Docs/ROADMAP.md

# Roadmap

## Current Starting Point

- Date: `2026-03-12`
- Product state: `Frozen MVP complete`
- Validation state: `Internal beta passed with conditions on 2026-03-07`
- Immediate priorities:
  - turn `Apps` review-only evidence into verifiable and comparable uninstall evidence
  - expand `Smart Clean` safe coverage only on the next high-confidence roots
  - harden `Recovery` payload compatibility and restore evidence after execution boundaries stabilize
  - keep release-readiness work behind the product-path epics until signing materials exist
- Release-path blocker:
  - no Apple signing and notarization credentials are available on the current machine

## Roadmap Guardrails

- Keep scope inside the frozen MVP modules:
  - `Overview`
  - `Smart Clean`
  - `Apps`
  - `History`
  - `Recovery`
  - `Permissions`
  - `Settings`
- Do not pull `Storage treemap`, `Menu Bar`, or `Automation` into this roadmap.
- Respond to competitor pressure by deepening the frozen MVP flows rather than adding new surfaces for parity theater.
- Treat trust and recovery honesty as release-critical product work, not polish.
- Keep direct distribution as the only eventual release route.
- Do not plan around public beta dates until signing credentials exist.

## Competitive Strategy Overlay

- Primary breadth comparison pressure comes from `Mole` and `Tencent Lemon Cleaner`.
- Primary `Apps` comparison pressure comes from `Pearcleaner` and `Tencent Lemon Cleaner`.
- Atlas should compete as an `explainable, recovery-first Mac maintenance workspace`, not as a generic all-in-one cleaner.
- The roadmap response is:
  - preserve trust as the primary release gate
  - deepen the `Apps` module first where `Pearcleaner` and `Lemon` set expectations
  - then close the most visible `Smart Clean` safe-coverage gaps users compare against `Mole` and `Lemon`
  - harden `Recovery` only after execution boundaries and evidence models are stable
  - treat release readiness as the final convergence step because signing materials, not packaging mechanics, remain the public-release blocker
  - keep `Storage treemap`, `Menu Bar`, and `Automation` out of scope

## Active Milestones

### Milestone 1: Internal Beta Hardening

- Dates: `2026-03-16` to `2026-03-28`
- Goal: harden the current internal-beta build until user-visible execution and recovery claims are defensible.
- Focus:
  - remove or explicitly development-gate silent XPC fallback
  - show explicit failure states when real worker execution is unavailable
  - rerun bilingual manual QA on a clean machine
  - verify packaged first-launch behavior with a fresh state file
  - tighten README, in-app copy, and help content where recovery or execution is overstated
- Exit criteria:
  - internal beta checklist rerun against the latest packaged build
  - unsupported execution paths fail clearly instead of appearing successful
  - recovery wording matches the shipped restore behavior

### Milestone 2: Apps Evidence Execution

- Dates: `2026-03-31` to `2026-04-11`
- Goal: turn `Apps` review-only evidence from merely visible into verifiable, comparable, and recoverably consistent.
- Focus:
  - define the fixture app baseline for mainstream and developer-heavy uninstall scenarios
  - make preview, completion, and history reflect the same uninstall evidence model
  - define the restore-triggered app-footprint refresh strategy and stale-evidence handling
  - script the manual acceptance flow for uninstall evidence and restore verification
- Exit criteria:
  - supported fixture apps produce consistent evidence across preview, completion, and history
  - restore follows a defined footprint refresh path or shows explicit stale-evidence state
  - the `Apps` acceptance path is scriptable and repeatable

### Milestone 3: Smart Clean Safe Coverage Expansion

- Dates: `2026-04-14` to `2026-05-02`
- Goal: expand only the next batch of high-confidence safe cleanup roots and prove real side effects without widening into high-risk cleanup.
- Focus:
  - add the next safe roots outside app containers
  - stabilize the `review-only` vs `executable` boundary across scan, review, execute, completion, and history
  - strengthen the `scan -> execute -> rescan` evidence chain for the expanded safe roots
  - keep unsupported or high-risk paths explicitly non-executable
- Exit criteria:
  - newly supported safe roots show real post-execution rescan improvement
  - unsupported roots remain clearly marked as `review-only`
  - release-facing surfaces distinguish supported and unsupported execution scope without ambiguity

