Merge pull request #4 from ruFFaa/patch-1

Update ROADMAP.md
approved

Author: SecureAgentTools

docs/ROADMAP.md

@@ -1,3 +1,4 @@
+
 # AgentVault Project Roadmap
 
 This document outlines the planned development phases and features for the AgentVault ecosystem. Our goal is to create a secure, interoperable, and easy-to-use platform for AI agent communication based on open standards like A2A and MCP concepts.
@@ -26,11 +27,6 @@ The AgentVault project has established a functional baseline across its core com
 1.  **Automation Scripts:**
     *   **TODO:** Finalize and test `automation_scripts/` (`av_create_package_agent`, `av_deploy_register_agent`, `av_find_run_task`). Ensure they work reliably with the latest components.
     *   **TODO:** Refine agent template generation (e.g., better `.env` setup based on selected options).
-2.  **Testing & Coverage:**
-    *   **TODO:** Implement CI workflow for running `pytest` across all components.
-    *   **TODO:** Integrate `pytest-cov` and add coverage reporting/thresholds to CI.
-    *   **TODO:** Increase test coverage, focusing on complex logic (client state machine, registry auth flows, SDK router edge cases, CLI interactions).
-    *   **TODO:** Add basic end-to-end tests (e.g., CLI -> Registry -> Mock Agent).
 3.  **Registry Enhancements:**
     *   **TODO:** Investigate and potentially optimize developer programmatic API key lookup performance if needed for scale.
     *   **TODO:** Implement email-based password reset flow (currently placeholder).
@@ -39,18 +35,38 @@ The AgentVault project has established a functional baseline across its core com
     *   **TODO:** Provide examples or interfaces for persistent `BaseTaskStore` implementations (e.g., Redis, SQL).
     *   **TODO:** Review and standardize error handling and logging across all components for consistency.
 5.  **Documentation Polish:**
-    *   **TODO:** Fill in remaining placeholders in policy documents (Contact emails).
     *   **TODO:** Add more diagrams where helpful (e.g., auth flows).
     *   **TODO:** Review all guides for clarity and accuracy against latest code.
 
 ## Future Considerations (Phase 3 & Beyond)
 
-*   **Multimodality (WebRTC):** Integrate `aiortc` for optional real-time audio/video streaming.
-*   **Deeper MCP Integration:** Align with finalized MCP specifications, provide SDK helpers.
-*   **TEE Attestation Verification:** Implement client-side verification of TEE attestations.
-*   **Registry Features:** Community reviews/ratings, usage analytics (opt-in), advanced search, key rotation.
-*   **Other Language SDKs/Libraries:** Explore SDKs for Node.js, Go, etc.
-*   **Security Audits:** Formal third-party security reviews.
+**Objective:** Expand AgentVault into a comprehensive, enterprise-ready platform for secure, scalable, and truly intelligent multi-agent collaboration across diverse environments.
+
+**Key Areas:**
+
+1.  **Federated Registry & Discovery:**
+    *   Design and implement protocols for secure, policy-based discovery between independent AgentVault Registry instances (private enterprise, partner, public).
+    *   Develop mechanisms for establishing and managing trust relationships between registries.
+    *   Enhance Agent Cards to support federation metadata and cross-domain policies.
+2.  **AgentVault Identity Fabric (Zero Trust IAM for Agents):**
+    *   **Goal:** Implement a robust, fine-grained Identity and Access Management system specifically for agents, complementing existing user IAM (like Entra ID).
+    *   **Agent Identity (SPIFFE/SPIRE):** Integrate SPIFFE/SPIRE for issuing verifiable, short-lived cryptographic identities (SVIDs) to agent workloads, enabling strong mTLS authentication for A2A.
+    *   **Capability-Based Authorization (OAuth2 Scopes/Token Exchange):** Define granular permission scopes based on agent capabilities (from Agent Cards). Implement OAuth 2.0 Token Exchange flows to issue delegated, capability-scoped tokens for agent interactions, enforcing the Principle of Least Privilege.
+    *   **Policy Engine Integration (OPA):** Integrate Open Policy Agent (OPA) for decoupled, dynamic authorization decisions based on agent identity, user context, requested capabilities, and custom enterprise policies (Rego).
+    *   **Secure Context Propagation:** Define standardized methods for securely passing necessary user and call-chain context between agents.
+    *   **Synergy:** This Identity Fabric provides the necessary security primitives for secure and scalable Federated Registry interactions.
+3.  **Enhanced A2A/MCP Capabilities:**
+    *   **Multimodality (WebRTC):** Integrate `aiortc` or similar libraries for optional real-time audio/video streaming capabilities within the A2A framework.
+    *   **Deeper MCP Integration:** Fully align with finalized Model Context Protocol specifications, providing robust SDK helpers for standardized tool use and context passing.
+4.  **Advanced Security & Trust:**
+    *   **TEE Attestation Verification:** Implement client-side cryptographic verification of Trusted Execution Environment attestations declared in Agent Cards.
+    *   **Key Rotation & Management:** Enhanced features for managing registry API keys and potentially agent-level credentials.
+    *   **Formal Security Audits:** Engage third-party experts for comprehensive security reviews of the core framework and protocols.
+5.  **Ecosystem & Usability:**
+    *   **Persistent Task Stores:** Provide robust, production-ready `BaseTaskStore` implementations (e.g., Redis, SQL database).
+    *   **UI Enhancements:** Improve Agent Builder capabilities, add registry analytics/monitoring dashboards.
+    *   **Other Language SDKs/Libraries:** Explore SDKs for other popular languages like Node.js, Go, etc., based on community demand.
+    *   **Community Features:** Implement features like agent reviews/ratings within the registry.
 
 ## Contributing