TapPass Roadmap — H2 2026

Date: 2026-05-07 Horizon: May → December 2026 (with Q1 2027 spillover noted) Source inputs: concepts/governed-agents-architecture.md (the architectural spine), shipped state per intent-to-policy.md §10b, memory entries on OEM/UX/deployment/compliance, gap analysis vs. Giskard/Enoki.

This document is not an architecture concept. It is the operational answer to "given where we are now and what we know is missing, which big projects must we ship in the next 6 months — and in what order?"

1. Where we are now (the honest snapshot)

1.1 Shipped and mature

Capability	What's there	Source
Gateway (provider-agnostic)	OAI + Anthropic + MCP wire formats; LiteLLM 100+ providers; capability tokens (ES256); 32-step pipeline; circuit breaker; streaming	`tappass/gateway/`
Sandbox primitives	OpenShell with Landlock, L7 network egress, trust tiers, credential hiding via inference.local	`tappass/sandbox/`
Audit + mandates	Hash-chained audit trail; ES256-signed mandates; per-session WAL; verify_integrity passes	live on main
Intent-to-policy substrate	5-layer authoring (function/categories/concerns/capabilities/pipeline), 40-line resolver, 8 catalog tables, 38 PRs merged, ~470 tests green	`intent-to-policy.md` §10b
Frontend (operator surface)	Overview / Agents / Pipelines / Sessions / Audit Trail / Copilot / Playground / Settings	`project_frontend_scope.md`
Deployment	Staging + app on Cloud Run, unified CI/CD, Terraform IaC, battle-tested pipeline	`project_gcp_deployment.md`
BYOK LLM keys	`vault_llm_keys`, per-org AAD, KMS envelope, PostHog hybrid flag	`project_byok_llm_keys.md`
OSS / supply chain	liccheck + CycloneDX SBOM gates in 4 repos; OpenChain ISO 5230 mapping	`project_oss_license_compliance.md`

1.2 In flight / partial

Capability	State	Risk
OEM decomposition	Ongoing per `project_oem_refactor.md` — protocols, container, partial migration	Contends for code areas with the new keyring engine; needs sequencing
Runtime tool discovery	Concept written + 7-PR plan; capture exists in `registry/tools.py` (in-memory); promotion to catalog write path not shipped	Blocks honest end-to-end demo per the concept's own framing
TapPass Chat (LibreChat fork)	Concept written; fork not started	SMB GTM dependent; not on Collibra critical path
Async deadlock / TrustEngine migration	Async infra ready; TrustEngine migration for tokens/credentials needed	Foundational dependency for keyring derivation + sync (both touch token issuance)
UX redesign	Plan written: login bg, stepped flows, context-aware agent creation, Getting Started page	Parallel to spine work; not blocking
Project & Teams concept	Concept exists at `projects-teams-concept.md`; phase-3 frontend concept also exists	Required for org/project/team cascade in §6 of architecture

1.3 Concept-stage / not started

This is what the architecture document just defined and what the gap analysis surfaced:

Capability	Status	Sized
Policy compiler (with cascade merge)	Concept (architecture §10); emits Compiled Policy by aspect	L (~3-4 weeks)
Signed sync channel + drift detection	Concept (architecture §12)	M+M (~4 weeks)
MCP-forward mode + per-org MCP registry	Concept (architecture §7, §3)	M+S (~3 weeks)
`schema_acl` + `loop_guard` pipeline steps	Concept (architecture §3, §6 demo)	S (~1 week)
Harness + codemode + kernel exporters	Concept (architecture §10 layers)	S+S+M (~3 weeks)
Three CLIs (`tappass`, `tappass-host`, `tappass-agent`)	Concept (architecture §14)	M+M+S (~5 weeks)
Dashboard onboarding wizard	Concept (architecture §5, §11)	S (~1 week)
Pre-deployment evaluation harness + probes	Concept (architecture §8)	L (~3-4 weeks for MVP)
Compliance packs (EU AI Act + OWASP LLM v1)	Concept (architecture §4.5)	M (~3 weeks for first 2 packs)
Trust posture (SOC 2 Type 1 audit)	Operational, ~6 months calendar	(calendar-bound, not engineering weeks)
Public trust center expansion	Marketing/ops	S (~1 week of writing + legal review)

2. The gap → project map

What Giskard / Enoki / the broader category have that we don't, mapped to projects we must run:

