Skip to content

Commit 3ba8f06

Browse files
committed
Align roadmap with 1.6 Pingora exit
1 parent a6f1598 commit 3ba8f06

3 files changed

Lines changed: 37 additions & 23 deletions

File tree

CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,9 @@ behavior when the change improves security or project direction.
5454
- Update README wording so the 1.5 load-balancer line is closed and future
5555
load-balancer health-check work is no longer described as a later 1.5.x
5656
item.
57+
- Refresh `ROADMAP.md` so `1.6.x` is consistently documented as the
58+
Pingora-exit line, shared Wasm extensibility is moved to `1.7`, and HTTP/3
59+
remains after the runtime boundary is stable.
5760

5861
## 1.5.23 - 2026-06-14
5962

ROADMAP.md

Lines changed: 31 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,19 @@ Larger modules still graduate through later minor releases.
1010

1111
## Current Release Goal
1212

13-
Fluxheim `1.0.0` is the first gateway-ready baseline: static sites, SNI-backed
14-
TLS vhosts, route redirects, location-style proxying, websocket-safe proxy
15-
headers, directory listing, static aliases, cleartext ACME challenge
16-
exceptions, default HTTP service packaging, and native systemd deployment.
13+
Fluxheim `1.6.x` is the Pingora-exit line. Its goal is to remove Pingora from
14+
every normal Fluxheim build by replacing the server/listener/TLS, cache,
15+
load-balancer, stream, HTTP type/error, upstream pooling, and HTTP proxy runtime
16+
boundaries with Fluxheim-owned crates and standard Rust protocol libraries,
17+
while preserving behavior with baseline evidence and parity fixtures.
18+
19+
Historical milestones:
20+
21+
Fluxheim `1.0.0` was the first gateway-ready baseline: static sites,
22+
SNI-backed TLS vhosts, route redirects, location-style proxying,
23+
websocket-safe proxy headers, directory listing, static aliases, cleartext ACME
24+
challenge exceptions, default HTTP service packaging, and native systemd
25+
deployment.
1726

1827
Fluxheim `1.1.0` added TLS policy hardening plus ACME runtime issuance and
1928
renewal for Let's Encrypt and Actalis, so deployments do not depend on manual
@@ -121,16 +130,15 @@ game-server UDP proxying; DNS/GSLB traffic steering as a separate control-plane
121130
track for health-aware DNS answers, regional policy, TTL behavior, failover,
122131
and DNSSEC/evidence requirements; and xDS/Kubernetes/Consul discovery after
123132
runtime backend mutation has proven safe locally.
124-
`1.6` is planned as the shared Wasm extensibility release for the kinds of
125-
operator policy normally solved with F5 iRules, nginx Lua/OpenResty, HAProxy
126-
Lua/SPOE, and VCL-style cache logic. It should support conditional routing,
127-
pool selection, persistence-key decisions, request denial/synthetic responses,
128-
header mutation, logging/redaction, and cache policy through one sandboxed
129-
runtime. It is not meant to be syntax-compatible with iRules or Lua, but it
130-
should cover the same operational jobs with typed Fluxheim context and strict
131-
resource limits. Sentinel Mesh/WireGuard, advanced certificate automation, and
132-
larger application-server features remain later minor releases according to the
133-
versioning plan.
133+
`1.6` is the Pingora-exit release line. It starts with baseline evidence,
134+
crate-boundary policy, runtime parity fixtures, dependency exception gates, and
135+
small Fluxheim-owned runtime proof primitives, then removes Pingora dependency
136+
surface profile by profile. The line should keep behavior stable while moving
137+
code into focused crates where that reduces review surface. Shared Wasm
138+
extensibility moves to `1.7`; it should cover the operational jobs normally
139+
solved with F5 iRules, nginx Lua/OpenResty, HAProxy Lua/SPOE, and VCL-style
140+
cache logic, but only after the Pingora-free runtime boundary is stable. HTTP/3
141+
and QUIC remain a later Fluxheim-owned protocol milestone after that.
134142
Future "edge firewall" and "TLS VPN gateway" modes are realistic only as
135143
separate product modes, not as accidental load-balancer options. They would
136144
need dedicated compile profiles, threat models, packet/routing ownership,
@@ -211,14 +219,14 @@ upstream TLS material loading, and load-balancer factory/background wiring are
211219
tracked in the future native stream, load-balancer core, server/listener/TLS,
212220
and HTTP proxy runtime milestones instead of being treated as forgotten
213221
leftovers.
214-
After the smaller `1.5` dependency-reduction work and the `1.6` Wasm runtime,
215-
track two larger architecture lines separately: a Fluxheim-owned server
216-
bootstrap/listener/TLS runtime to replace Pingora `Server`, service
217-
registration, signal handling, hot-restart fd passing, and TLS listener
218-
configuration where that control is worth the complexity; and a later
219-
Fluxheim-owned HTTP proxy runtime to replace Pingora `ProxyHttp`/`Session` with
220-
a linear request/response pipeline. These are major-release-sized projects, not
221-
minor cleanup items.
222+
After the smaller `1.5` dependency-reduction work, `1.6` owns the larger
223+
architecture cleanup: a Fluxheim-owned server bootstrap/listener/TLS runtime to
224+
replace Pingora `Server`, service registration, signal handling, hot-restart fd
225+
passing, and TLS listener configuration where that control is worth the
226+
complexity; plus a Fluxheim-owned HTTP proxy runtime to replace Pingora
227+
`ProxyHttp`/`Session` with a linear request/response pipeline. The work is split
228+
across the `1.6.x` line with baseline and parity gates instead of being treated
229+
as incidental cleanup.
222230
Active load-balancer health checks should grow in focused slices before the
223231
larger protocol/runtime work: first close the HTTP request-header gap, add the
224232
standard gRPC Health Checking Protocol, add simple JSON field validation for
@@ -1675,7 +1683,7 @@ without parsing text fixtures for every module.
16751683
24. **Future WASM Extensibility**
16761684
- Architecture and security plan documented in
16771685
[WASM Extensibility](docs/wasm-extensibility.md).
1678-
- Target release: `1.6` as one shared extension runtime, not a partial
1686+
- Target release: `1.7` as one shared extension runtime, not a partial
16791687
cache-only `1.2.x` implementation.
16801688
- WASM support must be optional, compile-time gated, and disabled by
16811689
default. Planned features:

release-notes/RELEASE_NOTES_1.6.0.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,9 @@ remove Pingora safely in later 1.6.x releases.
5151
- Updated documentation language so the `1.5.x` line is treated as closed and
5252
future load-balancer health-check work is no longer described as a later
5353
`1.5.x` item.
54+
- Refreshed `ROADMAP.md` so `1.6.x` is consistently documented as the
55+
Pingora-exit line, shared Wasm extensibility is moved to `1.7`, and HTTP/3
56+
remains after the runtime boundary is stable.
5457

5558
## Notes
5659

0 commit comments

Comments
 (0)