Skip to content

v1.1 Release Roadmap — sequencing, waves & critical path #264

Description

@VijitSingh97

Single source of truth for the v1.1 release plan. This issue sequences the milestone v1.1 work into ordered waves so humans and agents can see what to do next and why, not just what's left. The milestone says what ships in 1.1; this issue says in what order and what blocks what. (Same format as the v1.0 roadmap #167.)

How to use this

  • Pick up the lowest-numbered wave with unfinished work. Within a wave, follow the listed order (it encodes intra-wave dependencies).
  • Every issue carries a wave-N-* label, so you can query directly, e.g. is:open is:issue milestone:v1.1 label:wave-4-dashboard.
  • Check the box here when an issue closes (GitHub keeps the cross-references live).

Status (updated 2026-06-29): All feature, privacy, hardening, and security-validation work is DONE — only launch polish (docs + assets) remains. The privacy spine is complete and live-validated on gouda: the Tor-default flips (#165/#166), the structural fail-closed egress firewall (#270 + follow-ups #276/#294, and now #291 on the upgrade path), the standing leak-check harness (#274), and every per-app leak fix (#271 Tari, #273 p2pool-coupling, #278 p2pool↔monerod). The #256 Tor-vs-clearnet benchmark is CLOSED (PR #293): steady-state mining over Tor costs ~10% p2pool yield with 0 rejects, so Tor stays the default, and with it the #160 privacy epic is CLOSED. The last dashboard surface is final: #170 Component Health panel CLOSED (PRs #308/#312), #263 XvB auto-register CLOSED (PR #317), #295 Tari-status dead code CLOSED (PR #318). Wave 5 hardening is done — #255/#91 non-root + security follow-ups CLOSED (PR #320). Licensing is in — #259 CLOSED (PR #319). Waves 1, 2, 4, 5, and 7 are all complete. UPDATE 2026-06-30 — the last three launch-polish issues have landed and are now CLOSED: #258 AI-voice docs pass (PR #325), #257 Gupax FAQ rewrite (docs/faq.md matches gupax-io/gupax), and #80 launch assets (PR #229 — hero + per-view PNGs and images/launch/demo.gif, repo About set). The optional #206 tier-4 e2e validation is CLOSED (PR #322). Wave 3 (stratum #208/#261) moved to v1.5 — see "Explicitly NOT in v1.1". v1.1 is code- and docs-complete. The only remaining non-code step is uploading the social-preview image in repo Settings → General. Next action: tag v1.1 (merge developmain), then close this tracker and the milestone as the final release step.

Branching: v1.1 work lands on develop (the repo default); main stays at the released state and merges from develop only at release. See [[dev-branch-workflow]]. Validate a branch end-to-end on gouda with tests/integration/e2e.sh <branch> (lean by default).

The theme: v1.0 closed the privacy leaks; v1.1 makes "behind Tor" the default — and structural, then makes that posture visible. The hard part is done — the Tor default is proven (benchmark-gated), enforced at the network layer, and rendered on the dashboard. All that remains is launch polish (#80 + docs).


Critical path (what gates "can we ship 1.1?")

#165 + #166  Tor-default flips  ✅
        │
        ▼
#270 + #274  enforce + prove Tor-only egress (fail-closed)  ✅  (#271 #273 #276 #294 #278 #291 all fixed)
        │
        ▼
#256 benchmark Tor-vs-clearnet  ✅ CLOSED (PR #293) — Tor stays default (~10% yield cost, 0 rejects)
        │
        ▼
#160 privacy epic  ✅ CLOSED   ─►   #170 Component Health panel  ✅ CLOSED   ─►   #263 XvB auto-register  ✅ CLOSED
        │
        ▼
#259 licensing  ✅ CLOSED  (image publish unblocked, with #282)
        │
        ▼
#80 launch assets  ◄── UNBLOCKED (dashboard UI final)  ─►  land docs (#258, #257)  ─►  SHIP 1.1

Parallel tracks (off the critical path)

Everything left is independent launch polish — pick up in any order:


Wave 1 — Cleanup & test debt wave-1-cleanup ✅ DONE (PR #265 → develop)

Zero-dependency warm-ups. Self-contained, low-risk, parallelizable — cleared first.

Wave 2 — Privacy defaults wave-2-privacy ✅ DONE

Flip the yield-trade-off paths to Tor, then PROVE the whole stack is genuinely behind Tor before trusting the benchmark — and make it structural, not per-app config.

The flips — merged to develop:

Make "everything behind Tor" real + provable:

