> 日本語版: [14-roadmap.ja.md](./14-roadmap.ja.md) > ## 14. Roadmap ### Release Strategy ampless follows a four-stage release path: **alpha → beta → RC → stable**. - **alpha** (complete): closed development, repo private, npm `alpha` dist-tag, dogfood-driven feature work. Decisions were guided by "can I run my own multiple sites on ampless?" - **beta** (current): repo is **public**, npm `beta` dist-tag. Breaking changes are still possible (called out via changesets), but external users can install and external plugin authors can publish. - **RC**: feature-complete, no more breaking changes expected. Dogfood sites run on RC builds for the final-tuning period. - **stable** (v1.0): public launch. The ampless introduction page (built with ampless itself) ships simultaneously. v1.0 RC entry criteria (unchanged from the previous plan): (a) production-quality for the dogfood sites, and (b) the ampless-built introduction page is ready. Beta entry was handled through a private blocker checklist before public launch. Internal version numbers are bumped normally with changesets throughout all four stages. WordPress compatibility scope is **WXR data import only**; plugin / theme / Gutenberg block compatibility is explicitly out of scope. ### Positioning (2026-06-07) ampless is a customization-based CMS for engineers — non-engineers operate it with the polished admin. Plugins are npm dependencies that the site engineer imports + configures directly (Astro integration / Next.js plugin pattern); the engineer audits each dep before installing. The v1 trust framework (`trust_level`, capabilities, IAM-scoped Lambdas) is implemented as **first-party plugin organization** — which trust tier's Lambda runs each event hook, narrow hard gates such as `settings.secret` requiring `trust_level: 'trusted'`, and capability declarations supporting mismatch warnings + admin labels + future allow-lists. Not designed as a marketplace-grade automatic sandbox for arbitrary third-party untrusted plugins. Marketplace and runtime sandbox are deferred to v2.0+ exploration only, and only if AmpLess later needs to safely run plugins the engineer has not audited. --- ### v0.x (in progress — accumulated through dogfooding) Features needed to run dogfood sites on ampless, in priority order. Each changesets cut at a granular level, bumped from v0.x → v0.(x+1) when a meaningful unit is ready. #### Single-site model + edge caching (top priority) - [x] CloudFront cache strategy for **asset bytes**: `/api/media/...` and static-bundle `//` routes stream the S3 object back through the Lambda response (instead of 302-redirecting to a presigned URL) so Amplify Hosting's CloudFront edge cache absorbs repeat reads. Files larger than 6 MB still fall back to the 302 presigned path. Asset metadata (size, mimeType) is persisted in the Media DynamoDB row + `post.metadata.files` so the read path skips a HEAD round-trip. - [ ] CloudFront cache strategy for **themed post HTML responses**: emit `Cache-Control: public, s-maxage=...` on SSR responses to leverage CloudFront caching → reduce Lambda invocations (Amplify Hosting's internal CloudFront doesn't include Host in the cache key and users cannot modify Cache Policy / Lambda@Edge, so the cleanest path is to make every deployment serve a single site) - [ ] Amplify Hosting custom domain operations guide (DNS / SSL / adding separate domain procedure) #### Themes / Visual Customization - [ ] Lightweight customization via `configSchema` (primaryColor, font, logo, sidebar toggle) - [ ] Additional themes (landing page, portfolio, documentation site) - [ ] **`@ampless/theme-dads`** — A theme conforming to the Digital Agency Design System (DADS). Combines `@digital-go-jp/tailwind-theme-plugin` (MIT, officially Tailwind v4 compatible) with MIT React sample components to deliver a theme that serves layout and content in full DADS specification. Intended for Japanese, government, and public-sector site scenarios - [ ] Theme switching + iframe preview (in admin UI) #### MCP / AI Integration - [ ] AI provider abstraction layer - [ ] Proofreading / summarization plugins #### Plugin Extension (dogfood-driven, phased) Phased work is summarized here; the public contract lives in [08-plugin-architecture.md](./08-plugin-architecture.md). Each phase ships at least one bundled plugin that exercises the new surface, then the next phase starts. - [x] Phase 1: descriptor-based head/body injection + `capabilities` / `instanceId` / `displayName` on `AmplessPlugin`. First plugin: `@ampless/plugin-analytics-ga4` (settings via `cms.config.ts`). Contract: [08-plugin-architecture.md](./08-plugin-architecture.md) - [x] Phase 2: admin-managed public settings (`/admin/plugins`, S3 cache mirror). GA4 settings migrate to the admin UI; new plugin author guide ships in `ampless` tarball + scaffold copy - [x] Phase 3: trust-level dogfood. Phase 3a complete — `@ampless/plugin-gtm` + `@ampless/plugin-plausible` (untrusted) ship as new bundled plugins exercising the Phase 1/2 descriptor + admin-settings API. Phase 3c complete — `writePublicAsset` is formalised with runtime key validation + `instanceId ?? name` namespace enforcement, and existing `seo` / `rss` declare the new capability surface. Phase 3b complete — `PluginRepeatableField` (list-of-objects setting type) + `@ampless/plugin-cookie-consent` (untrusted) + Consent Convention regulation (`window.amplessConsent` global API + standard events), plus `consentCategory?: string` gated mode in GA4 / GTM / Plausible. - [x] Phase 4: per-post body injection API (`publicBodyForPost`) + `schema` capability + JSON-LD auto-escape (`escapeJsonLdInlineBody`). First plugin: `@ampless/plugin-schema-jsonld` (untrusted). Theme post templates call `ampless.publicBodyForPost(post)` to render `