Development Roadmap 2026

Vision & Principles

Vision: Create the most trusted, secure, and extensible local-first credential manager for developers working with AI tools.

Core Principles:

Security First: Never compromise security for convenience
Local-First Architecture: User data stays on their machine unless explicitly shared
Extensible by Design: Plugin system as the primary extension mechanism
Developer Experience: CLI-first with excellent ergonomics and clear error messages
Transparency: Clear documentation of limitations and security assumptions

Q1 2026 Mantra: “Build a rock-solid, extensible, trustworthy, and valuable tool. Community adoption will follow naturally if the tool proves useful.”

Q1 2026 Focus: Foundation & Trust

Primary Objective

Establish Nakimi as the most trustworthy credential manager for individual developers through technical excellence, security hardening, and core functionality expansion.

Key Focus Areas

1. Security Hardening (Trust)

Goal: Achieve security audit readiness
Deliverables:
- Comprehensive security documentation (threat model, attack surface analysis)
- Input validation for all user-facing interfaces
- Rate limiting for decryption attempts
- Secure logging (avoid sensitive data leakage)
- Memory safety improvements (mlock() usage documentation)

2. Test Coverage & Automation (Rock-Solid)

Goal: >85% test coverage with comprehensive CI/CD
Deliverables:
- Increase overall test coverage from 56% to 85%
- Implement GitHub Actions CI pipeline (test on Linux, macOS, Python 3.9-3.12)
- Add property-based testing for encryption/decryption functions
- Integration tests for edge cases and error conditions
- Performance benchmarking suite

3. Plugin Ecosystem (Extensible)

Goal: Demonstrate extensibility with 3+ production-ready plugins
Deliverables:
- GitHub Plugin: Read repository secrets, manage access tokens
- Calendar Plugin: Secure calendar access (Google Calendar, Outlook)
- AI Tools Plugin: Unified credential management for OpenAI, Anthropic, etc.
- Plugin development guide and template
- Plugin validation and security review process

4. Core Improvements (Valuable)

Goal: Significantly improve user experience and reliability
Deliverables:
- Windows support documentation and testing
- Shell completion (bash, zsh, fish)
- Improved error messages with suggested fixes
- Configuration management improvements
- Performance optimizations for large secret sets

Q1 2026 Timeline

February 2026: Security & Testing Foundation

Week 1-2: Security audit preparation
- Complete threat model documentation
- Implement comprehensive input validation
- Add rate limiting for sensitive operations
Week 3-4: Test coverage improvements
- Increase CLI test coverage to >80%
- Add property-based tests for core vault operations
- Create performance benchmarking suite

March 2026: Plugin Development

Week 1-2: GitHub plugin implementation
- Read repository secrets and environment variables
- Manage personal access tokens
- Secure caching of API responses
Week 3-4: Calendar plugin implementation
- Google Calendar integration
- Secure event access and modifications
- Time-based secret rotation support

April 2026: Polish & Automation

Week 1-2: CI/CD implementation
- GitHub Actions workflow for testing
- Automated release process
- Dependency vulnerability scanning
Week 3-4: User experience improvements
- Shell completion implementation
- Windows support validation
- Error message overhaul

Q2 2026: Maturity & Polish

Primary Objective

Transition from “promising new tool” to “mature, reliable solution” with improved documentation, performance, and integration capabilities.

Key Initiatives

1. Documentation Excellence

Complete API reference documentation
Video tutorials and screencasts
Troubleshooting guide for common issues
Security best practices guide

2. Performance Optimization

Benchmark and optimize large-scale operations
Memory usage improvements
Startup time optimizations
Parallel processing for batch operations

3. Integration Ecosystem

IDE integrations (VS Code, PyCharm)
Browser extension for credential injection
Git hook integrations for secret rotation
Docker container support

4. Advanced Features

Time-based secret rotation
Secret versioning and rollback
Audit logging
Backup and recovery tools

Q3 2026: Scaling & Community

Primary Objective

Prepare for organic community growth while maintaining quality and security standards.

Key Initiatives

1. Community Infrastructure

GitHub Discussions for Q&A
Contribution guidelines and templates
Plugin marketplace concept
Security vulnerability reporting process

2. Advanced Security Features

Hardware key integration (YubiKey, SoloKey)
Multi-factor authentication support
Secret sharing with expiration
Compliance reporting (SOC2, GDPR readiness)

3. Enterprise Readiness

Team collaboration features
Role-based access control
Centralized configuration management
Deployment guides for organizations

Q4 2026: Sustainability & Growth

Primary Objective

Establish sustainable development practices and prepare for 2027 roadmap.

Key Initiatives

1. Sustainability Planning

Maintainer onboarding process
Funding model exploration (Open Collective, GitHub Sponsors)
Long-term maintenance commitment statement
Succession planning documentation

2. Ecosystem Growth

Partner integrations
Conference talks and workshops
Case studies and user testimonials
Academic research collaboration

3. Innovation

Research new encryption methods
Explore decentralized secret sharing
AI-assisted secret management
Cross-platform mobile companion app

Success Metrics

Technical Metrics (Q1 2026 Targets)

Test coverage: >85% overall
Security vulnerabilities: 0 critical/high
CI/CD pipeline: 100% automated testing
Plugin count: 3+ production-ready plugins
Performance: <100ms for common operations

User Experience Metrics

Installation success rate: >95% on first attempt
Error resolution: Clear guidance for common errors
Documentation completeness: All features documented
User satisfaction: Positive initial feedback

Community Metrics (Long-term)

GitHub stars: Organic growth
Issue resolution time: <48 hours for critical issues
Contributor count: Gradual increase
Plugin ecosystem: Community-contributed plugins

Risks & Mitigations

Technical Risks

Project Risks

Community Risks

Decision Making Framework

Priority Categories

Security Issues: Immediate attention, highest priority
Critical Bugs: Fix within 48 hours
Feature Requests: Evaluate against vision and principles
Documentation: As important as code
Nice-to-Haves: Postponed until core is solid

Evaluation Criteria for New Features

Does this align with our vision and principles?
Does this improve security or trust?
Does this make the tool more valuable for our target audience?
Can this be implemented as a plugin?
What is the maintenance burden?

Saying “No” Gracefully

“This doesn’t align with our current focus on security and extensibility.”
“This would be better implemented as a plugin.”
“Let’s revisit this once our foundation is more solid.”
“This conflicts with our local-first architecture principle.”

Contributing to the Roadmap

This is a living document. Priorities may shift based on:

User feedback and usage patterns
Security research and vulnerabilities
Changes in the AI tool landscape
Contributor availability and interests

Feedback Welcome: Open issues or discussions with roadmap suggestions, always referencing our vision and principles.

Roadmap created: 2026-02-01
Next review: 2026-04-01 (Q1 completion assessment)