Roadmap

[nao1215]

This issue tracks the main roadmap items for truss.
Each item below has its own issue.
Items that are closed as not planned are removed from this active roadmap.

Image Processing

• feat: add sharpen filter #44 Add sharpen filter
• feat: add TIFF format support #45 Add TIFF format support
• feat: add explicit crop operation #46 Add explicit crop operation
• Add image optimization pipeline (lossless and lossy) #139 Add image optimization pipeline (lossless and lossy)

Integrations

• Add S3-compatible object storage backend #17 Add S3-compatible object storage backend
• Add named transform presets for public endpoints #14 Add named transform presets for public endpoints
• Publish official TypeScript URL signer package #21 Publish official TypeScript URL signer package
• Publish Next.js integration example #15 Publish Next.js integration example
• Add watermark support to HTTP server endpoints #33 Add watermark support to HTTP server endpoints

Distribution

• Publish Homebrew formula and installation docs #23 Publish Homebrew formula and installation docs
• Publish standalone release binaries and checksums #29 Publish standalone release binaries and checksums
• Add benchmark suite and comparison docs against imgproxy and imagor #16 Add benchmark suite and comparison docs against imgproxy and imagor
• Add Blur and Watermark controls to WASM demo (GitHub Pages) #35 Add Blur and Watermark controls to WASM demo (GitHub Pages)

CI / Performance

• perf: consolidate integration test Docker builds into a single shared job #49 Consolidate integration test Docker builds into a single shared job
• perf: introduce cargo-chef in Dockerfile for dependency layer caching #50 Introduce cargo-chef in Dockerfile for dependency layer caching
• perf: reduce rust.yml test/clippy matrix from 7 runs to 1 with --all-features #51 Reduce rust.yml test/clippy matrix from 7 runs to 1 with --all-features
• perf: eliminate QEMU Rust compilation in release Docker push #52 Eliminate QEMU Rust compilation in release Docker push

Production

• Add Prometheus /metrics endpoint #37 Add Prometheus /metrics endpoint
• Make server concurrency and deadline limits configurable #28 Make server concurrency and deadline limits configurable
• Add structured access logs and request IDs #26 Add structured access logs and request IDs

Security & Compatibility

• Add signed URL key rotation support #25 Add signed URL key rotation support
• Publish signed URL specification and compatibility policy #27 Publish signed URL specification and compatibility policy

Documentation

• Improve README with comparison table, architecture diagram, and demo GIF #38 Improve README with comparison table, architecture diagram, and demo GIF

Hardening (CDN / Production-readiness)

• Add maximum input image pixel limit #58 Add maximum input image pixel limit
• Protect /metrics endpoint with authentication or bind address separation #59 Protect /metrics endpoint with authentication or bind address separation
• Make maximum upload body size configurable #60 Make maximum upload body size configurable
• Enhance health check with cache disk, concurrency, and memory checks #62 Enhance health check with cache disk, concurrency, and memory checks
• Add graceful shutdown drain period for CDN deployments #63 Add graceful shutdown drain period for CDN deployments
• Allow custom response headers for CDN cache control #64 Allow custom response headers for CDN cache control
• Make keep-alive max requests configurable #65 Make keep-alive max requests configurable
• Add config validation subcommand #66 Add config validation subcommand
• Support hot-reload for transform presets #67 Support hot-reload for transform presets
• Add dynamic log level switching at runtime #68 Add dynamic log level switching at runtime
• Add response compression for non-image payloads #69 Add response compression for non-image payloads

Health Check Hardening

• Add hysteresis to readiness probe resource checks to prevent flapping #72 Add hysteresis to readiness probe resource checks to prevent flapping
• Consider authentication for /health diagnostic endpoint #73 Consider authentication for /health diagnostic endpoint
• Cache syscall results in health check endpoints #74 Cache syscall results in health check endpoints

Refactoring — Structural Improvements (High Priority)

• Eliminate unsafe env::set_var in tests by introducing scoped environment guards #80 Eliminate unsafe env::set_var in tests by introducing scoped environment guards
• Split server/mod.rs into routing, handler, and lifecycle modules #85 Split server/mod.rs into routing, handler, and lifecycle modules
• Split cli.rs into subcommand-specific submodules #86 Split cli.rs into subcommand-specific submodules
• Add request tracing with UUID per request #91 Add request tracing with UUID per request

Refactoring — Robustness & Configurability (Medium Priority)