  1. Enforce Tor-only egress at the network layer (fail-closed) — stop relying on per-app config #270 — Enforce Tor-only egress at the network layer (fail-closed) — app containers get no clearnet route except the Tor SOCKS, so any per-app leak fails closed. Live-validated on gouda (clean all-Tor PASS).
  2. Promote bench-verify-egress.sh into the live harness as a standing no-clearnet-leak check #274 — Promote bench-verify-egress.sh to a standing harness check (PR feat(#274): standing no-clearnet-leak egress gate in the harness #288) — the --check phase now gates on 0 app clearnet connections; the proof of Enforce Tor-only egress at the network layer (fail-closed) — stop relying on per-app config #270.
  3. Tari (minotari) dials some peers over clearnet despite transport type = "tor" #271 — Tari dials some peers over clearnet despite type=tor (PR fix(privacy): route Tari clearnet peer dials through Tor SOCKS — genuinely behind Tor (#271) #285) — proxy_bypass_for_outbound_tcp=false routes every dial via Tor SOCKS; with Tari: eliminate clearnet DNS leaks (DNS seeds + Tari Pulse), fix misleading DoT comment #162's DNS sinkhole, Tari is fully Tor-only. (Upstream: Privacy: proxy_bypass_for_outbound_tcp defaults to true — a type = "tor" base node still direct-dials clearnet peers (leaks operator IP) tari-project/tari#7883, #7884.)
  4. p2pool flags silently dropped on a 'new compose + old image' partial update (#165 coupling) #273 — p2pool flags silently dropped on a stale-image partial update (PR fix(#273): fail-loud when a stale p2pool image drops the Tor flags #289) — pithead doctor now fails loudly when a stale image isn't applying --socks5.
  5. Benchmark Tor vs clearnet while mining (p2pool / monerod / Tari) — does steady-state mining lose yield over Tor? #256 — Benchmark Tor vs clearnet while miningCLOSED (PR feat(#256): autonomous Tor-vs-clearnet benchmark harness + finalized methodology #293) — ~10% p2pool yield cost over Tor, 0 rejects → Tor stays the default; results + raw data in docs/privacy.md.
  6. [Epic] Privacy: no clearnet egress outside Tor — close leaks + privacy-first defaults #160 — [Epic] Privacy: no clearnet egress outside Tor ✅ CLOSED — the structural guarantee (per-app Tor + Enforce Tor-only egress at the network layer (fail-closed) — stop relying on per-app config #270 fail-closed firewall) landed.
  7. Auto-transition clearnet initial sync back to Tor once synced (follow-up to #183) #234 — Auto-transition clearnet initial sync back to Tor once synced (follow-up to Feature: optional clearnet initial sync (Monero + Tari) then switch to Tor — default off, privacy-first #183) — the optional clearnet-IBD path flips itself back to Tor after sync.

Wave 3 — Stratum hardening wave-3-stratumMOVED TO v1.5

The miner↔stack auth/TLS pair (#208 stratum-auth default-on → #261 stratum-over-TLS) has been deferred to v1.5 (it's cross-repo with RigForge, which tracks the worker side under its own v1.5 milestone). Not a v1.1 deliverable — see "Explicitly NOT in v1.1".

Wave 4 — Dashboard observability & XvB wave-4-dashboard ✅ DONE

The screenshot surface. All landed — the dashboard UI is now final, which unblocks #80.

Wave 5 — Container & infra hardening wave-5-hardening

Lower-priority hardening; runs in parallel. None block the tag.

Wave 6 — Docs & launch wave-6-release ⬅ FINISH LINE

Independent docs land any time; #80 is the last gated item — and it's now unblocked.

Wave 7 — Tooling & code health wave-7-tooling ✅ COMPLETE (parallel track, after Wave 2)

Every file surface under a linter + formatter + CI gate (glued by pre-commit), plus the supply-chain gaps closed. Epic: #279.

  1. tooling: Python lint + format with ruff (+ .editorconfig, pre-commit) #280 — Python lint + format with ruff (+ .editorconfig, pre-commit) — the foundation the rest plugs into.
  2. tooling: round out per-surface lint/format (shfmt, Biome, yamllint, markdownlint, buf) #281 — Round out per-surface lint/formatshfmt (shell), Biome (JS/CSS/JSON), yamllint, markdownlint + lychee (docs), buf (proto).
  3. tooling: supply-chain & secrets hardening (gitleaks, Dependabot, Trivy, SHA-pinned actions + zizmor) #282 — Supply-chain & secrets hardening — gitleaks, Dependabot (pip/actions/docker), Trivy image scan, SHA-pinned actions + zizmor. Lands before v1.1 images publish (with Licensing hygiene: third-party attribution + GPLv3 compliance for published images #259).
  4. tooling: reproducible Python builds with uv + uv.lock #283 — Reproducible Python buildsuv + hashed uv.lock across Dockerfile/CI/release.
  5. tooling: correctness — hypothesis property tests + ruff ANN→ty roadmap #284 — Correctnesshypothesis property tests for the money/numeric logic; ruff ANNty roadmap (deferred — not a v1.1 blocker).
  6. tooling: adopt RigForge's CI best practices (diff-cover patch coverage + checksum-verified pinned tool installs) #286 — Adopt RigForge's CI best practicesdiff-cover patch-coverage gate + checksum-verified pinned tool installs.
  7. governance: add a Contributor License Agreement (CLA) for inbound contributions #292 — Governance: Contributor License Agreement / DCO — inbound-contribution IP terms enforced on every PR. Org-wide trio with rigforge#119 and p2pool-starter-stack.github.ioImprove Readme to highlight Sync Mode #10.

Cross-issue dependencies (live)

This… …waits for Status
#256 (benchmark) #270 + #274 + #272 + #278 ✅ all merged; #256 closed (PR #293)
#160 (epic) #165 + #166 + #270 ✅ closed on the structural guarantee
#170 (Component Health panel) #165 + #166 + #270 ✅ closed (reflects final all-Tor posture)
#263 (XvB auto-register) ✅ closed (PR #317); reused v1.0 Tor SOCKS infra (#163)
v1.1 image publish #259 (licensing) + #282 ✅ both merged — publish unblocked
#80 (launch assets) #170 ✅ + #263 ✅; land #258/#257 first UNBLOCKED — dashboard UI final; capture after docs

Cross-repo companions (RigForge + website)

v1.1 (this release — ships in lockstep with RigForge v1.1):

Website (p2pool-starter-stack.github.io, "site#" below) — v1.1, mostly Wave-7 companions:

Explicitly NOT in v1.1 (later milestones)

Metadata

Metadata

Assignees

No one assigned

    Labels

    infraDeployment, packaging, releases

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions