System Roadmap

v2.14.0 Current Release (Application Routing & Endpoint Hardening) β€” strategic development path with clear phases, dependencies, and forward projections.

CURRENT BUILD: v2.14.0 LAST UPDATED: 2026-01-25 VERSION SOURCE: changelog.json (top entry) FOCUS: Phase 3: Performance, Reliability & Ops Foundation
Now Current execution
No β€œIn Progress” milestones detected. Roadmap is either completed or awaiting next kickoff.
Next Near-future direction
  • Phase 3: Performance, Reliability & Ops Foundation β€” Caching & Background Processing
  • Phase 3: Performance, Reliability & Ops Foundation β€” Observability, Backups & Security
  • Phase 4: Fidelity Engine & Big Data β€” Trade Autopsy (Intent vs Reality) Data Capture
  • Phase 4: Fidelity Engine & Big Data β€” Fidelity Index (Fi) Scoring Engine
  • Phase 4: Fidelity Engine & Big Data β€” Fi Automation & Dashboard Intelligence
  • Phase 4: Fidelity Engine & Big Data β€” Community Intelligence (Premium)
Later Long-range bets
  • Phase 5: Monetization & Growth β€” Stripe Billing & Subscriptions
Linear development path
Each phase depends on the foundation before it.
Phase 1
Phase 1: Multi-User SaaS Infrastructure
Completed foundation
Phase 2
Phase 2: Intelligence & Retention (The Algo Lab)
Completed foundation
Phase 3
Phase 3: Performance, Reliability & Ops Foundation
Next focus
Phase 4
Phase 4: Fidelity Engine & Big Data
Future foundation
Phase 5
Phase 5: Monetization & Growth
Future foundation
Phase 1
Target v2.12.0 COMPLETED

Phase 1: Multi-User SaaS Infrastructure

Transition from a single-user tool to a multi-tenant platform with secure access.

Identity & Access Management
v2.11.0 Done
Google OAuth 2.0 Integration for streamlined, passwordless login.
Multi-tenant Database Schema to support isolated user data.
Automatic User Provisioning: Auto-creation of default accounts and settings for new sign-ups.
Security & Account Recovery
v2.11.0 Done
Forgot Password Flow: Secure reset workflow with email token validation and login link integration.
Session leak mitigation: `Cache-Control: no-store` to prevent sensitive page exposure after logout via browser Back navigation.
CSRF Defense: Anti-CSRF token validation across Admin finance POST actions.
Fee Governance: Database-level uniqueness enforcement to block duplicate fee rules per Asset/Symbol scope.
Session Security & Preference Controls
v2.12.0 Done
Idle auto-logout (default 15 minutes) enforced server-side.
User preference for session timeout: 15 mins, 30 mins, 1 hr, 8 hrs, 24 hrs.
Session hardening: regenerate session IDs on login/privilege change, strict cookie flags (HttpOnly, Secure, SameSite).
Invite Flow Reliability
v2.12.0 Done
Admin-generated invite links reliably complete account creation end-to-end.
One-time use invite tokens with expiration and clear error messaging for invalid/expired invites.
Admin audit trail for invite creation and redemption.
Data Isolation Layer
v2.11.0 Done
Implementation of user_id session tracking across all DB queries.
Workspace isolation ensuring users can only access their personal trade groups.
Phase 2
Target v2.13.0 COMPLETED

Phase 2: Intelligence & Retention (The Algo Lab)

Enhance product stickiness with advanced AI tools, backtesting assistance, and educational resources.

The Strategy Lab (Pre-Trade GPS) β€” Options
v2.11.0 Done
Pre-Trade Workflow: Input Ticker β†’ Auto-fetch IVR/Price β†’ Select Sentiment.
Logic Engine: Automated strategy matching based on IVR + bias.
Sizing Wizard: Converts 1% portfolio risk into exact contract sizing.
Strategy Lab: Directional Trading (Futures/Stocks/Crypto)
v2.13.0 Done
Asset Class Toggle: Futures (tick-based stops), Stocks (VWAP integration), Crypto (volatility-adjusted stops).
Mandatory 'Pre-Flight' Checklist UI: Trend Alignment (EMA Ribbon), Location (Support/Resistance), Trigger (Hammer/Shooting Star), Momentum (RSI Confirmation).
Dynamic Technical Indicators: EMA Ribbon state (Green/Red/Twist) + RSI (14) input with high-risk flags (RSI > 75 longs, RSI < 25 shorts).
Psychological Guardrails: Confidence (1–10) + Emotional State (Calm/Anxious/FOMO) with cooldown suggestion when FOMO is selected.
Alert & Signal Logging: Record the triggering alert (e.g., '71.50 Resistance Break') to measure alert-based entry accuracy.
Risk/Reward Calculator: Tick-based (Futures) and instrument-aware sizing aligned to the TradeTrack Pro discipline rules.
The Algo Lab (Script Generator)
v2.11.0 Done
AI-powered Pine Script and ThinkScript generation.
Debug Buddy for syntax and logic troubleshooting.
Step-by-step backtesting tutorials.
AI Prompt Generator
v2.11.0 Done
One-click context-aware LLM prompts per trade.
Templates for risk, theta decay, and hedging analysis.
Integrated Knowledge Base
v2.11.0 Done
Database-driven KB linked to strategies and workflows.
Contextual help pills embedded in trade forms.
Admin SOP category with enforced internal visibility.
Phase 3 Focus
Target v2.20.0 PLANNED

Phase 3: Performance, Reliability & Ops Foundation

Ensure predictable performance, safe deployments, and operational confidence at scale.