Gap (vs. competitors)	Project that closes it	Why it matters
Pre-deployment red-teaming (Giskard's headline product, Enoki's "OWASP-aligned attack suites")	Pre-deployment evaluation harness	Procurement gate question: "is the agent safe to ship?" — without this, every customer assembles their own answer
Vulnerability taxonomy + OWASP mapping	Threat coverage taxonomy (architecture §3.2)	Prepared-buyer question: "what attacks does this defend against?" — answered as content, not engineering
Regulatory compliance bundles (Giskard "EU AI Act compliance pack")	Compliance packs	EU/regulated buyers tick one box → compliant deployment. Differentiates against fragmented per-vendor governance
Trust posture (SOC 2, 0-training, residency)	SOC 2 Type 1 audit + trust center page	Filter-question status — EU/regulated buyers won't engage architecturally without this
Drift detection in production (Enoki's third pillar)	Drift detection engine	Closes the loop with pre-deployment eval — production reality vs. evaluated baseline
Agent discovery in customer environment	Gateway-side unenrolled-agent surfacing	Customer's first problem: "what agents do we already have?"
Public threat intelligence (Giskard's RealHarm)	Public incident database	Marketing/community asset, not architecture — but signals ongoing intelligence

3. Prioritized projects for H2 2026

Three workstreams. Critical path is the spine — without it, evaluation has nothing to run against and the Collibra demo doesn't ship.

Workstream A — Architectural spine (the moat)

These are the 12 components from architecture §14.4. Critical path for everything else.

Order	Project	Size	Dependencies	Quarter
A.1	TrustEngine async migration (unblocks token issuance)	M	—	Q3 (Jul)
A.2	Keyring derivation engine (with cascade merge)	L	A.1, projects-teams substrate	Q3 (Jul-Aug)
A.3	Signed sync channel	M	A.2	Q3 (Aug)
A.4	`tappass` management CLI MVP	M	A.2	Q3 (Aug)
A.5	`tappass-agent` client SDK	S	A.3	Q3 (Aug)
A.6	`tappass-host` runtime CLI + daemon	M	A.3, A.5	Q3 (Aug-Sep)
A.7	MCP-forward mode in gateway	M	A.2	Q3 (Sep)
A.8	`schema_acl` + `loop_guard` pipeline steps	S	A.7	Q3 (Sep)
A.9	Per-org MCP-server registry	S	A.7	Q3 (Sep)
A.10	Kernel/sandbox profile exporter	M	A.6	Q4 (Oct)
A.11	Codemode profile exporter	S	A.6	Q4 (Oct)
A.12	Harness profile exporter	S	A.6	Q4 (Oct)
A.13	Dashboard onboarding wizard	S	A.4	Q4 (Oct-Nov)

Total: ~13-15 engineering weeks. With 2 engineers in parallel: ~7-8 calendar weeks. With 1 engineer serial: ~13-15 weeks. A.1 is the gating dependency — must close in the first two weeks.

Workstream B — Procurement-defensibility (catching up to Giskard/Enoki)

Order	Project	Size	Dependencies	Quarter
B.1	Compliance pack v1: EU AI Act	M	A.2 (resolver merge for packs)	Q3 (Sep)
B.2	Compliance pack v1: OWASP LLM Top 10	M	A.2	Q3 (Sep)
B.3	Pre-deployment evaluation harness MVP	L	A.5 (uses tappass-agent SDK)	Q4 (Oct-Nov)
B.4	Probe library v1 (OWASP LLM + EU AI Act)	M	B.3	Q4 (Nov)
B.5	Drift detection engine	M	A.3 (sync gives us baselines)	Q4 (Nov-Dec)
B.6	Compliance packs v2: GDPR, PCI-DSS, HIPAA	M	B.1 (template established)	Q1 2027
B.7	Compliance packs v3: NIS2, DORA	M	B.1	Q1 2027

Total: ~10 engineering weeks for v1 (B.1-B.5). B.6 and B.7 are demand-driven.

Workstream C — Trust + concrete artifacts

Order	Project	Size	Dependencies	Quarter
C.1	Trust center page expansion (0-training, residency, encryption, sub-processors)	S	— (independent)	Q3 (Jul)
C.2	SOC 2 Type 1 readiness assessment + auditor selection	(operations)	C.1	Q3 (Jul-Aug)
C.3	SOC 2 Type 1 audit fieldwork	(operations)	C.2	Q3-Q4 (Sep-Dec)
C.4	SOC 2 Type 1 report issued	(operations)	C.3	Q4 (Dec)
C.5	`tappass/collibra-agent` reference repo scaffolded	M	A.7 (MCP proxy), A.13 (wizard), B.3 (eval)	Q4 (Nov-Dec)
C.6	Collibra demo to Stijn / Nick (Spoor 1 close)	(event)	C.5	Q4 (Dec)

SOC 2 is calendar-bound — engineering doesn't accelerate it past ~6 months. Start in July, certificate by December.

