CAIRL Product Roadmap
Last Updated: 2026-01-27 Version: 1.0
Legend
Status
- ✅ Complete
- 🔄 In Progress
- ⏳ Not Started
Complexity
- 🟢 Low - 1-2 days, single Claude Code session
- 🟡 Medium - 3-5 days, 2-3 Claude Code sessions
- 🔴 High - 1-2 weeks, multiple sessions + external integrations
- ⚫ Very High - 2-4 weeks, significant compliance/architecture work
Phase Overview
| Phase | Timeline | Focus | Status |
|---|---|---|---|
| MVP | Weeks 1-6 | Core verification + payments | 🔄 In Progress |
| Post-Launch | Months 2-3 | Privacy tools + OAuth | ⏳ Not Started |
| Future | Months 4-6+ | Advanced features + scale | ⏳ Not Started |
MVP (Launch Requirements)
1. Authentication & Identity
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| User registration | ✅ | 🟢 | Complete |
| Email/password login | ✅ | 🟢 | Complete |
| Email verification | ✅ | 🟢 | AWS SES |
| Password reset | ✅ | 🟢 | Complete |
| Protected dashboard | ✅ | 🟢 | Complete |
| Session management | ✅ | 🟢 | NextAuth.js |
| Logout | ✅ | 🟢 | Complete |
Status: ✅ Complete
2. Document Management
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Document library page | ✅ | 🟢 | Complete |
| Document type config (70+ types) | ✅ | 🟢 | Complete |
| Upload wizard (basic) | ✅ | 🟡 | Needs known/variable logic |
| Known format upload (front/back) | 🔄 | 🟡 | In progress |
| Variable format upload (multi-page) | 🔄 | 🟡 | In progress |
| Single file upload (PDF) | 🔄 | 🟡 | In progress |
| File upload component | ✅ | 🟢 | Complete |
| Selfie capture component | ✅ | 🟢 | Complete |
| S3 storage integration | ✅ | 🟢 | Complete |
| Document detail page | ⏳ | 🟢 | View single document |
| Document deletion | ⏳ | 🟢 | Soft delete |
| Document download | ⏳ | 🟢 | Secure signed URLs |
| HEIC to JPG conversion | ⏳ | 🟡 | iPhone photo support |
| Storage usage tracking | ⏳ | 🟢 | Track per user |
Status: 🔄 In Progress Chat: Document Management 001
3. Identity Verification (Rekognition)
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| AWS Rekognition integration | ⏳ | 🟡 | CompareFaces API |
| Face match (selfie vs ID) | ⏳ | 🟡 | Core verification |
| Confidence scoring | ⏳ | 🟢 | Store similarity % |
| Auto-approve threshold (≥95%) | ⏳ | 🟢 | Configuration |
| Auto-reject threshold (<70%) | ⏳ | 🟢 | Configuration |
| Manual review queue | ⏳ | 🟡 | 70-95% confidence |
| Verification status management | ⏳ | 🟢 | pending/verified/rejected |
| Re-verification flow | ⏳ | 🟡 | When document expires |
| Liveness detection | ⏳ | 🔴 | Prevent photo-of-photo |
Status: ⏳ Not Started Chat: Verification & Rekognition 001
4. Document Certification
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Certification levels config | ✅ | 🟢 | Stored/Verified/Certified/Notarized |
| PDF/A-2b conversion (images) | ⏳ | 🟡 | Canonical format |
| PDF/A-2b validation | ⏳ | 🟡 | Verify compliance |
| Office doc to PDF/A | ⏳ | 🔴 | LibreOffice headless |
| Document hashing (SHA-256) | ⏳ | 🟢 | Tamper detection |
| Verification badge display | ⏳ | 🟢 | UI component |
| Original + canonical storage | ⏳ | 🟢 | Dual storage |
Status: ⏳ Not Started Chat: Document Certification 001
5. Payments & Subscriptions
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Stripe integration | ⏳ | 🟡 | Account setup |
| Subscription tiers | ⏳ | 🟡 | Personal/Plus/Pro |
| One-time payments | ⏳ | 🟡 | Age verification $4.99 |