### Milestone 4: Recovery Payload Hardening

- Dates: `2026-05-05` to `2026-05-23`
- Goal: make recovery state structurally stable, backward-compatible, and historically trustworthy.
- Focus:
  - stabilize the recovery payload schema and versioning contract
  - add migration and compatibility handling for older workspace and history state files
  - deepen `History` detail evidence for restore payloads, conflicts, expiry, and partial restore outcomes
  - add regression coverage for conflict, expired payload, and partial-restore scenarios
- Exit criteria:
  - recovery payloads follow a stable versioned schema
  - older state files migrate cleanly or fail with explicit compatibility behavior
  - `History` detail can explain real restore evidence and degraded outcomes
  - regression coverage exists for the main restore edge cases

### Milestone 5: Release Readiness

- Dates: `2026-05-26` to `2026-06-13`
- Goal: turn the stabilized product path into a repeatable release candidate process, then switch to the signing chain when credentials exist.
- Focus:
  - make `full-acceptance` a routine gate on candidate builds
  - stabilize UI automation for trust-critical MVP flows
  - freeze packaging, install, and launch smoke checks as repeatable release scripts
  - switch from the pre-signing release chain to `Developer ID + notarization` once credentials become available
- Exit criteria:
  - `full-acceptance` runs routinely on candidate builds
  - trust-critical UI automation is stable enough for release gating
  - packaging, install, and launch smoke checks are repeatable
  - the signed chain either passes with credentials present or remains explicitly blocked only by missing credentials

## Conditional Release Branch

These milestones do not start until Milestone `5` is complete and Apple release credentials are available.

### Conditional Milestone A: Signed External Beta Candidate

- Trigger:
  - Milestones `1` through `5` are complete
  - `Developer ID Application` is available
  - `Developer ID Installer` is available
  - `ATLAS_NOTARY_PROFILE` is available
- Goal: produce a signed and notarized external beta candidate.
- Focus:
  - rerun the release scripts on the signed chain
  - validate signed `.app`, `.dmg`, and `.pkg` install paths on a clean machine
  - prepare external beta notes and known limitations
- Exit criteria:
  - signed and notarized artifacts install without bypass instructions
  - clean-machine install verification passes on the signed candidate

### Conditional Milestone B: External Beta Learn Loop

- Trigger:
  - Conditional Milestone A is complete
- Goal: run a small external beta only after the mainline product path is stable.
- Focus:
  - use a hardware-diverse trusted beta cohort
  - triage install, permission, execution, and restore regressions
  - close P0 issues before any GA candidate is named
- Exit criteria:
  - no external-beta P0 remains open
  - primary workflows are validated on more than one machine profile

### Conditional Milestone C: GA Candidate and Launch

- Trigger:
  - Conditional Milestone B is complete
- Goal: publish `v1.0` only after trust, recovery, and signed distribution all align.
- Focus:
  - rerun full acceptance and signed packaging on the GA candidate
  - freeze release notes, notices, acknowledgements, and checksums
  - validate launch candidate install and first-run flow on a clean machine
- Exit criteria:
  - no open P0 release blocker
  - signed packaging, install validation, and release docs are complete
  - `v1.0` artifacts are published

## Current Decision Rules

- Do not call the current workstream `public beta`.
- Do not claim broader cleanup coverage than the worker/helper path can prove.
- Do not claim physical recovery until file-backed restore is actually validated.
- Do not schedule a public release date before signing credentials exist.

## Not In This Roadmap

- `Storage treemap`
- `Menu Bar`
- `Automation`
- new non-MVP modules
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`# Roadmap`

			`## Current Starting Point`

			- Date: `2026-03-12`
			- Product state: `Frozen MVP complete`
			- Validation state: `Internal beta passed with conditions on 2026-03-07`
			`- Immediate priorities:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			- turn `Apps` review-only evidence into verifiable and comparable uninstall evidence
			- expand `Smart Clean` safe coverage only on the next high-confidence roots
			- harden `Recovery` payload compatibility and restore evidence after execution boundaries stabilize
			`- keep release-readiness work behind the product-path epics until signing materials exist`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`- Release-path blocker:`
			`- no Apple signing and notarization credentials are available on the current machine`

