R
FrostVault
Inventory System

Development Roadmap

Frost Vault is being built deliberately. This roadmap reflects our actual development status—not promises. We prioritize correctness, auditability, and enforceable boundaries before declaring features complete.

Done
In Progress
Planned
Current Phase: Foundation & UI Stabilization

Frost Vault has completed its foundational infrastructure—authentication, database schema, and GraphQL API are operational. The team is currently stabilizing the Admin dashboard and Developer panel UI while the borrow and maintenance backend logic is in place. The next major focus is enforcing role-based authorization at the server level and building audit trail capabilities.

Philosophy: We do not rush to ship. Each phase delivers verifiable, testable value with proper guards in place before moving forward.

Phase Breakdown

0Phase 0 – Foundation
  • Done
    Database schema with Prisma

    Multi-tenant schema with User, Equipment, MaintenanceLog, UsageLog models

  • Done
    Authentication flows (NextAuth v5)

    All roles: Admin, Developer, Tenant Owner, Employee

  • Done
    GraphQL endpoint setup

    Apollo Server with base resolvers and schema

  • Done
    Design system and component library

    Mood board, color palette, UI primitives with shadcn/ui

  • Done
    Equipment, User, MaintenanceLog, UsageLog models
  • Done
    Basic seeding and test users
1Phase 1 – Role & UI Stabilization
  • In Progress
    Finalize Admin dashboard UI

    User management, equipment overview, system settings

  • In Progress
    Complete Developer panel

    Read-only, ID-based access for technical troubleshooting

  • In Progress
    Stabilize Borrow & Maintenance UI pages

    Backend logic exists, frontend refinement in progress

  • Planned
    Ensure consistent component usage

    Across all role-specific pages

  • Planned
    Navigation structure finalization
2Phase 2 – Authorization & Audit Core
  • Planned
    Server-side role guards

    GraphQL resolvers + middleware enforcement

  • Planned
    Tenant isolation at resolver level

    Prevent cross-tenant data access

  • Planned
    Audit trail system

    Append-only, immutable logs for critical actions

  • Planned
    Role-specific dashboards

    Tenant Owner and Employee views

  • Planned
    Session timeout and unauthorized handling
  • Planned
    Unit and integration tests for authorization
3Phase 3 – Export & Pricing Enforcement
  • Planned
    Tier-based history limits

    Tier 1: 90 days, Tier 2: 1 year, Tier 3: unlimited

  • Planned
    CSV export (Tier 2+)

    Max 5,000 rows, respects UI filters

  • Planned
    Excel export (Tier 3+)

    Formatted reports, max 25,000 rows

  • Planned
    Custom layout export (Custom tier)

    Branded exports with logo and custom headers

  • Planned
    Server-side tier validation

    Block (not truncate) attempts to exceed limits

  • Planned
    Export acceptance testing
4Phase 4 – Mobile UX & Performance
  • Planned
    Mobile-first caching strategy

    Read-heavy views with short TTLs

  • Planned
    Mobile confirmation flows

    Explicit confirmation for write actions

  • Planned
    Page load optimization

    Target < 3 seconds on 3G

  • Planned
    Offline mode (read-only)

    Disable write actions when offline

  • Planned
    Mobile UI guard enforcement

    Ensure mobile never bypasses authorization

5Phase 5 – Public Pages & Positioning
  • Done
    About page

    Product story, team, mission

  • Planned
    Pricing page

    Tier comparison and feature matrix

  • Planned
    Navigation structure

    Public vs authenticated routing

  • Planned
    Landing page updates

    Product positioning and value proposition

6Phase 6 – QA & Release Readiness
  • Planned
    User Acceptance Testing (UAT)

    Full feature coverage with real users

  • Planned
    Export acceptance testing

    Verify all tiers and row limits

  • Planned
    End-to-end tests (Playwright)
  • Planned
    Security audit

    Role enforcement and tenant isolation verification

  • Planned
    Performance benchmarking
  • Planned
    Documentation finalization
  • Planned
    Go/No-Go decision
Explicitly Out of Scope

The following features are intentionally deferred and not part of the MVP or near-term roadmap. Frost Vault focuses on core value: preventing equipment loss and ensuring accountability.

  • Payments & billing integration
  • Third-party integrations (Slack, Google Sheets, etc.)
  • Single Sign-On (SSO) / SAML authentication
  • Public API access (read or write)
  • Approval workflows
  • Automated scheduling (maintenance reminders, etc.)
  • Cross-tenant reporting
  • Real-time notifications (WebSocket/push)
Roadmap Principles

Honesty First

We do not overpromise. Features are marked as "planned" until verified in production.

Correctness Over Speed

We prioritize enforceable boundaries and auditability before feature expansion.

Tier Discipline

All tier-based features are enforced server-side. UI visibility does not imply permission.

Mobile Accountability

Mobile UX must never bypass backend guards or authorization checks. Safety first.

Audit Readiness

All critical actions are logged immutably. Export operations do not modify state.

Incremental Delivery

Each phase delivers verifiable, testable value before moving to the next.

Built Deliberately, Delivered Honestly

Frost Vault is a revenue-generating SaaS product designed for small to medium institutions in the Philippines. It addresses equipment loss, accountability gaps, and audit readiness through a disciplined, tier-enforced approach.

Our commitment: We prioritize correctness, auditability, and enforceable tier boundaries before declaring MVP readiness. Enterprise features such as SSO, API access, and third-party integrations are intentionally deferred to maintain focus on core value.

Target MVP: Q3 2026