| Payment method management | ⏳ | 🟡 | Stripe Customer Portal |
| Subscription status tracking | ⏳ | 🟢 | Database + webhooks |
| Webhook handling | ⏳ | 🟡 | Payment events |
| Usage-based billing | ⏳ | 🔴 | Storage overage |
| Invoice generation | ⏳ | 🟢 | Stripe handles |
| Dunning (failed payments) | ⏳ | 🟡 | Retry logic |
Status: ⏳ Not Started Chat: Payments & Compliance 001
6. User Dashboard
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Dashboard home | ✅ | 🟢 | Basic complete |
| Verification status display | ⏳ | 🟢 | Show verified/pending |
| Document count/storage usage | ⏳ | 🟢 | Stats display |
| Subscription status | ⏳ | 🟢 | Current plan |
| Quick actions | ⏳ | 🟢 | CTA buttons |
| Recent activity | ⏳ | 🟡 | Activity feed |
Status: 🔄 In Progress Chat: Dashboard 001
7. Admin Dashboard
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Admin authentication | ⏳ | 🟡 | Role-based access |
| Verification review queue | ⏳ | 🟡 | Pending verifications |
| Side-by-side comparison | ⏳ | 🟡 | ID vs selfie |
| Approve/reject actions | ⏳ | 🟢 | With reason |
| User management | ⏳ | 🟡 | View/search users |
| Document audit logs | ⏳ | 🟡 | HIPAA compliance |
| System statistics | ⏳ | 🟡 | Metrics dashboard |
Status: ⏳ Not Started Chat: Admin Dashboard 001
8. Core Infrastructure
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Environment setup | ✅ | 🟢 | dev/staging/prod |
| Git workflow | ✅ | 🟢 | Branch protection |
| CI/CD | ✅ | 🟢 | GitHub Actions |
| Vercel deployment | ✅ | 🟢 | Complete |
| Database migrations | ✅ | 🟢 | Drizzle |
| Error handling/logging | ⏳ | 🟡 | Structured logging |
| Rate limiting | ⏳ | 🟡 | API protection |
Status: 🔄 In Progress Chat: Infrastructure 001
Post-Launch (Phase 2 - Months 2-3)
9. Email Aliases
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Email alias generation | ⏳ | 🟡 | user123@cairl.email |
| Email forwarding (SES) | ⏳ | 🟡 | Inbound → user's email |
| Alias management UI | ⏳ | 🟡 | Create/disable/delete |
| Per-service aliases | ⏳ | 🟢 | Link to "private account" |
| Spam filtering | ⏳ | 🔴 | Prevent abuse |
| Reply-from alias | ⏳ | 🔴 | Send as alias |
Chat: Email Aliases 001
10. Phone Masking
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Twilio integration | ⏳ | 🟡 | Account setup |
| Phone number provisioning | ⏳ | 🟡 | Buy numbers |
| Call forwarding | ⏳ | 🟡 | Inbound → user's phone |
| SMS forwarding | ⏳ | 🟡 | Two-way |
| Number management UI | ⏳ | 🟡 | Activate/deactivate |
| Usage tracking | ⏳ | 🟢 | Minutes/SMS count |
| STIR/SHAKEN compliance | ⏳ | 🟡 | Twilio handles mostly |
Chat: Phone Masking 001
11. OAuth Provider
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| OAuth 2.0 server | ⏳ | 🔴 | Authorization code flow |
| Partner registration | ⏳ | 🟡 | Client ID/secret |
| Consent screen | ⏳ | 🟡 | User approves sharing |
| Token generation | ⏳ | 🟡 | JWT access tokens |
| Scopes (age, identity) | ⏳ | 🟡 | Granular permissions |
| Token refresh | ⏳ | 🟡 | Refresh tokens |
| Partner dashboard | ⏳ | 🟡 | Usage stats |
| Webhook notifications | ⏳ | 🟡 | Verification events |
Chat: OAuth Provider 001
12. Freshness System
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Freshness levels config | ✅ | 🟢 | Fresh/Recent/Stale/Dormant |
| Quick liveness check | ⏳ | 🟡 | Fast selfie compare |
| Freshness degradation | ⏳ | 🟢 | Cron job |
| Freshness check UI | ⏳ | 🟡 | In-app prompt |
| Partner freshness requirements | ⏳ | 🟡 | API parameter |
