Public Backlog Snapshot
Where Spec Kitty Is Headed
The open backlog organized into thematic feature sets, showing the direction of the project. Based on 96 open issues as of April 21, 2026.
96
Open Issues
14
P0/P1 Bugs
5
Epics
9
Themes
8
ADRs Pending
Direction at a Glance
SaaS Platform
Browser-mediated auth, PKCE login, keychain token management, teamspace privacy controls. Moving from CLI-only to a connected platform.
9 issues
Doctrine & Knowledge Graph
Charter provenance, glossary entity pages with backlinks, decay detection, explain queries with citations. Building institutional memory into the tool.
19 issues
Dashboard & UI/UX
Frontend decoupling from Python CLI, shared design system, agent avatars, static site generation, charter exploration UI. Moving toward a standalone web experience.
8 issues
Agent Ecosystem
Mistral Vibe and Google Antigravity support, Opencode hardening, Gemini TOML shims, Codex consistency. Expanding beyond the original 12 agents.
5 issues
Intake Pipeline
Mission brief security hardening (path traversal, symlink escape, atomic writes, OOM cap), intake CLI commands, and brief integrity. Securing the entry point.
11 issues
Workflow Engine
Composable sequencing, ticket intake from Jira/Linear/GitHub/GitLab, post-merge follow-ups, merge driver for event logs, mission correction workflow.
12 issues
Architecture & Quality
Module boundary extraction, encoding audit, Sonar quality gates, mutation testing, runtime internalization. Hardening the foundation.
7 issues
P0/P1 Bug Fixes
Status emission ordering, worktree root resolution, upgrade safety, merge invariants, review-cycle inflation. Critical workflow blockers.
14 issues
Windows Compatibility
Symlink fallback tests, shell=True removal, MCP worktree workaround. Cross-platform parity.
3 issues
SaaS Platform & Authentication 9 issues
The CLI is evolving toward a connected platform with browser-mediated authentication, teamspace-scoped access control, and centralized token management. This replaces the legacy password-based auth entirely.
#559
Epic: browser-mediated CLI auth against spec-kitty-saas
#561
Replace password login with browser PKCE login and device-code fallback
#562
Introduce centralized TokenManager and keychain-backed session storage
#564
Rewire sync, tracker, and websocket clients to the centralized auth transport
#565
Remove password-era CLI auth code, tests, and token assumptions
#617
Wire MissionAudit and operator-override event families across CLI, events, and SaaS
#717
Token refresh failures should be silent or deduplicated per session
#738
Default new checkouts to Private Teamspace and add repository share routing
#739
Persist per-checkout Teamspace opt-out and future checkout share preference
Doctrine & Knowledge Graph 19 issues
Building institutional memory into the tool: charter provenance tracking, glossary as a first-class module with entity pages and backlinks, decay detection, explain queries with citations, and composable workflow sequencing driven by doctrine.
#701
EPIC: Minimal Viable Trail for Every Spec Kitty Action
#534
spec-kitty explain: query surface with citations
#533
charter lint: graph-native feature-level decay detection
#532
Glossary entity pages with two-way backlinks
#531
Configure model selection
#535
Karpathy wiki patterns -- remaining 5 ideas not yet scheduled
#590
Caveman response mode for efficiency
#613
Establish glossary as a clearly owned functional module
#682
Composable workflow sequencing
#691
[ADR-6] Harness-owned generated-artifact charter synthesis handoff
#510
Per-mission action surface calibration pass
#511
Cross-mission retrospective summary view
#512
src/doctrine/versioning.py compatibility registry + first migration
#513
Per-artifact + bundle schema_version
#514
spec-kitty charter status --provenance command
#515
Provenance sidecar hardening
#518
[ADR-1] DRG storage format -- YAML vs JSON
#519
[ADR-3] Profile action router design
#520
[ADR-5] Glossary chokepoint p95 target measurement
Dashboard & UI/UX 8 issues
Decoupling the dashboard from the Python CLI into a standalone frontend with a shared design system, agent profile avatars, charter exploration UI, and static site generation for project history and roadmaps.
#645
Epic: Frontend Decoupling and Application API Platform
#650
Epic: UI/UX and Shared Design System
#651
Epic: Public Site and Documentation Experience
#646
Extract Shared Design System and Style Bundle
#647
Add Agent Profile Avatars to Work-Package Cards
#648
Static Project Site Generation for History, Vision, Roadmap, and Glossary
#649
Doctrine / Charter Exploration UI
#667
Add routes to dashboard URL and a slash command to open kanban
Agent Ecosystem Expansion 5 issues
Expanding from 12 to 15 agents with Mistral Vibe, Google Antigravity, and Kiro support. Hardening existing integrations for Opencode, Gemini TOML shims, and Codex path consistency.
