atomic config file writes via temp file + rename
v0.1.0 — Initial Release
The initial release focuses on core functionality:
- Local file indexing
- Agent inbox drop folder
- Obsidian vault support
- Browser bookmarks (Chrome, Firefox)
- Notion export ingestion
- Hybrid search (BM25 + vectors)
- MCP interface for AI agents
- CLI-first UX
- Connector SDK for community contributions
- Background sync and file watcher
- Orchestrator (Beta): agents, tasks, workflows, artifacts, events, cost
Implementation Phases
Phase 1: Foundation (Complete)
- Schema with entities + chunks + FTS triggers
- Entity/chunk CRUD operations
- Local files connector with chunking
- BM25 search
- Basic CLI
- Token authentication
Milestone: BM25 search returns chunks
Phase 2: Security + SDK (Complete)
-
hoard.sdkpackage - ConnectorV1 interface
- Connector loader (trusted code model)
- Per-token + per-tool rate limits
- Audit logging with provenance
- Obsidian connector
Milestone: Third-party connector can be loaded
Phase 3: Vectors + MCP (Complete)
- Embedding pipeline
- SQLite vector backend
- Hybrid search with prefilter
- MCP server with all tools
- Browser bookmarks connector
Milestone: Claude Code queries Hoard
Phase 4: Memory + Polish (Complete)
- Memory tools
-
hoard doctor - Documentation
- Notion export connector
- pip packaging
Milestone: v1.0 beta
Phase 5: Hardening (In Progress)
- Edge case fixes
- Background sync / file watcher
- Agent inbox connector
- Orchestrator (Beta)
- Integration guides
- Additional export connectors
Milestone: 1.0 stable
Future Versions
v1.5: OAuth Sources
Live connectors for cloud services:
- Notion API
- Google Drive
- Confluence Cloud
- Slack
Requirements:
- Auth broker integration
- Token refresh handling
- Rate limit management
- Delta sync for efficiency
v2.0: Sandboxed Connectors
OS-level isolation for connectors:
Hoard Core Process │ │ IPC (gRPC/Unix socket) ▼┌─────────────────────────────┐│ Connector Container ││ ├── seccomp/AppArmor ││ ├── Network namespace ││ ├── Filesystem jail ││ └── Connector process │└─────────────────────────────┘Implementation options:
- Linux: bubblewrap, nsjail, Docker
- macOS: sandbox-exec
- Cross-platform: Firecracker, gVisor
v2.0: Public HoardHub
Self-service connector publishing:
| Requirement | Purpose |
|---|---|
| Code signing | Verify author identity |
| Automated scanning | Detect malware |
| Dependency pinning | Prevent supply-chain attacks |
| Reputation system | Surface trusted connectors |
| Revocation mechanism | Yank compromised releases |
CLI vision:
hoard hub search notionhoard hub install notion_export --verify-signaturehoard hub update --check-revocationsv2.0: Write Operations
Allow agents to:
- Create memory entries (already in v1)
- Update entity metadata
- Trigger re-indexing
Not planned:
- Write back to sources (that’s the source’s job)
v2.0: Web UI
Browser-based interface:
- Search interface
- Connector management
- Sync status dashboard
- Memory browser
Known Risks & Mitigations
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| Malicious connector | Medium | High | Code review, provenance, curated list |
| Connector quality issues | High | Medium | Test harness, review process |
| Large corpus latency | Medium | High | Prefilter, documented limits |
| Background sync reliability | Medium | Medium | Lock file, debounce, tests |
Performance Targets
| Metric | Target | Constraint |
|---|---|---|
| TTFA (Time to First Answer) | < 20 min | Includes model download |
| Search latency (p95) | < 300ms | Corpus up to 50K chunks |
| Search latency (p95) | < 500ms | Corpus 50K-200K chunks |
| Sync reliability | > 95% | Successful runs / total |
Contributing
We welcome contributions! See the Connector SDK for building new connectors.
Priorities
- Connector quality — Well-tested connectors for popular sources
- Documentation — Clear guides and examples
- Bug fixes — Stability improvements
- Performance — Search and sync optimization
What We’re NOT Building (v1)
- OAuth live connectors (deferred to v1.5)
- Write operations (deferred to v2.0)
- Web UI (deferred to v2.0)
- Sandboxed execution (deferred to v2.0)
- Public connector marketplace (deferred to v2.0)
Feedback
Have ideas or feature requests? Open an issue on GitHub.