			`## Roadmap Guardrails`

			`- Keep scope inside the frozen MVP modules:`
			- `Overview`
			- `Smart Clean`
			- `Apps`
			- `History`
			- `Recovery`
			- `Permissions`
			- `Settings`
			- Do not pull `Storage treemap`, `Menu Bar`, or `Automation` into this roadmap.
docs: add selective parity strategy planning 2026-03-23 16:48:26 +08:00			`- Respond to competitor pressure by deepening the frozen MVP flows rather than adding new surfaces for parity theater.`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`- Treat trust and recovery honesty as release-critical product work, not polish.`
			`- Keep direct distribution as the only eventual release route.`
			`- Do not plan around public beta dates until signing credentials exist.`

docs: add selective parity strategy planning 2026-03-23 16:48:26 +08:00			`## Competitive Strategy Overlay`

			- Primary breadth comparison pressure comes from `Mole` and `Tencent Lemon Cleaner`.
			- Primary `Apps` comparison pressure comes from `Pearcleaner` and `Tencent Lemon Cleaner`.
			- Atlas should compete as an `explainable, recovery-first Mac maintenance workspace`, not as a generic all-in-one cleaner.
			`- The roadmap response is:`
			`- preserve trust as the primary release gate`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			- deepen the `Apps` module first where `Pearcleaner` and `Lemon` set expectations
			- then close the most visible `Smart Clean` safe-coverage gaps users compare against `Mole` and `Lemon`
			- harden `Recovery` only after execution boundaries and evidence models are stable
			`- treat release readiness as the final convergence step because signing materials, not packaging mechanics, remain the public-release blocker`
docs: add selective parity strategy planning 2026-03-23 16:48:26 +08:00			- keep `Storage treemap`, `Menu Bar`, and `Automation` out of scope

fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`## Active Milestones`

			`### Milestone 1: Internal Beta Hardening`

			- Dates: `2026-03-16` to `2026-03-28`
			`- Goal: harden the current internal-beta build until user-visible execution and recovery claims are defensible.`
			`- Focus:`
			`- remove or explicitly development-gate silent XPC fallback`
			`- show explicit failure states when real worker execution is unavailable`
			`- rerun bilingual manual QA on a clean machine`
			`- verify packaged first-launch behavior with a fresh state file`
			`- tighten README, in-app copy, and help content where recovery or execution is overstated`
			`- Exit criteria:`
			`- internal beta checklist rerun against the latest packaged build`
			`- unsupported execution paths fail clearly instead of appearing successful`
			`- recovery wording matches the shipped restore behavior`

ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`### Milestone 2: Apps Evidence Execution`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			- Dates: `2026-03-31` to `2026-04-11`
			- Goal: turn `Apps` review-only evidence from merely visible into verifiable, comparable, and recoverably consistent.
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`- Focus:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- define the fixture app baseline for mainstream and developer-heavy uninstall scenarios`
			`- make preview, completion, and history reflect the same uninstall evidence model`
			`- define the restore-triggered app-footprint refresh strategy and stale-evidence handling`
			`- script the manual acceptance flow for uninstall evidence and restore verification`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`- Exit criteria:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- supported fixture apps produce consistent evidence across preview, completion, and history`
			`- restore follows a defined footprint refresh path or shows explicit stale-evidence state`
			- the `Apps` acceptance path is scriptable and repeatable
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`### Milestone 3: Smart Clean Safe Coverage Expansion`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			- Dates: `2026-04-14` to `2026-05-02`
			`- Goal: expand only the next batch of high-confidence safe cleanup roots and prove real side effects without widening into high-risk cleanup.`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`- Focus:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- add the next safe roots outside app containers`
			- stabilize the `review-only` vs `executable` boundary across scan, review, execute, completion, and history
			- strengthen the `scan -> execute -> rescan` evidence chain for the expanded safe roots
			`- keep unsupported or high-risk paths explicitly non-executable`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`- Exit criteria:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- newly supported safe roots show real post-execution rescan improvement`
			- unsupported roots remain clearly marked as `review-only`
			`- release-facing surfaces distinguish supported and unsupported execution scope without ambiguity`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`### Milestone 4: Recovery Payload Hardening`
docs: add selective parity strategy planning 2026-03-23 16:48:26 +08:00
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			- Dates: `2026-05-05` to `2026-05-23`
			`- Goal: make recovery state structurally stable, backward-compatible, and historically trustworthy.`
docs: add selective parity strategy planning 2026-03-23 16:48:26 +08:00			`- Focus:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- stabilize the recovery payload schema and versioning contract`
			`- add migration and compatibility handling for older workspace and history state files`
			- deepen `History` detail evidence for restore payloads, conflicts, expiry, and partial restore outcomes
			`- add regression coverage for conflict, expired payload, and partial-restore scenarios`
docs: add selective parity strategy planning 2026-03-23 16:48:26 +08:00			`- Exit criteria:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- recovery payloads follow a stable versioned schema`
			`- older state files migrate cleanly or fail with explicit compatibility behavior`
			- `History` detail can explain real restore evidence and degraded outcomes
			`- regression coverage exists for the main restore edge cases`

