Roadmap¶
Legend: 🟢 done · 🔵 in progress · ⚪ planned · 🏁 good first issue · 💛 help wanted
Current PyPI version: 0.1.1-beta — pip install --pre ghostvault
v0.1-beta (current — PyPI 0.1.x)¶
⚠️ Beta software — core features work and are tested (160 tests, CI green), but some edge cases may not be covered. API may change before v1.0.
All features listed below are done and shipped in the current beta:
Core¶
- 🟢 Per-account persistent Camoufox profiles + locked fingerprints
- 🟢 42 MCP tools (accounts, lifecycle, browser, providers, API, scraping, debug, security)
- 🟢 Vision support (
gv_screenshot,include_screenshot) - 🟢 Structured JSONL debug logs +
gv_get_logs - 🟢 One-click installer (
install.sh/install.ps1) + PyPI (pip install --pre ghostvault) - 🟢 Auto-update check on startup
- 🟢 CI: lint + test + build + docs deploy + PyPI publish
Provider system¶
- 🟢 Provider-agnostic login — built-in (google/github/facebook/generic) + custom via
gv_create_provider - 🟢 Login scan —
gv_detect_login_optionsdetects SSO buttons, form fields, 2FA, captcha - 🟢 3 login levels — manual (Level 1), form auto-fill (Level 2), record + replay (Level 3)
- 🟢 Session health check —
gv_check_session(cookie + probe URL) - 🟢 Credentials storage —
gv_set_credentials/gv_get_credentials
Anti-detect¶
- 🟢 Advanced fingerprint config — 105 Camoufox config keys + presets + 10 device profiles
- 🟢 Human-like interaction — log-normal typing, typo+correction, pre-click hover, burst scroll
- 🟢 3-layer humanize policy — off / recommended / always
Browser + API¶
- 🟢 Anonymous scraping —
gv_open_ephemeral/gv_close_ephemeral - 🟢 API tools —
gv_api_call,gv_eval_js,gv_get_cookies - 🟢 Profile recovery — stale lock cleanup + corruption detection
Security¶
- 🟢 Encryption at rest (optional) — AES-256-GCM + OS keychain
- 🟢 Auto-close / auto-lock
- 🟢 Private/public profiles — password gate + 5-attempt wipe
- 🟢 SDK client (
ghostvault_sdk) - 🟢 GitHub Pages docs (22 pages)
Known issues (blocking v1.0)¶
- 🔵 macOS Retina/HiDPI rendering (Camoufox upstream bug)
- 🔵 MCP tool timeout for
gv_setup_password(browser stays open but client times out) - 🟢 Provider-agnostic login — built-in + custom providers, login scan, 3 login levels
- 🟢 Session health check —
gv_check_session - 🟢 API tools —
gv_api_call,gv_eval_js,gv_get_cookies - 🟢 Profile recovery — stale lock cleanup + corruption detection
- 🟢 Private/public profiles + password gate
- 🟢 SDK client (
ghostvault_sdk) - 🟢 GitHub Pages docs site
v0.2 — Stabilize (next — when known issues are fixed)¶
Make the beta rock-solid. Fix Retina rendering, test with real users, stabilize API.
- 🔵 Fix macOS Retina/HiDPI rendering
- 🔵 Fix MCP timeout for setup_password
- ⚪ Community testing feedback → bug fixes
- ⚪ API freeze (no more breaking changes after this)
- ⚪
gv_export_session/gv_import_session— backup/restore - ⚪
gv_wait_for_element+gv_wait_for_navigation - 🏁 Replace ad-hoc CSS selectors with a tested strategy
v0.3 — Ecosystem (planned)¶
- 🟢 Published to PyPI —
pip install --pre ghostvault(beta) - ⚪ More built-in providers (Microsoft, Apple, Twitter, LinkedIn)
- ⚪ Per-site action packs (Gmail, Drive, Calendar, Notion, GitHub)
- ⚪
gv_export_session/gv_import_session— backup/restore - ⚪
gv_wait_for_element+gv_wait_for_navigation - 🏁 Replace ad-hoc CSS selectors with a tested strategy
v1.0 — Production (planned)¶
- ⚪ Docker image + docker-compose
- ⚪ Audit log (who did what, when)
- ⚪ Rate limiting + concurrent account limits
- ⚪ Plugin system for per-site action packs
- ⚪ Independent security review 💰
v1.x+ — Scale (ideas)¶
- ⚪ Vision-based action suggestion (LLM looks at screenshot → proposes next action)
- ⚪ Cloud-hosted option (managed Ghostvault as a service) 💰
- ⚪ Mobile device profiles (iPhone Safari, Android Chrome)
- ⚪ Proxy rotation per account
Contributing to the roadmap¶
- Pick anything marked 🏁 (good first issue) or 💛 (help wanted) — open a PR.
- Have a use case we're missing? Open a discussion.