Chat: Verification & Rekognition 002
13. Photo Certification (Anti-Catfish)
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Photo upload for certification | ⏳ | 🟢 | Compare to verified selfie |
| Confidence score display | ⏳ | 🟢 | % match |
| Certification badge | ⏳ | 🟢 | "CAIRL Certified" |
| Shareable verification link | ⏳ | 🟡 | Public verification |
| QR code generation | ⏳ | 🟢 | For badges |
Chat: Photo Certification 001
14. Household Plans
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Family/household accounts | ⏳ | 🔴 | Multi-user subscription |
| Member roles | ⏳ | 🟡 | Owner/adult/minor |
| Minor controls | ⏳ | 🔴 | Parental oversight |
| Shared storage pool | ⏳ | 🟡 | Family storage |
| Member invitations | ⏳ | 🟡 | Email invites |
Chat: Household Plans 001
15. Business Tiers
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Business subscription tiers | ⏳ | 🟡 | Business/Business Plus |
| Team management | ⏳ | 🟡 | Add/remove members |
| API access controls | ⏳ | 🟡 | Rate limits per tier |
| Usage reporting | ⏳ | 🟡 | Admin dashboard |
| Bulk verification | ⏳ | 🔴 | Batch processing |
Chat: Business Tiers 001
Future (Phase 3 - Months 4-6+)
16. Virtual Cards
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Stripe Issuing integration | ⏳ | ⚫ | Compliance-heavy |
| Card creation | ⏳ | 🔴 | Per-merchant cards |
| Spending limits | ⏳ | 🟡 | Per-card controls |
| Card pause/delete | ⏳ | 🟡 | Instant control |
| Transaction history | ⏳ | 🟡 | View spending |
| KYC compliance | ⏳ | ⚫ | Additional verification |
| AML monitoring | ⏳ | ⚫ | Fraud detection |
Chat: Virtual Cards 001
17. Human Verification Services
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Manual review workflow | ⏳ | 🟡 | Staff reviews |
| Live video verification | ⏳ | 🔴 | Video call integration |
| Scheduling system | ⏳ | 🟡 | Appointment booking |
| Notary network integration | ⏳ | ⚫ | Notarize.com API |
| In-person verification partners | ⏳ | ⚫ | UPS/FedEx partnership |
| Payment for services | ⏳ | 🟡 | Stripe checkout |
Chat: Human Verification 001
18. Digital Signatures
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| CAIRL certificate authority | ⏳ | ⚫ | PKI infrastructure |
| Document signing (PAdES) | ⏳ | 🔴 | PDF signatures |
| Timestamp authority integration | ⏳ | 🔴 | RFC 3161 |
| Signature verification | ⏳ | 🟡 | Validate signatures |
| Certificate chain display | ⏳ | 🟡 | UI component |
Chat: Digital Signatures 001
19. Public Verification Portal
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Public verification page | ⏳ | 🟡 | cairl.com/verify |
| QR code scanning | ⏳ | 🟢 | Mobile camera |
| Hash verification | ⏳ | 🟢 | Document integrity |
| Verification result display | ⏳ | 🟢 | Authentic/tampered |
| Rate limiting | ⏳ | 🟢 | Prevent abuse |
Chat: Verification Portal 001
20. Document OCR & Extraction
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| AWS Textract integration | ⏳ | 🟡 | Document OCR |
| ID field extraction | ⏳ | 🟡 | Name, DOB, expiry |
| Barcode/MRZ reading | ⏳ | 🔴 | Driver's license, passport |
| Data validation | ⏳ | 🟡 | Cross-check fields |
| Auto-populate metadata | ⏳ | 🟢 | Fill form fields |
Chat: Document OCR 001
21. Enterprise Features
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| Custom SLA | ⏳ | 🟡 | Per-customer agreements |
| Dedicated support | ⏳ | 🟡 | Account manager |