			`### Milestone 5: Release Readiness`

			- Dates: `2026-05-26` to `2026-06-13`
			`- Goal: turn the stabilized product path into a repeatable release candidate process, then switch to the signing chain when credentials exist.`
			`- Focus:`
			- make `full-acceptance` a routine gate on candidate builds
			`- stabilize UI automation for trust-critical MVP flows`
			`- freeze packaging, install, and launch smoke checks as repeatable release scripts`
			- switch from the pre-signing release chain to `Developer ID + notarization` once credentials become available
			`- Exit criteria:`
			- `full-acceptance` runs routinely on candidate builds
			`- trust-critical UI automation is stable enough for release gating`
			`- packaging, install, and launch smoke checks are repeatable`
			`- the signed chain either passes with credentials present or remains explicitly blocked only by missing credentials`
docs: add selective parity strategy planning 2026-03-23 16:48:26 +08:00
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`## Conditional Release Branch`

ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			These milestones do not start until Milestone `5` is complete and Apple release credentials are available.
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`### Conditional Milestone A: Signed External Beta Candidate`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00
			`- Trigger:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			- Milestones `1` through `5` are complete
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			- `Developer ID Application` is available
			- `Developer ID Installer` is available
			- `ATLAS_NOTARY_PROFILE` is available
			`- Goal: produce a signed and notarized external beta candidate.`
			`- Focus:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- rerun the release scripts on the signed chain`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			- validate signed `.app`, `.dmg`, and `.pkg` install paths on a clean machine
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- prepare external beta notes and known limitations`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`- Exit criteria:`
			`- signed and notarized artifacts install without bypass instructions`
			`- clean-machine install verification passes on the signed candidate`

ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`### Conditional Milestone B: External Beta Learn Loop`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00
			`- Trigger:`
			`- Conditional Milestone A is complete`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- Goal: run a small external beta only after the mainline product path is stable.`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`- Focus:`
			`- use a hardware-diverse trusted beta cohort`
			`- triage install, permission, execution, and restore regressions`
			`- close P0 issues before any GA candidate is named`
			`- Exit criteria:`
ralph-loop[epic-a-to-d-mainline]: checkpoint before iteration 2026-03-23 17:14:09 +08:00			`- no external-beta P0 remains open`
fix: harden internal beta execution trust 2026-03-12 19:18:41 +08:00			`- primary workflows are validated on more than one machine profile`

			`### Conditional Milestone C: GA Candidate and Launch`

			`- Trigger:`
			`- Conditional Milestone B is complete`
			- Goal: publish `v1.0` only after trust, recovery, and signed distribution all align.
			`- Focus:`
			`- rerun full acceptance and signed packaging on the GA candidate`
			`- freeze release notes, notices, acknowledgements, and checksums`
			`- validate launch candidate install and first-run flow on a clean machine`
			`- Exit criteria:`
			`- no open P0 release blocker`
			`- signed packaging, install validation, and release docs are complete`
			- `v1.0` artifacts are published

			`## Current Decision Rules`

			- Do not call the current workstream `public beta`.
			`- Do not claim broader cleanup coverage than the worker/helper path can prove.`
			`- Do not claim physical recovery until file-backed restore is actually validated.`
			`- Do not schedule a public release date before signing credentials exist.`

			`## Not In This Roadmap`

			- `Storage treemap`
			- `Menu Bar`
			- `Automation`
			`- new non-MVP modules`