# Product & Ops Roadmap _Last updated: 2025-10-25_ This high-level view connects the active epics in `docs/process/todo/` so stakeholders can scan what is shipping now versus what is queued next. Detailed checklists live in the linked TODO files, and day-to-day notes go into `docs/process/changes/`. -## Now (Q4 2025) - - **Security Hardening Epic** (`docs/process/todo/security-hardening-epic.md`) Rolling out dual-key auth, hashed join tokens, signed asset URLs, streaming uploads, and webhook hardening. Tracks six workstreams (identity, tokens, API resilience, media services, billing, frontend/CSP). - **Streaming Upload Refactor** (`docs/process/todo/media-streaming-upload-refactor.md`) Designing the chunked upload/session pipeline (SEC-MS-02) to lift photo size caps and improve reliability before updating the guest PWA. - **Paddle Billing Migration & Catalog Sync** - Platform migration plan tracked in `docs/process/todo/paddle-migration.md` (env/config, service layer, admin billing). - Catalog synchronization and Filament UX tracked in `docs/process/todo/paddle-catalog-sync.md`. ## Next Up (Q1 2026) - **Localized SEO & Hreflang Strategy** (`docs/process/todo/localized-seo-hreflang-strategy.md`) Route-prefix migration, hreflang/canonical cleanup, and sitemap realignment for the marketing site and checkout. - **Paddle Customer Success Metrics** (spin-off from the migration tasks) Finalize tenant ↔ Paddle sync, sandbox catalog seeding, and rollout/rollback procedures before GA. Captured in the remaining unchecked items of the Paddle TODO files. ## Recently Completed / Monitoring - **Tenant Admin Onboarding Fusion** (`docs/archive/process/todo/tenant-admin-onboarding-fusion.md`) — Flow merged into the new PWA/TWA stack; keep monitoring localization coverage and checkout UX alignment. - **Event Join Token Hardening** (`docs/archive/process/todo/event-join-token-hardening.md`) — All phases completed; continue monitoring default lifetime/rotation decisions. - **Package Limit Experience Overhaul** (`docs/archive/process/todo/package-limit-experience-overhaul.md`) — Foundation live; alerts/reporting improvements now handled opportunistically. - **Checkout Refactor & Package Limits** (`docs/process/changes/2025-10-05-checkout-refactor-todo.md`) — keep feature flags and alert thresholds under review but no net-new roadmap investment needed right now. For historical roadmaps predating the split PRP, see `docs/archive/implementation-roadmap.md`. New initiatives should always start as a `docs/process/todo/*.md` file and be referenced here once prioritized.