Product roadmap
What we have built and what is next.
DataVibe is an AI execution security platform. This roadmap tracks where the enforcement plane, enterprise controls, and integrations are heading. Updated each quarter.
Subject to change. Enterprise customers influence roadmap priority — contact us for details.
Gate interception engine v1
Pre-dispatch interception for AI outbound. POST /v1/gate/outbound, policy scan, BLOCKED/QUEUED/SENT decision.
Deterministic policy compiler
Declarative-only policy bundles. No user code, no eval. SHA-256 hash per bundle version for deterministic replay.
Human-in-the-loop approval queue
Dashboard queue with one-click approve/reject, reviewer notes, Slack + Teams notification channels.
Tamper-evident audit chain
SHA-256 hash chain on every gate decision and reviewer action. Verify-chain endpoint for SOC2 auditors.
Workspace RBAC v2
Full workspace-scoped role hierarchy: OWNER, ADMIN, REVIEWER, DEVELOPER. Tenant isolation verified across all 24 workspace-scoped tables.
Stripe billing + bundle lifecycle
Subscription-governed policy bundles. Checkout, metered usage, grace window, reactivation, idempotent webhook handling.
MFA step-up authentication
TOTP-based MFA (otplib + AES-256-GCM encrypted secrets). Step-up required for gate approvals and policy publish.
SSE real-time notifications (Redis pubsub)
Zero-polling notification delivery via Upstash Redis pub/sub. Scales to 1000+ concurrent dashboard users.
Policy simulation studio
Drag-and-drop policy bundle composition with live simulation. Compare balanced vs strict profiles side-by-side.
AI SDR Guardrails pack
Pre-built policy bundle: pricing hallucination, competitor mention, guarantee claims, tone violations. Default simulator bundle.
Support bot safety pack
Pre-built policy for AI customer support: refund commitments, legal opinions, PII echo, unauthorized discounts.
OpenTelemetry distributed tracing
OTLP exporter for FastAPI + asyncpg + httpx. W3C traceparent propagated from dashboard to Core API.
SLA enforcement + escalation
Per-workspace SLA config (warn/breach thresholds). Auto-escalation notifications. Reviewer efficiency dashboard.
Docker full-stack dev environment
docker-compose.dev.yml with all 4 services. Dashboard Dockerfile (dev + production targets).
SOC2 Type I evidence package
Control list, policy audit log CSV, audit chain export, management assertion letter. Request-a-copy flow live.
Cross-language policy determinism tests
Vitest + pytest fixtures proving Python scanner and TypeScript compiler produce identical SHA-256 output for same input.
k6 load test baseline
Sustained (50 VU), spike (500 VU), SSE concurrency (200 streams) tests with committed result artifacts.
Native Python SDK
pip install datavibe + @datavibe.cc/sdk on npm. CI publish on sdk-v* / py-v* tags.
DataVibe MCP server
@datavibe/mcp-server — gate_check, queue_list, queue_approve for Claude/Cursor.
SCIM v2 user provisioning
RFC 7644 /scim/v2 with workspace bearer tokens. Okta + Azure AD guides.
LangChain + LangGraph integration
wrapTool helpers in SDK + /docs/integration/langchain.
Streaming gate (beta)
POST /v1/gate/stream — progressive NDJSON chunk scan.
Semantic scanner (async)
enable_semantic_scanner flag — advisory metadata, not on gate hot path.
BAA template (HIPAA)
Signed Business Associate Agreement available to Enterprise customers on request. Standard template + e-sign flow.
Slack bot approval (native)
Approve or reject gate submissions directly from a Slack message — no dashboard login required for the reviewer.
Edge gateway regional deployments
Deploy the interception plane to EU-West and AP-Southeast Vercel Edge regions for data residency compliance.
Red-team engine (LLM-driven)
Automated adversarial payload generation via Claude. Probes your policy bundle for bypass vulnerabilities on a schedule.