Roadmap 2027 — Node.js First, Multi-language SDK Expansion
Labels: roadmap, enhancement
Assignee: @contexa73
Type: Epic
Background
Contexa today targets the JVM ecosystem (Java / Spring Boot, ~9 M developers). The Java reference implementation took roughly 12 months to reach RC quality with a single-developer team, and we want to be honest about what a similar engineering effort means for additional runtimes.
This roadmap prioritizes Node.js as the immediate next runtime because:
- Largest single language community (~16 M developers)
- Dominant in API gateways, BFF, and SaaS startups — exactly where post-authentication runtime control matters most
- TypeScript type system aligns naturally with our strict contract approach (5-action enum, sealed evidence)
Phase plan (single-developer baseline)
| Phase |
Target |
Period |
Notes |
| P1 |
Node.js SDK (Express · Fastify · Koa · NestJS · TypeScript types) |
2027 (full year) |
Java reference took 12 months solo; Node.js expected to take 9–12 months at the same staffing level |
| P2 |
Python SDK |
2028 H1 |
Starts after P1 v1.0 ship, or sooner if hiring closes |
| P3 |
Go Runtime Adapter (net/http · gin · echo · gRPC) |
2028 H2 |
gRPC interceptor adds material complexity |
| P4 |
Cross-runtime parity tests |
Rolling, per phase |
Each SDK ships with the 5-action conformance suite |
Why these timelines are realistic
- The Java reference (
spring-boot-starter-contexa + contexa-core + contexa-iam + contexa-identity + contexa-common) accumulated 1,941+ Java files over 12 months, all single-developer
- Each new runtime has to re-implement the OAuth2 / JWT bridge, sealed evidence (SHA-256 8-section), 5-action HTTP/status mapping, and the decision client transport — none of which transfer mechanically across language boundaries
- Solo engineering capacity caps parallelism at one runtime at a time. Hiring will accelerate later phases.
Acceleration scenarios
| Scenario |
Effect on roadmap |
| Solo throughout 2027–2028 |
P1 ships end of 2027, P2 mid-2028, P3 end of 2028 |
| 1 backend hire mid-2027 |
P2 starts in parallel with P1 polish; P3 brought into 2028 H1 |
| 2 backend hires after Series A |
All three runtimes parallel by 2028 |
Out of scope (this roadmap)
- C# / .NET adapter (deferred — no committed date)
- Rust runtime adapter (deferred)
- Mobile SDK (iOS / Android) — different threat model, separate roadmap
Success criteria (per runtime)
- Each adapter passes the 5-action conformance suite (ALLOW · CHALLENGE · BLOCK · ESCALATE · PENDING_ANALYSIS)
- Authentication flow integrates with the existing OAuth2 / JWT bridge (
mcp-auth-server)
- Evidence sealing (SHA-256 8-section package) consistent with the JVM core
- Open Trust Benchmark publishes per-runtime verification results
Dependencies
Discussion welcome
Comment with your runtime priority, integration constraints we should not break, or with hiring referrals if you know strong Node.js / Python / Go engineers interested in security-domain work.
Roadmap 2027 — Node.js First, Multi-language SDK Expansion
Labels:
roadmap,enhancementAssignee: @contexa73
Type: Epic
Background
Contexa today targets the JVM ecosystem (Java / Spring Boot, ~9 M developers). The Java reference implementation took roughly 12 months to reach RC quality with a single-developer team, and we want to be honest about what a similar engineering effort means for additional runtimes.
This roadmap prioritizes Node.js as the immediate next runtime because:
Phase plan (single-developer baseline)
Why these timelines are realistic
spring-boot-starter-contexa+contexa-core+contexa-iam+contexa-identity+contexa-common) accumulated 1,941+ Java files over 12 months, all single-developerAcceleration scenarios
Out of scope (this roadmap)
Success criteria (per runtime)
mcp-auth-server)Dependencies
Discussion welcome
Comment with your runtime priority, integration constraints we should not break, or with hiring referrals if you know strong Node.js / Python / Go engineers interested in security-domain work.