Workstream D — Pre-existing flight that must continue

These are not new projects; they are obligations that must close to unblock the spine.

Project	Status	Why it matters for H2
OEM decomposition	In progress	Contends for the same code areas as keyring engine. Must finish or coordinate carefully with A.2.
Runtime tool discovery (capture → catalog promotion)	7-PR plan pending	Blocks the honest end-to-end demo per the concept's own framing. Should ship before C.5.
Project & Teams substrate	Concept written; phase-3 frontend exists	Required for cascade in A.2. Must ship by August.
UX redesign	Plan written	Parallel to spine; not blocking; touches A.13 wizard look-and-feel.

Workstream E — Deferred / explicit non-priorities

These exist as concepts/initiatives but should NOT take H2 2026 cycles:

TapPass Chat (LibreChat fork) — SMB GTM bet; only ship if SMB pipeline materializes. Otherwise H1 2027.
Compliance packs v2/v3 — demand-driven; ship when first customer asks for them.
Public threat intelligence asset (RealHarm-equivalent) — marketing project; H1 2027.
Subsequent reference agents (support emailer, code reviewer, refund processor) — only after collibra-agent proves the architecture. Q1 2027.
Agent discovery (full mechanism beyond passive surfacing) — the architecture commits to surfacing the signal; the full discovery + auto-classification flow is a separate concept.

4. Timeline at a glance

                     │ Jul │ Aug │ Sep │ Oct │ Nov │ Dec │
─────────────────────┼─────┼─────┼─────┼─────┼─────┼─────┤
A.1 TrustEngine      │ ███ │     │     │     │     │     │
A.2 Keyring deriv.   │   █ │ ███ │ ██  │     │     │     │
A.3 Sync channel     │     │ ███ │     │     │     │     │
A.4 tappass CLI      │     │ ███ │     │     │     │     │
A.5 tappass-agent    │     │ ██  │     │     │     │     │
A.6 tappass-host     │     │  ██ │ ███ │     │     │     │
A.7 MCP-forward      │     │     │ ███ │     │     │     │
A.8 ACL+loop guard   │     │     │  ██ │     │     │     │
A.9 MCP registry     │     │     │  █  │     │     │     │
A.10 Kernel exporter │     │     │     │ ██  │     │     │
A.11 Codemode export │     │     │     │ ██  │     │     │
A.12 Harness export  │     │     │     │ ██  │     │     │
A.13 Wizard          │     │     │     │   █ │ ██  │     │
B.1 EU AI Act pack   │     │     │ ███ │     │     │     │
B.2 OWASP pack       │     │     │ ███ │     │     │     │
B.3 Eval harness     │     │     │     │ ███ │ ██  │     │
B.4 Probe library v1 │     │     │     │     │ ██  │     │
B.5 Drift engine     │     │     │     │     │ ███ │ ██  │
C.1 Trust center     │ ██  │     │     │     │     │     │
C.2-C.4 SOC 2        │     │ ███ │ ███ │ ███ │ ███ │ ██  │
C.5 collibra-agent   │     │     │     │     │ ███ │ ██  │
C.6 Demo Collibra    │     │     │     │     │     │  █  │
─────────────────────┴─────┴─────┴─────┴─────┴─────┴─────┘
                                  ▲                 ▲
                          Spine MVP ready    Collibra demo

Critical path: A.1 → A.2 → A.3+A.4+A.5+A.6 → A.7+A.8 → C.5 → C.6. Roughly 6 calendar months end-to-end with 2 engineers; 8-9 months with 1.

