docs: clean up TODO, draft v1.1.0 and v2.0.0 roadmap

Remove shipped items from backlog (waves 3-4, SASL, rate limiting, IRCv3, channel management, state persistence, data update script). Draft v1.1.0 (hardening + wave 5 plugins) and v2.0.0 (multi-server + stable API) milestones. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 03:12:56 +01:00
parent f86cd1ad49
commit f1d4975a4a
2 changed files with 24 additions and 30 deletions
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -59,9 +59,26 @@

 ## v1.0.0 -- Stable (done)

- [ ] Multi-server support
 - [x] IRCv3 capability negotiation (CAP LS 302)
 - [x] Message tags support (IRCv3 @tags parsing)
- [ ] Stable plugin API (versioned)
 - [x] Channel management commands (kick, ban, unban, topic, mode)
 - [x] Plugin state persistence (SQLite key-value store)
+
+## v1.1.0 -- Hardening + Wave 5 Plugins
+
+- [ ] Message truncation for IRC 512-byte limit
+- [ ] Configurable reconnect backoff (exponential)
+- [ ] Per-channel plugin enable/disable
+- [ ] Integration tests with mock IRC server
+- [ ] Bot orchestrator + config merge tests
+- [ ] `username` plugin (cross-platform username enumeration)
+- [ ] `wayback` plugin (Wayback Machine snapshot lookup)
+- [ ] `dork` plugin (Google dork query builder)
+
+## v2.0.0 -- Multi-Server + Stable API
+
+- [ ] Multi-server support (per-server config, shared plugins)
+- [ ] Stable plugin API (versioned, breaking change policy)
+- [ ] Structured logging (JSON output option)
+- [ ] `emailcheck` plugin (SMTP VRFY/RCPT TO)
+- [ ] `canary` plugin (canary token generator/tracker)
--- a/TODO.md
+++ b/TODO.md
@@ -1,21 +1,7 @@
 # derp - Backlog

-## Wave 3 Plugins (local databases) -- CURRENT
+## Plugins

- [ ] `geoip` -- GeoLite2-City mmdb (requires `maxminddb`)
- [ ] `asn` -- GeoLite2-ASN mmdb (same package)
- [ ] `torcheck` -- local Tor exit node list, daily refresh
- [ ] `iprep` -- Firehol/Emerging Threats blocklist feeds
- [ ] `cve` -- local NVD JSON feed mirror
-
-## Wave 4 Plugins (advanced)
-
- [ ] `opslog` -- timestamped operational notes (SQLite)
- [ ] `note` -- per-channel persistent key-value store
- [ ] `subdomain` -- crt.sh + wordlist DNS brute force
- [ ] `headers` -- HTTP header fingerprinting with local sigs
- [ ] `exploitdb` -- local exploit-db CSV search
- [ ] `payload` -- SQLi/XSS/SSTI template library
 - [ ] `username` -- cross-platform username enumeration
 - [ ] `emailcheck` -- SMTP VRFY/RCPT TO verification
 - [ ] `dork` -- Google dork query builder
@@ -24,22 +10,12 @@

 ## Bot Features

- [x] SASL PLAIN authentication
- [x] Rate limiting (anti-flood, token bucket)
- [x] CTCP responses (VERSION, TIME, PING)
- [x] Admin/owner permission system (hostmask-based)
 - [ ] Per-channel plugin enable/disable
- [ ] Channel management commands (kick, ban, topic)
 - [ ] Multi-server support
- [ ] IRCv3 capability negotiation
-
-## Improvements
-
- [ ] Structured logging (JSON output option)
- [ ] Plugin state persistence (SQLite backend)
- [ ] Configurable reconnect backoff (exponential)
+- [ ] Stable plugin API (versioned)
 - [ ] Message truncation for IRC 512-byte limit
- [ ] Data update script for local databases (cron-friendly)
+- [ ] Configurable reconnect backoff (exponential)
+- [ ] Structured logging (JSON output option)

 ## Testing

@@ -47,3 +23,4 @@
 - [ ] Bot orchestrator unit tests
 - [ ] Config merge edge case tests
 - [ ] Plugin command tests (encode, hash, dns, etc.)
+- [ ] CAP negotiation tests (mock connection)