Oxvault Oxvault
Public roadmap

Where Oxvault is going next

We publish what we are building, what is shipped, and what we are still validating. No marketing dates — we move when it is ready and the design partners say so.

Track on GitHub Become a design partner →

The Board

Shipped → Now → Next → Later

Every item below maps to a tier or a foundational engine improvement. Order can shift based on design-partner feedback and live attack data.

Shipped
In production
  • MCP server scanning

    85+ rules · 12/12 known CVEs · 93% precision

  • AIBOM v0.4

    Pickle disassembly · ONNX · Safetensors · Sigstore

  • GitHub Action

    oxvault/scan-action@v1 · SARIF for Security tab

  • Hugging Face resolver

    oxvault scan hf:org/model

Now
In active build
  • Gateway runtime proxy

    JSON-RPC inspection · policy engine · audit log

  • RAG corpus scanner

    Indirect prompt injection · embedding poisoning

  • Pro tier launch

    Runtime gateway · priority rules · 7d audit

  • Console MVP

    Findings stream · per-host posture

Next
Up next
  • Team tier

    Shared Git-synced policies · 90d audit · 50 seats

  • CI/CD integrations

    GitLab · Jenkins · Buildkite · Azure DevOps

  • CycloneDX AIBOM export

    Compliance-ready supply chain manifests

  • Slack / PagerDuty alerts

    Real-time CRITICAL routing

Later
On the horizon
  • Trust Registry

    Signed model + MCP allowlist · Enterprise moat

  • SSO · SAML · SCIM

    Okta · Azure AD · Google Workspace

  • Air-gapped deploy

    Self-hosted control plane · zero egress

  • SOC 2 + BAA

    Type II audit · regulated industries

Directional, not contractual. We ship when it's ready — not by the calendar.

Release Track

Versions, in order.

Each version is a single coherent capability. We do not ship feature-flagged half-builds.

  1. v0.3.3 MCP scanner

    141 servers scanned · 12/12 known CVEs detected · 93% precision

  2. v0.4.0 AIBOM + model scanning

    Pickle disassembly, ONNX integrity, Safetensors, Sigstore + OpenSSF Model Signing, Hugging Face resolver

  3. v0.5 RAG corpus scanner

    Indirect prompt injection · embedding poisoning · vector store integrity

  4. v1.0 Gateway production-ready

    JSON-RPC inspection · policy engine · audit log · Pro tier launch

  5. v1.5 Team tier

    Shared Git-synced policies · CI/CD integrations · 90d audit · CycloneDX export

  6. v2.0 Enterprise tier

    Trust Registry · SSO · RBAC · air-gapped deploy · SOC 2 Type II

Principles

The rails this roadmap rides on

If a feature breaks one of these, it does not ship — no matter how loud the demand.

Local-first stays sacred

Every shipped feature must be runnable as a single binary with zero telemetry. Cloud is opt-in, never required.

OSS core, paid runtime

The scanner is free forever. We monetize runtime protection, team workflows, and compliance — never the detections.

Same engine, three artifacts

MCP servers, ML models, and RAG corpora reuse the same deterministic detection engine. New artifacts land as modules, not forks.

Validated before built

New product surface ships only after design partners sign on. We follow demand — we do not invent it.

Want a feature on this list faster?

Design partners get direct line to the roadmap. Pilot the runtime gateway, shape the policy DSL, lock in pricing before public launch.

Become a design partner → Join the Discord