Skip to content

Milestones

List view

  • GRC in the loop

    From system-of-record to in-loop enforcement: every /implement run screens its change surface against threat models and risk scenarios; controls link to threat models, assessments, and code; the gates that matter are verified server-side against data rather than workflow prose; tool usage and workflow telemetry close into detections. Builds on the GRC backbone (#820). Sequencing: the screening step and its durable record land first, then the server-side assertions that consume them; schema-fidelity, telemetry, and oversight surfaces are independent.

    No due date
    3/16 issues closed
    18% complete13 open3 closed

  • Research writing and adapters

    No due date
    0/10 issues closed
    0% complete10 open0 closed

  • Research evidence pipeline

    No due date
    0/13 issues closed
    0% complete13 open0 closed

  • Research project type: foundation

    No due date
    2/11 issues closed
    18% complete9 open2 closed

  • Agent workflow & /implement

    The agent-side workflow surface: /implement, /quickfix, codex review, test-quality review, MCP server health, deploy pipeline, traceability reconciliation bugs, and every non-requirement workflow improvement. Largest milestone by issue count — by design, since this is the meta-workflow that ships every other milestone.

    No due date
    5/257 issues closed
    1% complete252 open5 closed

  • Formal methods & policy

    Verification pipeline, proof staleness, gap analysis (GC-F), and policy artifact management / automated policy evaluation (GC-K).

    No due date
    0/13 issues closed
    0% complete13 open0 closed

  • Traceability & foundations

    Cross-cutting Ground Control foundations: content ordering / import (B), coherence (C), evidence linkage and traceability (E), baseline / diff (N), mixed-entity graph (G), and architecture-as-code (J). The platform invariants the GRC surface relies on.

    No due date
    0/29 issues closed
    0% complete29 open0 closed

  • MCP & API surface

    MCP server tools and the public API surface: GC-L (MCP integrations), GC-A (API exposure), GC-M (asset / agent management). Excludes MCP bugs that surface during /implement runs — those live in Agent workflow & /implement.

    No due date
    0/7 issues closed
    0% complete7 open0 closed

  • SaaS, multi-tenancy & third-party

    Multi-tenant organization/workspace model, subscription plans, tenant admin UI, RBAC, federated identity options, and the third-party risk register. Includes #820's adjacent-scope items (auth, tenancy, agents, R-series TPRM).

    No due date
    0/27 issues closed
    0% complete27 open0 closed

  • GRC: methodology fidelity

    FAIR / NIST SP 800-30 / ISO 27005 / FAIR-CAM methodology depth: taxonomy, validation, monitoring, KRIs, appetite/tolerance, ongoing monitoring. Mirrors #820 Phase D.

    No due date
    3/20 issues closed
    15% complete17 open3 closed

  • GRC: frontend workspaces

    Per-domain UI workspaces so humans (not just agents) can drive threat modeling, risk scenarios, controls, evidence, and reporting. Mirrors #820 Phase C.

    No due date
    4/6 issues closed
    66% complete2 open4 closed

  • GRC: core backbone

    End-to-end completeness of the threat → risk → control → finding → treatment surface. Includes #820 Phase B remainders plus orphan GC-V (findings), GC-S (evidence collection / audit trail), GC-U (audit workpapers), and orphan GC-T / GC-H / GC-I items that didn't fit Phase D methodology fidelity. Anchor: tracking issue #820.

    No due date
    6/33 issues closed
    18% complete27 open6 closed

  • GC-X001 Knowledge Base

    Per-repository agent-maintained knowledge base (GC-X001). Six-part rollout: skeleton (#522), capture primitive + ingest engine (#523), consumption + /implement integration (#524), admin CLI + scheduler (#525), scheduled processing + cold-path extraction (#526), knowledge-base lint pass (#527).

    No due date
    1/7 issues closed
    14% complete6 open1 closed