# 🗺️ CrydenSync Roadmap
<div align="center">
**Your guide to what's coming in Cryden**
[✅ Current: v1.0.0](#-v100-current-march-2026) •
[🌟 Next: v1.1.0](#-v110-q2-2026-developer-experience) •
[🔌 v1.2.0](#-v120-q3-2026-api--integration) •
[🔐 v1.3.0](#-v130-q4-2026-advanced-authentication) •
[📊 Future](#-future-releases)
</div>
---
## ✅ v1.0.0 (Current - March 2026) — Core Auth
**Released!** The foundation of Cryden is stable and production-ready.
### Core Features
| Feature | Status | Description |
|---------|--------|-------------|
| Email/Password Auth | ✅ Stable | Secure bcrypt hashing |
| JWT Access Tokens | ✅ Stable | Short-lived, stateless |
| Opaque Refresh Tokens | ✅ Stable | Stored in DB for revocation |
| Rate Limiting | ✅ Stable | Memory-based, per IP |
| Audit Logging | ✅ Stable | Console logger |
| Session Management | ✅ Stable | Create, revoke, list |
| Logout (single) | ✅ Stable | Revoke current session |
| Logout All | ✅ Stable | Revoke all user sessions |
| Change Password | ✅ Stable | With old password verification |
| Change Email | ✅ Stable | With duplicate check |
| Delete Account | ✅ Stable | Remove user and sessions |
| Refresh Token Rotation | ✅ Stable | New tokens, old revoked |
### Storage Backends
| Backend | Status | Use Case |
|---------|--------|----------|
| Memory | ✅ Stable | Testing |
| SQLite | ✅ Stable | Offline-first, dev |
| PostgreSQL | ✅ Stable | Production |
| MongoDB | ✅ Stable | Document stores |
### Quality
- ✅ Complete test suite (90%+ coverage)
- ✅ MIT License
- ✅ GitHub Actions CI
- ✅ GoReleaser for binaries
**[View v1.0.0 release →](https://github.com/crydensync/cryden/releases/tag/v1.0.0)**
---
## 🌟 v1.1.0 (Q2 2026) — Developer Experience
**Focus: Making developers' lives easier with better tooling and more adapters.**
### 🖥️ CLI Tool (`csax`)
| Command | Description |
|---------|-------------|
| `csax create-user` | Create users from terminal |
| `csax list-users` | List all users |
| `csax delete-user` | Delete user by ID |
| `csax list-sessions` | Show active sessions |
| `csax revoke-session` | Revoke specific session |
| `csax generate-token` | Generate JWT for testing |
| `csax verify-token` | Verify JWT |
| `csax audit-log` | View audit logs |
| `csax config` | Show configuration |
| `csax version` | Show version |
### 📱 Device Tracking
| Field | Description |
|-------|-------------|
| `IPAddress` | Client IP address |
| `UserAgent` | Browser/device info |
| `DeviceName` | Parsed device name |
| `LastSeenAt` | Last activity timestamp |
| `Location` | GeoIP (optional) |
Users can see:
```go
sessions, _ := cryden.ListSessions(ctx, engine, userID)
for _, s := range sessions {
fmt.Printf("📍 %s on %s - Last seen: %s\n",
s.DeviceName, s.IPAddress, s.LastSeenAt)
}🔐 Enhanced Security
Feature Description Argon2id Hasher Memory-hard hashing (more secure than bcrypt) Redis Rate Limiter Distributed rate limiting File Audit Logger JSON/CSV output for production Email Verification Hooks Prepare for v1.3
🗄️ More Storage Adapters
Adapter Status MySQL 🚧 Planned Cassandra 🚧 Planned Redis (sessions) 🚧 Planned
📊 Analytics Ready
· User signup trends · Active sessions per user · Failed login attempts · Geographic distribution
🔌 v1.2.0 (Q3 2026) — API & Integration
Focus: Making Cryden accessible from any language and integrating with existing systems.
🚀 gRPC API
service Cryden {
rpc SignUp(SignUpRequest) returns (User);
rpc Login(LoginRequest) returns (TokenPair);
rpc Logout(LogoutRequest) returns (Empty);
rpc LogoutAll(LogoutAllRequest) returns (Empty);
rpc RefreshToken(RefreshRequest) returns (TokenPair);
rpc ChangePassword(ChangePasswordRequest) returns (Empty);
rpc ChangeEmail(ChangeEmailRequest) returns (Empty);
rpc DeleteAccount(DeleteAccountRequest) returns (Empty);
rpc GetUser(GetUserRequest) returns (User);
rpc ListSessions(ListSessionsRequest) returns (SessionList);
}🌐 Language SDKs (thin wrappers)
Language Status JavaScript/TypeScript 🚧 Planned Python 🚧 Planned PHP 🚧 Planned Ruby 📅 Future Java 📅 Future Rust 📅 Future
🔔 Webhooks
Event Payload user.created User ID, email, timestamp user.updated Changed fields user.deleted User ID, reason session.created User ID, device info session.revoked User ID, session ID security.alert Suspicious activity
🔄 Migration Tools
Source Tool Clerk cryden-migrate clerk Auth0 cryden-migrate auth0 Supabase cryden-migrate supabase Firebase cryden-migrate firebase Custom JSON/CSV import
⚡ Advanced Rate Limiting
· Sliding window algorithm · Token bucket · Per-user + per-IP combination · Custom strategies via interface
🔐 v1.3.0 (Q4 2026) — Advanced Authentication
Focus: Enterprise-grade authentication with MFA and passwordless options.