Deployment Safety & Environment Discipline
v2.11.0 Done
Atomic DEV β†’ PROD file synchronization with rsync.
Protected config enforcement using SHA-256 hash verification.
Automatic rollback on protected file mismatch.
Deployment locking to prevent concurrent releases.
Versioned Database Migration System
v2.11.0 Done
Versioned SQL migrations via db_updates/*.sql.
sys_migrations table ensures each migration runs exactly once.
Pending-only detection prevents unnecessary DB dumps.
Automatic pre-migration DB backups with timestamped compression.
DDL-safe execution compatible with MySQL/MariaDB auto-commit behavior.
Database Optimization & Indexing
v2.11.0 Done
Composite indexes for high-frequency trade filters.
Schema hygiene: INT UNSIGNED ids, DECIMAL money, DATETIME timestamps.
Safe foreign keys for referential integrity.
Application Routing & Endpoint Hardening
v2.14.0 Done
Front controller routing: single public entry (index.php) with internal controllers/views.
Rewrite public URLs to remove executable filenames (e.g., /share?group_id=186&token=... instead of /share.php?group_id=186&token=... ).
Optional clean routes: /share/186?token=... and /s/<token> patterns.
Block direct access to PHP endpoints via web server rules (deny *.php where appropriate).
Disable directory listing and prevent PHP execution in assets/uploads.
Caching & Background Processing
v2.19.0 Planned
Enable PHP OPcache in production.
Introduce Redis for hot-read caching.
Background job queue for imports, reports, and bulk calculations.
Observability, Backups & Security
v2.20.0 Planned
Daily DB backups + weekly full snapshots.
Quarterly restore verification.
Role-based access control and audit logging.
Centralized error tracking and performance metrics.
Phase 4
Target v3.1.0 PLANNED

Phase 4: Fidelity Engine & Big Data

Move beyond tracking to scoring trader behavior using Intent vs Reality data and quantitative portfolio metrics.

Trade Autopsy (Intent vs Reality) Data Capture
v3.0.0 Planned
Post-trade (or EOD) capture of Pre-Trade Compliance: setup used, planned risk, planned stop, emotional state (1–10), market context (VIX, SPY trend, News Day).
Execution Reality capture: actual entry/exit, stop moved (Y/N), early exit (Y/N), drawdown duration, time since last trade close (revenge-trade detection).
Post-Trade Review capture: mistake tagging (FOMO, Revenge, Moved Stop, Oversized, Boredom, Fat Finger), behavioral grade (A–F), correction plan required for grade < B.
New tables: `trade_autopsies` linked to `trades` with strict required fields and integrity constraints.
UI enforcement: mandatory autopsy completion at trade close or EOD (no silent skips).
Fidelity Index (Fi) Scoring Engine
v3.0.0 Planned
Fi composite score (0–100) from Discipline (40%), Risk Management (30%), Performance (30%).
Discipline penalties: stop loss violation, revenge trading threshold, oversizing (risk > 2% of account), early exit without technical signal.
Risk metrics: beta-weighted delta check vs SPY, theta efficiency ratio, daily max drawdown hard floor (score=0 when breached).
Performance metrics: profit factor, win-rate vs risk:reward efficiency, consistency (Sharpe-lite / P&L volatility proxy).
New table: `fidelity_scores` daily snapshots storing sub-scores + Fi per user per trading day.
Fi Automation & Dashboard Intelligence
v3.0.0 Planned
Cron job: `Daily_Fi_Calculator` runs at market close to compute Fi, update `fidelity_scores`, and refresh user-level rollups.
Fi Gauge widget: dashboard visualization of current Trust Level (0–100) with trend context.
Leak Detector report: identifies top behavioral drivers lowering Fi (e.g., revenge trading frequency patterns).
Data freshness rules: clear timestamping and cache invalidation so the dashboard never shows stale Fi after cron execution.
Community Intelligence (Premium)
v3.1.0 Planned
Global strategy performance aggregation.
Crowd sentiment indicators.
Leaderboards and comparative analytics.
Phase 5
Target v3.2.0 PLANNED

Phase 5: Monetization & Growth

Convert platform maturity into sustainable revenue.

Stripe Billing & Subscriptions
v3.2.0 Planned
Tiered plans with Pro features.
Trials and automated retention workflows.
Research Lab Future Concepts & Backlog
Portfolio Margin simulation.
Broker API integrations (TastyTrade, IBKR).
Advanced Greek exposure heatmaps.
Mobile app (iOS / Android wrapper).

Roadmap last updated: 2026-01-25