Skip to main content

Roadmap

OSAPI aims to be a comprehensive Linux system management API. This page documents what exists today and where the project is headed, organized by priority tier.

Current Capabilities

These features are implemented and available today. See Features for detailed documentation on each.

  • System Management — hostname, status, uptime, OS info, disk, memory, load
  • Network Management — DNS get/update, ping
  • Job System — async job processing via NATS JetStream with KV-first architecture, broadcast/load-balanced/label-based routing
  • Health Checks — liveness, readiness, system status with component metrics
  • Audit Logging — structured API operation audit trail stored in NATS KV with 30-day retention, export, admin-only access
  • Authentication & RBAC — JWT bearer tokens with HS256 signing, fine-grained resource:verb permissions, built-in roles (admin/write/read), custom roles, and direct permission grants
  • Metrics — Prometheus endpoint (/metrics)
  • Distributed Tracing — OpenTelemetry with stdout and OTLP exporters, trace context propagation across HTTP and NATS
  • Namespace support — multi-tenant NATS subject and infrastructure prefixing for shared clusters
  • CLI — full parity with the REST API, --json output on all commands

Individual task tracking for planned features is in the Task Backlog.

Tier 1 — Core Appliance

The minimum feature set to be taken seriously as an OS management API.

FeatureDescriptionAnsible Equivalent
Service managementsystemctl start/stop/restart/enable/disableservice, systemd
Package managementInstall, remove, update packagesapt, yum, package
User/group managementCreate, modify, delete users and groupsuser, group
Power managementShutdown, reboot (with delay/scheduling)reboot
Hostname setSet hostname (complement existing get)hostname

Tier 2 — Security & Networking

What makes OSAPI production-ready and secure.

FeatureDescriptionAnsible Equivalent
Firewall managementufw/nftables rule managementufw, firewalld
Network interfacesIP config, routing, interface up/downnmcli
SSH key managementAuthorized key management per userauthorized_key
TLS certificatesCertificate install, CSR, CA trust storeopenssl_certificate
SELinux/AppArmorSecurity policy mode and profilesselinux

Tier 3 — Operations & Observability

What makes OSAPI useful for day-to-day operations.

FeatureDescriptionAnsible Equivalent
File managementRead, write, lineinfile, permissionsfile, copy, lineinfile
Command executionAd-hoc command/shell executioncommand, shell
Process managementList, inspect, signal processes
Log viewingQuery systemd journal and syslog
NTP/time managementNTP sync, timezone configurationchrony, timezone
System updatesCheck and apply OS patchesapt upgrade
Sysctl/kernel paramsQuery and tune kernel parameterssysctl

Tier 4 — Advanced

Differentiators for fleet management and enterprise use.

FeatureDescriptionAnsible Equivalent
System facts/inventoryComprehensive hardware/OS/network factssetup
Storage managementLVM, mounts, SMART healthlvol, mount
Cron/schedulingScheduled task managementcron

Implementation Pattern

Each new feature follows the same architecture:

  1. Provider interface + platform implementations
  2. Job operation types and subject routing
  3. Worker processor dispatch
  4. Job client methods
  5. OpenAPI spec with strict-server + BearerAuth
  6. API handler with scope middleware
  7. CLI commands with --json output
  8. Tests (provider, client, handler, integration)

See Architecture for the system overview, and Job Architecture for the provider and worker pipeline.

Contributing

Want to pick up a feature from the roadmap? Start with the Contributing guide, then:

  1. Open an issue or discussion to claim the feature
  2. Follow the implementation pattern above
  3. Submit a PR with tests and documentation

Lower-tier features are higher priority, but contributions at any tier are welcome.