| Custom integrations | ⏳ | 🔴 | Bespoke development |
| White-label option | ⏳ | ⚫ | Remove CAIRL branding |
| On-premise option | ⏳ | ⚫ | Self-hosted |
| Volume discounts | ⏳ | 🟢 | Pricing tiers |
Chat: Enterprise 001
22. Compliance & Security
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| SOC 2 Type II preparation | ⏳ | ⚫ | 6-12 month process |
| HIPAA compliance | ⏳ | ⚫ | Healthcare documents |
| GDPR compliance | ⏳ | 🔴 | EU users |
| Penetration testing | ⏳ | 🔴 | External audit |
| Security documentation | ⏳ | 🟡 | Policies/procedures |
| Bug bounty program | ⏳ | 🟡 | Responsible disclosure |
Chat: Compliance 001
23. Mobile App
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| React Native app | ⏳ | ⚫ | iOS + Android |
| Biometric login | ⏳ | 🟡 | Face ID / fingerprint |
| Push notifications | ⏳ | 🟡 | Verification alerts |
| Camera integration | ⏳ | 🟡 | Native camera |
| Offline document access | ⏳ | 🔴 | Secure storage |
| App store deployment | ⏳ | 🟡 | Apple + Google |
Chat: Mobile App 001
24. Analytics & Reporting
| Feature | Status | Complexity | Notes |
|---|---|---|---|
| User analytics | ⏳ | 🟡 | Privacy-preserving |
| Verification metrics | ⏳ | 🟡 | Success rates |
| Revenue dashboards | ⏳ | 🟡 | Stripe + internal |
| Partner usage reports | ⏳ | 🟡 | API analytics |
| Export capabilities | ⏳ | 🟢 | CSV/PDF reports |
Chat: Analytics 001
Summary
MVP Scope
| Category | Total Features | Complete | In Progress | Not Started |
|---|---|---|---|---|
| Authentication | 7 | 7 | 0 | 0 |
| Document Management | 14 | 6 | 3 | 5 |
| Identity Verification | 9 | 0 | 0 | 9 |
| Document Certification | 7 | 1 | 0 | 6 |
| Payments | 9 | 0 | 0 | 9 |
| User Dashboard | 6 | 1 | 0 | 5 |
| Admin Dashboard | 7 | 0 | 0 | 7 |
| Infrastructure | 7 | 5 | 0 | 2 |
| TOTAL | 66 | 20 | 3 | 43 |
Estimated Timeline
| Phase | Features | Estimated Duration |
|---|---|---|
| MVP | 66 features | 4-6 weeks |
| Post-Launch | 41 features | 6-8 weeks |
| Future | 51 features | 3-6 months |
Development Order (Recommended)
Weeks 1-2: Document Management
- Known/variable upload wizard
- Document detail page
- Document deletion
- HEIC conversion
Weeks 2-3: Identity Verification
- Finalize architecture
- Rekognition integration
- Auto-approve/reject logic
- Manual review queue
Weeks 3-4: Payments
- Stripe integration
- Subscription tiers
- One-time payments
- Webhook handling
Week 5: Admin Dashboard
- Verification review queue
- User management
- Basic statistics
Week 6: Polish & Launch
- Error handling
- Rate limiting
- Final testing
- Production deployment
Chat Organization
Active Development Chats
| Chat | Purpose | Priority |
|---|---|---|
| General 002 | CTO strategic advisory | Ongoing |
| Document Management 001 | Build upload system | High |
| Verification & Rekognition 001 | Design verification | High |
| Payments & Compliance 001 | CFO/financial strategy | High |
Create When Needed
| Chat | Purpose | Timing |
|---|---|---|
| Admin Dashboard 001 | Build review queue | After verification |
| Dashboard 001 | User dashboard | After payments |
| Infrastructure 001 | Logging, monitoring | Before launch |
| Email Aliases 001 | Build email masking | Month 2 |
| Phone Masking 001 | Build phone masking | Month 2-3 |
| OAuth Provider 001 | Build OAuth server | Month 2-3 |
Document Version: 1.0 Last Updated: 2026-01-27 Maintained By: CAIRL Engineering