🔢 Multi-Factor Authentication (MFA)
Method Status TOTP (Google Authenticator, Authy) 🚧 Planned SMS OTP (Twilio, AWS SNS) 🚧 Planned Email OTP 🚧 Planned Backup codes 🚧 Planned Remember device 🚧 Planned
// Example MFA flow
token, err := cryden.GenerateTOTPSecret(ctx, userID)
qrCode := cryden.GetTOTPQRCode(token)
// Verify
valid := cryden.VerifyTOTP(ctx, userID, userInput)✨ Passwordless Authentication
Method Status Magic links 🚧 Planned Email OTP 🚧 Planned SMS OTP 🚧 Planned Device approval 📅 Future
🔑 WebAuthn / Passkeys
Feature Status Platform authenticators 📅 Future Security keys (YubiKey) 📅 Future Biometrics (Face ID, Touch ID) 📅 Future Cross-device sync 📅 Future
🌍 Social Login (OAuth2)
Provider Status Google 🚧 Planned GitHub 🚧 Planned Twitter/X 📅 Future Apple 📅 Future Microsoft 📅 Future GitLab 📅 Future
📊 v1.4.0 (Q1 2027) — Enterprise Features
Focus: Compliance, SCIM, and advanced analytics.
🔄 SCIM Provisioning
Feature Description Okta integration User provisioning/deprovisioning Azure AD Sync users and groups Google Workspace Directory sync Custom IdP Generic SCIM support
📋 Compliance Tools
Feature Description SOC2 audit logs Immutable, tamper-proof GDPR tools Data export, right to delete Data retention policies Auto-delete old logs Anonymization PII masking
📈 Advanced Analytics
Feature Description Login geography Map of user locations Device fingerprinting Unique device IDs Anomaly detection Unusual login patterns Suspicious activity alerts Real-time notifications Read-only dashboard Analytics UI
🗄️ More Storage Adapters
Adapter Status DynamoDB 📅 Future CockroachDB 📅 Future ClickHouse (audit) 📅 Future Elasticsearch (audit) 📅 Future
☁️ v1.5.0 (Q2 2027) — Cloud Sync (Optional)
Focus: Optional cloud service for teams that want managed auth.
🌤️ Cryden Cloud
Feature Description Optional sync service Pay only if you need it Multi-region deployment Global low latency Managed databases No ops required 99.95% uptime SLA Enterprise reliability 24/7 support Email, chat, phone
🔄 Hybrid Mode
Feature Description Local-first Still works offline Cloud backup Sync when online Conflict resolution Smart merging Team management Organizations, roles Audit consolidation Centralized logs
🏗️ v2.0.0 (2028+) — Major Evolution
Focus: Next generation architecture based on community feedback.
🔄 Breaking Changes (If Needed)
· Simplified API based on usage patterns · Performance optimizations · Reduced memory footprint · Faster startup time
🧩 Plugin System
Feature Description Custom authentication flows Design your own Third-party plugins Community extensions Plugin marketplace Share and discover
🚀 Performance
Metric Goal Login latency < 5ms Memory usage 50% reduction Startup time 80% faster Concurrent users 10x scale
📊 Feature Timeline Summary
Feature v1.0.0 v1.1.0 v1.2.0 v1.3.0 v1.4.0 v1.5.0 Core Auth ✅ ✅ ✅ ✅ ✅ ✅ CLI Tool ❌ ✅ ✅ ✅ ✅ ✅ Device Tracking ❌ ✅ ✅ ✅ ✅ ✅ gRPC API ❌ ❌ ✅ ✅ ✅ ✅ Language SDKs ❌ ❌ ✅ ✅ ✅ ✅ Webhooks ❌ ❌ ✅ ✅ ✅ ✅ Migration Tools ❌ ❌ ✅ ✅ ✅ ✅ MFA/TOTP ❌ ❌ ❌ ✅ ✅ ✅ Passwordless ❌ ❌ ❌ ✅ ✅ ✅ WebAuthn ❌ ❌ ❌ ✅ ✅ ✅ Social Login ❌ ❌ ❌ ✅ ✅ ✅ SCIM ❌ ❌ ❌ ❌ ✅ ✅ Compliance ❌ ❌ ❌ ❌ ✅ ✅ Cloud Sync ❌ ❌ ❌ ❌ ❌ ✅
🤝 How to Contribute
We welcome contributions at every stage!
Current Priorities (v1.1.0)
· CLI tool implementation · Device tracking · Argon2id hasher · Redis rate limiter · MySQL adapter
Help Wanted
· Documentation improvements · Example apps · Performance benchmarks · Security review · Translation (i18n)
Become a Maintainer
After 5+ quality contributions, you can become a maintainer!
📢 Stay Updated
· ⭐ Star the repo on GitHub · 👀 Watch releases · 🐦 Follow @crydensync · 💬 Join Discord (coming soon)
Last updated: March 2026