5. Resource implications (rough)

Assuming 2 platform engineers + 1 frontend + 1 part-time compliance-content owner:

Workstream	Owner profile	Estimated weeks (calendar)
A (spine)	2 platform eng	13-15 weeks parallel work
B (procurement)	1 platform eng + part-time content	10 weeks (B.1-B.5)
C (trust + reference)	Operations + 1 platform eng for C.5	6 months calendar (mostly external)
D (in-flight obligations)	Existing owners	varies; assume 30% drag on platform eng capacity

If headcount is tighter (1 platform engineer), the realistic shape becomes:

Q3: A.1 → A.2 → A.3 only
Q4: A.4-A.6 + B.1+B.2 (compliance content) + C.1 (trust page)
Q1 2027: A.7-A.13 + B.3-B.5 + C.5 (Collibra demo)

In which case Collibra demo slips to Feb-Mar 2027.

6. Strategic prioritization — what to fight for

Non-negotiable for the year:

A.1-A.6 (spine MVP): without this, nothing else has a substrate. Must close by end Q3.
B.1-B.2 (compliance packs v1): with EU AI Act + OWASP LLM packs in the bag, we have a procurement-defensible answer that Giskard's parity-claim doesn't dominate.
C.1-C.4 (SOC 2 Type 1): filter-question status. Without it, EU/regulated conversations don't start.
C.5-C.6 (Collibra demo): the partner conversation is the forcing function. December close is realistic if A.1-A.6 hit Q3.

Worth fighting for:

B.3-B.5 (eval + drift): closes the Giskard/Enoki competitive gap. December delivery makes us competitive against either of them in a head-to-head.
A.7-A.13 (full enforcement layer + wizard): brings the full architecture to the demo. Without it, the demo is "policy enforcement" but not "every layer."

Not worth fighting for in 2026:

TapPass Chat — only if SMB pipeline materializes.
Compliance packs v2/v3 — demand-driven.
Subsequent reference agents — after Collibra ships.
Public threat intelligence — marketing project; can wait.

7. Top risks

TrustEngine async migration (A.1) takes longer than 2 weeks. Foundational; everything blocks. Mitigation: scope explicitly in week 1, accept narrow MVP.
OEM decomposition contention. Same code areas as keyring engine. Mitigation: weekly sync between OEM owner and keyring lead; merge windows clearly defined.
SOC 2 audit slippage. Auditor availability is the main calendar risk. Mitigation: select auditor in July, lock fieldwork dates in August.
Collibra partnership cools. Demo loses urgency. Mitigation: ship the spine and reference repo regardless — collibra-agent is the first instance of an architecture that supports many; the work isn't wasted.
Compliance pack content correctness. If EU AI Act mapping is wrong, we lose the procurement-defensibility we'd be claiming. Mitigation: external legal review before claiming any pack publicly.
Pre-deployment eval scope creep. Easy to overinvest in probe coverage. Mitigation: ship MVP with OWASP LLM Top 10 only; expand demand-driven.

8. What to decide in the next 2 weeks

To make this roadmap real, the following decisions are blocking:

Decision	Owner	Lean
Headcount commitment for A and B workstreams	Founders	2 platform eng + 1 frontend at minimum
TrustEngine async migration scope	Platform lead	Narrow MVP unblocking keyring — defer broader migration
SOC 2 auditor selection	Founders / ops	Engage 2-3 firms in next 2 weeks; pick by end of June
Compliance content ownership	Founders	Hire / contract a Compliance / GRC owner for B workstream
OEM decomposition exit criteria	Existing OEM owner	Define what "done" looks like and target date
Collibra demo target date	Founders + Stijn/Nick	Lock to a December week to backlog from

9. Six-month outcome we're optimizing for

By end of December 2026, TapPass should have:

Compiled Policy compiler + signed sync shipped end-to-end
Three CLIs (tappass, tappass-host, tappass-agent) usable
EU AI Act + OWASP LLM Top 10 compliance packs live
Pre-deployment evaluation harness MVP with 50+ probes
SOC 2 Type 1 report in hand
tappass/collibra-agent reference repo demonstrated to Collibra technical leadership
Trust center page covering 0-training, residency, encryption, certifications
At least one external customer using a non-Collibra reference agent in evaluation

That set of artifacts puts TapPass at parity with Giskard on procurement-defensibility and at depth-of-enforcement no other vendor offers — the unique combination that this architecture concept argues for.

10. Where this roadmap lives and how it stays current

This document is operational. It should be:

Reviewed monthly against actual delivery
Updated when scope, sequencing, or headcount changes
Used as the input to quarterly planning conversations
Anchored to the architecture concept (concepts/governed-agents-architecture.md) — when the architecture changes, this roadmap re-derives

It is not a contract — it is a planning artifact. Specs, PRs, and ticket trackers are downstream of this.