Raw Record Source

{
  "$type": "site.standard.document",
  "path": "/roadmap",
  "publishedAt": "2026-05-25T15:56:58Z",
  "site": "at://did:plc:mkqt76xvfgxuemlwlx6ruc3w/site.standard.publication/3khuwc44c2222",
  "textContent": "# roadmap\n\nzat started as a small set of string primitives for AT Protocol — the types everyone reimplements (`Tid`, `Did`, `Handle`, `Nsid`, `Rkey`, `AtUri`). the scope grew based on real usage.\n\n## current status\n\n**v0.3.1** — zig 0.16, `std.Io` throughout.\n\nthe v0.3.0 migration replaced all networking and concurrency primitives with zig 0.16's [`std.Io`](https://ziglang.org/documentation/master/std/#std.Io) interface. the API change is mechanical: every networking type takes `io: std.Io` as its first parameter. streaming clients moved from `connect()` + `next()` loops to `subscribe(handler)` with automatic reconnection, backoff, and host rotation.\n\nthe library is stable and tested. downstream consumers continue to drive hardening work, especially around network safety and XRPC error handling.\n\n## history\n\n**what grew from usage:**\n- string primitives with parsing and validation — the initial scope\n- DID/handle resolution — `DidResolver`, `DidDocument`, `HandleResolver`\n- XRPC client and JSON helpers\n- JWT verification for service auth\n- jetstream client — typed JSON event stream with reconnection (v0.1.3)\n- firehose client — raw CBOR event stream, DAG-CBOR codec, CAR codec, CID creation (v0.1.4)\n- MST, ECDSA signing, `did:key` construction, multibase encoding (v0.1.9)\n- full repo verification — end-to-end trust chain from handle to MST root CID match (v0.2.0)\n- CID hash verification in CAR parser (v0.2.1), size limits (v0.2.2)\n- OAuth 2.1 DPoP client (v0.2.14)\n- configurable keep-alive, transport options (v0.2.12–v0.2.18)\n- `std.Io` migration, `subscribe(handler)` streaming API (v0.3.0)\n- checked XRPC results, retry policy, and identity network safety (v0.3.1)\n\nthis pattern — start minimal, expand based on real pain — continues.\n\n## what's next\n\nthe library covers the full AT Protocol verification pipeline: identity resolution, repo parsing, signature verification, and MST validation. benchmarked against Go (indigo) and Rust (rsky) in [atproto-bench](https://tangled.org/zzstoatzz.io/atproto-bench).\n\nnear-term:\n- keep validating the v0.3.x surface in production consumers\n- promote repeated downstream patterns into the library once they prove stable\n\nwhat's missing will show up when people build things. until then, no speculative features.\n\n## maybe later\n\nthese stay out of scope unless real demand emerges:\n\n- lexicon codegen — probably a separate project\n- higher-level clients/frameworks — too opinionated\n- token refresh/session management — app-specific\n- feed generator scaffolding — each feed is unique\n\n## non-goals\n\nzat is not trying to be:\n\n- a \"one true SDK\" that does everything\n- an opinionated app framework\n- a replacement for understanding the protocol\n",
  "title": "roadmap"
}