Roadmap
This page tracks what is planned for upcoming Topaz releases. The roadmap is derived from the BACKLOG.md file in the repository; each item there is automatically converted to a GitHub issue when committed.
info
The roadmap reflects current intentions and may change. Watch the GitHub repository or join Discord to stay up to date.
v1.2-beta
Queue Storage — preview
| Feature | Description | |
|---|---|---|
| Preview | Service-level operations | List queues, get/set service properties, get stats |
| Preview | Queue CRUD | Create, delete, get/set metadata and ACL per queue |
| Preview | Message operations | Enqueue, dequeue, peek, update, delete, and clear messages |
Key Vault — keys support
| Feature | Description | |
|---|---|---|
| Stable | Core CRUD | Create, import, get, update, delete keys; list keys and versions |
| Stable | Backup & Restore | Export and restore opaque key backup blobs |
| Stable | Cryptographic operations | Encrypt, decrypt, sign, verify, wrap key, unwrap key |
| Preview | Key rotation | Rotate key, get/update rotation policy |
Azure PowerShell integration
| Feature | Description | |
|---|---|---|
| Stable | Certificate trust script | configure-azure-powershell-cert.ps1 — trust the Topaz certificate in the Az module |
| Stable | Cloud environment registration | Add-AzEnvironment + Connect-AzAccount setup script and example |
| Preview | Test suite | Topaz.Tests.AzurePowerShell project with a Testcontainers fixture and smoke tests |
ARM Deployments — full support
| Feature | Description | |
|---|---|---|
| Stable | Cancel | Mark an in-progress deployment as cancelled |
| Stable | Export Template | Return the ARM template used for a deployment |
| Preview | What-If | Preview resource changes without applying them |
| Stable | List at all scopes | List deployments at subscription, management-group, and tenant scope |
Packaging — CLI and Host split
| Feature | Description | |
|---|---|---|
| Preview | Separate CLI and Host artifacts | Split the monolithic binary into topaz-host (service process) and topaz-cli (thin client) — ⚠️ Breaking change: existing invocations and Docker image references must be updated |
v1.3-beta
Resource Providers — operations support
| Feature | Description | |
|---|---|---|
| Stable | List, Register, Unregister | Full provider lifecycle alongside the existing get-by-namespace operation |
Virtual Networks — full control plane
| Feature | Description | |
|---|---|---|
| Stable | Delete, List, Update Tags | Complete the VNet control plane beyond create and get |
| Stable | Check IP Address Availability | Validate whether an IP is available within a VNet's address space |
| Stable | Subnets — full CRUD | Create, get, delete, and list subnets within a VNet |
| Preview | Network Security Groups | Full NSG control plane: create, get, delete, list, update tags |
Entra ID authentication for Azure Storage
| Feature | Description | |
|---|---|---|
| Preview | Entra ID bearer-token auth on Blob & Table data plane | Accept Authorization: Bearer tokens validated against the Topaz Entra ID service; returns a proper WWW-Authenticate challenge when credentials are absent or invalid |
Azure Virtual Machines — initial control plane
| Feature | Description | |
|---|---|---|
| Stable | New service scaffold | Topaz.Service.VirtualMachine project with models, resource provider, and service registration |
| Preview | Core control plane | Create/update, get, delete, list VMs — emulated only (no actual boot) |
MCP Server — resource provisioning and tooling
| Feature | Description | |
|---|---|---|
| Preview | Resource provisioning tools | CreateResourceGroup, CreateKeyVault, CreateServiceBusNamespace/Queue/Topic, CreateStorageAccount/BlobContainer — thin wrappers over TopazArmClient following the SubscriptionTool.cs pattern |
| Preview | Event Hub and Container Registry tools | CreateEventHubNamespace, CreateEventHub, CreateContainerRegistry |
| Preview | GetConnectionStrings tool | Returns ready-to-use connection strings and URIs for all provisioned resources in a subscription — closes the provisioning workflow |
| Preview | GetTopazStatus diagnostics tool | Wraps the Topaz health-check endpoint; returns running version, live services, and bound ports |
| Preview | Pre-defined MCP prompts | Guided multi-step setup scenarios ("microservice environment", "CI bootstrap") that compose the provisioning tools into a single natural-language command |
v1.4-beta
Topaz Portal — tag editing
| Feature | Description | |
|---|---|---|
| Preview | Inline tag value editing in portal | Edit button per tag row in the Tags panel turns the value cell into an input field; supports all tag-capable resources |
Key Vault — automated soft-delete purging
| Feature | Description | |
|---|---|---|
| Preview | Auto-purge soft-deleted vaults | Background scheduler permanently removes soft-deleted vaults once their scheduledPurgeDate has elapsed |
| Preview | Auto-purge soft-deleted secrets | Background scheduler permanently removes soft-deleted secrets once their scheduledPurgeDate has elapsed |
v1.5-beta
Container Registry — ACR Tasks
| Feature | Description | |
|---|---|---|
| Preview | Task CRUD control plane | Create, get, update, delete, and list ACR tasks via the ARM surface (Microsoft.ContainerRegistry/registries/tasks) |
| Preview | Task runs and triggers | Manually trigger runs, list and get run details, cancel runs, retrieve log URL — runs complete immediately without executing real workloads |
Azure SQL — initial control plane
| Feature | Description | |
|---|---|---|
| Stable | New service scaffold | Topaz.Service.Sql project with models, resource provider, control plane, and host registration |
| Preview | SQL Server control plane | Create, get, update, delete, and list SQL Server resources; emulated server with {name}.database.topaz.local.dev as FQDN |
| Preview | SQL Database control plane | Create, get, update, delete, and list databases under a server — persisted as child resources on disk |
✅ Completed
v1.1-beta
Key Vault — full secrets support
| Feature | Description | |
|---|---|---|
| Stable | Get Secret Versions | GET {vaultBaseUrl}/secrets/{name}/versions — paged list of all versions for a secret |
| Stable | Backup & Restore | POST .../backup and POST .../restore for opaque secret backup blobs |
| Stable | Deleted secrets operations | Soft-delete surface: list, get, recover, and purge deleted secrets |
Container Registry — data plane preview
| Feature | Description | |
|---|---|---|
| Stable | ACR OAuth2 token endpoint | POST /oauth2/token — completes the three-step ACR authentication flow |
| Preview | Repositories & Tags | List repositories (/v2/_catalog), list tags, delete tag via manifest reference |
| Preview | Manifest operations | GET, PUT, DELETE, HEAD for OCI manifests per registry |
| Preview | Blob operations | Full OCI blob upload/download: start session, stream chunks, complete, download, delete |