Roadmap
This roadmap is intentionally practical. It is organized around what most increases production trust and product value, not around speculative breadth.
Current Position
Spooky is strongest today as:
- an HTTP/3-first edge proxy
- a deterministic H3-to-H2 routing and balancing layer
- a proxy with strong resource-bound, teardown, and overload behavior
Spooky is not yet strongest today as:
- a dynamic control-plane-driven fleet proxy
- a broad protocol-compatibility proxy
- a full API gateway
- an extensible filter platform
Near-Term Priorities
These are the highest-value areas for the next phase of maturity.
1. Full Configuration Hot Reload
Add safe live update support for:
- listeners
- routes
- upstreams
- timeouts and limits
- resilience policies
- observability settings
2. Dynamic Config Safety
Add a stronger control-plane model with:
- validation before apply
- dry-run support
- config diff visibility
- atomic activation
- rollback to a known-good generation
3. Edge Runtime Refactor
Break the large edge runtime into smaller subsystems so future work is safer:
- ingress worker layer
- connection/CID management
- request validation
- routing and backend selection
- admission and overload control
- upstream dispatch
- response streaming
- drain and shutdown control
4. Security Hardening
Increase trust in the critical-path parser and protocol handling with:
- fuzzing
- deeper negative-case coverage
- tighter admin-plane guidance
- explicit trust-boundary validation
Medium-Term Priorities
These areas make Spooky far more competitive as a general production reverse proxy.
5. Broader Upstream Compatibility
- first-class upstream HTTP/1.1 support (shipped in v0.3.0-beta)
- better CONNECT handling
- broader WebSocket and upgrade support
6. Traffic-Management Depth
- weighted route splitting
- request mirroring
- richer release controls
- better policy-driven request routing
7. Operator Features
- first-class rate limiting
- stronger capacity guidance
- more complete runbooks and alerts
- better runtime visibility for why requests were shed, retried, or rerouted
8. Auth And Policy Features
- JWT validation
- external auth integration
- stronger route-level policy controls
Longer-Term Competitive Priorities
These areas are what move Spooky from “strong specialized edge proxy” toward “top-tier proxy platform.”
9. Discovery And Platform Integration
- richer service discovery beyond DNS refresh
- better Kubernetes-native deployment integration
- stronger fleet-management story
10. Extensibility
- a safe extension model
- clearer internal subsystem boundaries that make feature growth sustainable
11. Ecosystem Proof
- interoperability validation across more clients and upstream stacks
- broader production history
- stronger release-process guarantees
Non-Goals Today
The following are not current core strengths and should not be assumed:
- full service-mesh control-plane behavior
- built-in WAF capability
- full API-gateway parity with dedicated gateway products
- broad plugin ecosystem