#624
Design spike: add support for Mistral Vibe CLI as a supported coding agent
#582
Harden implement-review orchestration for Opencode and shared-lane workflows
#673
Gemini CLI shims are generated in Markdown instead of TOML
#702
Codex integration inconsistent across install path, .gitignore, docs, and CLI
#665
Brownfield investigation skill with hierarchical architecture and best-practice references
Intake Pipeline Hardening 11 issues
Security and reliability hardening of the mission intake system: path traversal prevention, symlink escape, atomic writes, OOM guards on large files, and brief integrity verification. Several of these are security-sensitive.
#724
source_file path interpolated into HTML comment without sanitization -- prompt injection
#720
scan_for_plans does not verify resolved paths stay within cwd (path traversal)
#721
Directory expansion follows symlinks -- symlink escape into arbitrary files
#722
No file size cap -- read_text() on arbitrarily large .md files can OOM
#723
write_mission_brief is not atomic -- interrupted write leaves corrupt state
#725
_auto_branch scans Path.cwd() but writes to repo_root -- path mismatch
#727
read_mission_brief swallows all exceptions -- corrupt brief looks like missing
#706
Add spec-kitty intake --clear command and route template cleanup
#729
--show truncates brief_hash to 16 chars -- insufficient for integrity
#726
sorted() in scan_for_plans should key on filename, not full path
#728
clear_mission_brief should use unlink(missing_ok=True)
Workflow Engine 12 issues
Making the spec-driven workflow more powerful: ticket intake from external trackers (Jira, Linear, GitHub, GitLab), composable workflow sequencing, post-merge follow-ups, event log merge drivers, and mission correction for incorrectly completed work.
#687
Product: repo-local issue tracker inbox and ticket intake across Jira/Linear/GitHub/GitLab
#695
spec-kitty mission create --from-ticket <provider:ID> --json
#668
First-class mission correction workflow for incorrectly completed/merged missions
#718
First-class support for post-merge follow-up commits and PRs
#569
Git merge driver for status.events.jsonl -- union append-only event log
#570
Auto-transition approved WPs to done after merge completes
#572
Opt-in broader test gate before WP moves to for_review
#536
spec-kitty.specify: support explicit slug/number override for parallel streams
#591
Allow explicit mission number in agent mission create
#704
Add command to delete a spec (and its tasks and branches)
#736
Main working branch is pinned to 'main' but users want to keep main clean
#635
Deprecate /spec-kitty.checklist
Architecture & Internal Quality 7 issues
Sharpening module boundaries, encoding consistency, CI deduplication, Sonar quality gates, mutation testing survivors, and runtime internalization to reduce release drift.
#614
Separate integration boundaries from core domain logic inside src/specify_cli
#612
Extract runtime and mission decisioning into a clear functional boundary
#732
Make spec-kitty-runtime internal to reduce release drift
#644
Encoding mixups: stop assuming UTF-8 and record encoding at lifecycle boundaries
#662
Resolve CI workflow duplication: release readiness vs CI-quality
#595
Close Sonar quality-gate debt on release-path coverage and hotspot review
#711
Mutant Slaying: kill survivors from the 2026-04-20 mutation baseline
P0/P1 Bug Fixes 14 issues
Critical workflow blockers that affect day-to-day usage: status emission ordering, worktree root resolution, upgrade safety (silently deleting customizations), merge invariants, and review-cycle counter inflation.
#715
finalize-tasks: dependent WPs should collapse into a single sequential lane
#674
spec-kitty upgrade silently deletes user-customized commands and skills
#676
Re-running agent action implement auto-inflates the review-cycle counter
#675
Merge post-merge invariant treats untracked files as HEAD divergence
#622
Review-claim emits for_review to in_progress instead of in_review
#538
WP stays planned in dashboard while worktree has uncommitted work
#539
find_repo_root() resolves to worktree root -- events and config writes land wrong
#551
agent action implement cannot resolve workspace for planning-artifact WPs
#552
spec-kitty next stuck in '[QUERY -- no result provided]' for valid mission-run
#735
Suppress cosmetic final-sync/shutdown errors after successful mission create
#540
Top-level implement bypasses canonical status transition pipeline
#541
require_main_repo misses external git worktrees outside .worktrees/
#542
implement can leave uncommitted mechanical changes in main checkout
#526
spec-kitty next advances the DAG on every call -- no completion guard
Windows Compatibility 3 issues
Cross-platform parity: symlink fallback testing, removing shell=True subprocess calls, and documenting MCP worktree workarounds for Windows.
#629
Add @pytest.mark.windows_ci test for os.symlink fallback in worktree migration
#630
Replace shell=True subprocess calls in review/baseline.py and acceptance_matrix.py
#631
Document workaround for MCP agent root confusion with worktrees on Windows