• Split server_transform.rs into focused test modules #81 Split server_transform.rs into focused test modules
• Add cache corruption recovery and cleanup #82 Add cache corruption recovery and cleanup
• Extract deadline checking into a helper macro or method #87 Extract deadline checking into a helper macro or method
• Make hardcoded limits configurable via environment variables #88 Make hardcoded limits configurable via environment variables
• Add optional per-IP rate limiting #92 Add optional per-IP rate limiting
• Add size-based cache eviction policy #93 Add size-based cache eviction policy
• Add architecture guide to CONTRIBUTING.md for new contributors #97 Add architecture guide to CONTRIBUTING.md for new contributors
• Document design decisions in code comments (DNS pinning, sync I/O, cache strategy) #100 Document design decisions in code comments
• Add CI check for OpenAPI spec and code synchronization #102 Add CI check for OpenAPI spec and code synchronization
• Add explicit overflow checks for image buffer arithmetic #103 Add explicit overflow checks for image buffer arithmetic
• Validate watermark decoded dimensions against header-declared size #104 Validate watermark decoded dimensions against header-declared size

Refactoring — Polish & Documentation (Low Priority)

• Add tests for graceful shutdown and connection draining #83 Add tests for graceful shutdown and connection draining
• Add tests for remote fetch redirect chains #84 Add tests for remote fetch redirect chains
• Introduce Dimensions wrapper type for (width, height) pairs #89 Introduce Dimensions wrapper type for (width, height) pairs
• Enrich error messages with contextual information #90 Enrich error messages with contextual information
• Document synchronous I/O design decision and slow-client implications #94 Document synchronous I/O design decision and slow-client implications
• Add deny.toml for dependency license and vulnerability checking #95 Add deny.toml for dependency license and vulnerability checking
• Optimize Cargo.toml keywords and categories for crates.io discoverability #96 Optimize Cargo.toml keywords and categories for crates.io discoverability
• Add doc-tests for public API in lib.rs #98 Add doc-tests for public API in lib.rs
• Automate CHANGELOG generation with git-cliff #99 Automate CHANGELOG generation with git-cliff
• Split README.md into focused documentation pages #101 Split README.md into focused documentation pages
• Make output format preference order configurable in content negotiation #105 Make output format preference order configurable in content negotiation
• Add exhaustive EXIF orientation tests for all 8 rotation/flip combinations #106 Add exhaustive EXIF orientation tests for all 8 rotation/flip combinations

Refactoring — Multi-Perspective Code Review (2026-03-13)

• Complete server/mod.rs extraction — remove 5000+ lines of duplicated code #114 Complete server/mod.rs extraction — remove 5000+ lines of duplicated code
• Introduce unified transform dispatch to eliminate SVG/raster routing duplication #115 Introduce unified transform dispatch to eliminate SVG/raster routing duplication
• Add #[serial] to cloud integration tests that use env::set_var #116 Add #[serial] to cloud integration tests that use env::set_var
• Rate limiter is bypassed when server runs behind a reverse proxy #117 Rate limiter is bypassed when server runs behind a reverse proxy
• SSRF bypass via IPv6 embedding (6to4, Teredo, IPv4-compatible addresses) #118 SSRF bypass via IPv6 embedding (6to4, Teredo, IPv4-compatible addresses)
• SVG sanitizer has no complexity limits (element count, nesting depth, CSS size) #119 SVG sanitizer has no complexity limits (element count, nesting depth, CSS size)
• Cache eviction performs full filesystem scan on every write #120 Cache eviction performs full filesystem scan on every write
• Consolidate duplicated test helpers across integration test files #121 Consolidate duplicated test helpers across integration test files
• Add #[non_exhaustive] to public enums for semver safety #122 Add #[non_exhaustive] to public enums for semver safety
• Add integration tests for HTTP HEAD requests #123 Add integration tests for HTTP HEAD requests
• Add unit tests for routing.rs, handler.rs, signing.rs, lifecycle.rs, and CLI subcommands #124 Add unit tests for routing.rs, handler.rs, signing.rs, lifecycle.rs, and CLI subcommands
• Update stale documentation: pipeline.md, prometheus.md, core.rs doc comments #125 Update stale documentation: pipeline.md, prometheus.md, core.rs doc comments
• Add Pull Request template and update stale issue template placeholder #126 Add Pull Request template and update stale issue template placeholder
• Rate limiter uses single Mutex creating contention bottleneck under load #127 Rate limiter uses single Mutex creating contention bottleneck under load
• Run security audit on PRs, not just on push to main #128 Run security audit on PRs, not just on push to main
• Replace manual JSON construction in CLI inspect with serde_json #129 Replace manual JSON construction in CLI inspect with serde_json
• Add #[must_use] to key public types and functions #130 Add #[must_use] to key public types and functions
• Guard Rgba8::from_hex against non-ASCII input to prevent potential panic #131 Guard Rgba8::from_hex against non-ASCII input to prevent potential panic