Roadmap

Stack is v0.1, pre-alpha. This page is the honest working picture: dated where we can date it, vague where it'd be dishonest to pretend otherwise. Nothing on this list is a promise — it's a snapshot of what we're working on right now.

Shipped in v0.1

Every wave below is live in the changelog with more detail — this list is the executive summary.

• 22 CLI commands — init, add, remove, doctor, exec, env, import, scan, clone, info, deps, projects, sync, upgrade, login, status, open, ci, completion, plus the interactive picker + --dry-run + --json modes.
• 29 curated providers across database, deploy, cloud, analytics, errors, AI, payments, code, tickets, email, and auth categories. Supabase + GitHub are full OAuth; the rest use PAT/API-key paste with automated verification until OAuth apps register.
• 5 starter templates — next-supabase, t3-clerk-neon, cloudflare-turso-clerk, ai-openai-pinecone, analytics-posthog-sentry.
• 19 MCP tools + 3 resources exposed via ashlr-stack-mcp — Claude Code, Cursor, Windsurf, and any MCP-capable client can drive Stack directly.
• Phantom integration — every secret lives in the local Phantom vault, read through a phm_ placeholder and resolved at stack exec time. Phantom Cloud push/pull for CI.
• Claude Code plugin — /stack:add, /stack:doctor, /stack:open, /stack:list, /stack:status available in-chat.
• CI scaffolding — stack ci init writes a GitHub Actions workflow that runs stack doctor --json on every push and nightly.
• Cross-project registry — ~/.stack/projects.json tracks every .stack.toml on the machine; stack doctor --all runs healthchecks across all of them.
• 97 tests passing across the core, CLI, and MCP packages.
• Marketing + docs surface at stack.ashlr.ai — homepage, 10 docs pages, sitemap, llms.txt + llms-full.txt, JSON-LD schemas.

In progress

• OAuth app registrations — we've filed with most providers; approval times vary from a week (Linear, PostHog) to a month (Stripe, AWS). As each lands, the provider flips from authKind: "pat" to "oauth_pkce" with no CLI surface change.
• Phantom Cloud team sync — today Phantom Cloud is single-user push/pull. The "team vault" primitive (shared secrets, RBAC, audit log) is in design. Target: v0.3.
• More providers — actively scoping Modal, Replicate, Fireworks, Weights & Biases, Datadog, New Relic, Mailchimp, Segment. Each lands behind a PR you can watch; rough cadence is 1–2 providers per week.
• Windows support — the core + CLI are Bun-native; Bun on Windows is close but not there. Until then, Stack works under WSL2. Full Windows is tracked behind the same flag Bun uses.
• Improved error messages — the v0.1 error surface is accurate but terse. We're rewriting every non-trivial error with a what happened · why · what to do triplet.
• Battle-testing — 97 tests cover the happy paths. We're pairing each provider with a recorded end-to-end test against a real sandbox account before we'd call the CLI "production-ready".

Considering

The triage list. These ideas have at least one user asking for them, but haven't been committed to a version yet. Loud votes (issues, comments, DMs) move them up.

• Template registry — install community templates with stack init --template github.com/<owner>/<repo>. The schema is already per-template-compatible; the missing piece is signing / trust.
• Opt-in anonymous telemetry — only if we can publish a live dashboard of every event we emit, and every event is defensible. The default will stay off forever.
• Provider plugins — a third-party publishing surface so providers we don't curate can ship as standalone packages. Today the 23-provider list is hand-curated; a plugin API would let us stop being the bottleneck.
• Upstream resource migration — today Stack can provision new resources but not migrate existing ones between providers (e.g. Neon → Supabase). Scoped, not started.
• TUI dashboard — stack dash as a Bubble Tea-style full-screen monitor: provider status, MCP server health, Phantom Cloud sync state. Nice-to-have, not load-bearing.
• `stack costs` — surface each provider's current usage + spend via their billing APIs, rolled up per project.

Explicitly not doing

The honest no-list. These aren't things we haven't gotten to — they're things we've decided against, with reasons.

• Replacing Phantom — we're not building a secret manager. Phantom exists, it's good, and adding a second vault would double the attack surface for no user benefit. If you have 1Password / Doppler / Infisical, we want Phantom Cloud to sync to them, not replace them.
• Multi-cloud deploy abstractions — we're not building another layer on top of Vercel/Railway/Fly. Each deploy target's opinionated workflow is a feature, not a bug. Stack wires the auth and the environment; the deploy target owns the deploy.
• A hosted control plane — Stack is a local CLI. There is no stack.ashlr.ai-hosted "dashboard" coming. Your project state lives in .stack.toml; your secrets live in Phantom; everything else is the provider's own dashboard.
• Yet another config format — .stack.toml is TOML because TOML is boring, readable, and already in every developer's mental model. No YAML, no custom DSL, no JSONC.
• A UI for Phantom — Phantom ships its own TUI and web UI. We'd rather ship a deep integration than a shallow fork.
• Replacing package.json / Cargo.toml — Stack wires services, not language toolchains. Bun, npm, uv, cargo, and go own their own surfaces.

Versioning

The 0.x window reserves the right to make breaking changes to the CLI surface with a one-minor-version deprecation warning. At 1.0, semver kicks in: new commands are minor, renames or removals are major. Data-model changes (.stack.toml, .stack.local.toml, .mcp.json schema) are already stable and will auto-migrate across versions.

Timelines on this page are targets, not commitments. If a thing is important enough to block your usage, open an issue — the roadmap reshuffles itself around real users.