Roadmap
OpenBucket is pre-1.0 and under active development. This page is the honest picture of what you can rely on today and what may still move before 1.0, so you can decide how to adopt.
Stable today
These are feature-complete and covered by tests / the conformance suite:
- S3 wire protocol — path-style addressing, SigV4 (header + presigned query), streaming PUT/GET, multipart uploads, object & bucket tagging, versioning, object lock (governance/compliance + legal hold), SSE-S3 encryption, lifecycle expiration, CORS, and bucket policies.
- Admin API + console — the JSON admin API and the bundled Angular console (bucket/object browser, search, preview, access-key & multi-admin management, usage analytics, audit log).
- Embedding — the
@openbucket/nestjsmodule,OpenBucketService, the multer engine, presigned POST, and in-process object events. - Durability & operations — replication,
cold-object tiering, backup & restore, the
integrity scrubber, Prometheus
/metrics, and health/readiness probes. - Security — remediated per the 2026 security audit.
Stabilizing before 1.0
The behavior above is stable; what may still change before 1.0 is at the edges:
- Public API surface — method signatures on
OpenBucketServiceand theOpenBucketModuleoptions may be refined. Breaking changes are called out in the CHANGELOG. - Admin API / generated client — endpoint shapes may still evolve.
- Configuration — environment-variable names and defaults may be consolidated.
The 1.0 bar
1.0 is a promise: the API is stable to build on, and your data is safe. We tag it when:
- Stability — the public library surface (
OpenBucketService, module options, the multer adapter) and the admin API are reviewed and frozen under a written semver / deprecation policy — after real-world usage has had a chance to shake out the rough edges. - Correctness — the release gate runs the full test suite (no skipped specs), and the S3 compatibility matrix is backed by a machine-generated, dated conformance report (client × operation), not a hand-kept table.
- Data safety — a tested backup → upgrade → restore path, a stable on-disk format, and a disaster-recovery runbook.
- Trust — a security re-pass of everything added since the 2026 audit (replication, tiering, scoped keys), a published threat model, and honest single-node benchmarks.
- Release — a stable (non-prerelease) version on the npm
latesttag and the:latestimage.
What OpenBucket is deliberately not doing
To keep the "one process, one volume" promise, multi-node clustering, sharding, and quorum HA are out of scope — that's a different kind of system. For durability beyond a single node, OpenBucket replicates and tiers to an external S3-compatible target. See Is OpenBucket for you?.
Influence the direction
- 🗳️ Feature requests & discussion → GitHub Discussions
- 🐛 Bugs → Issues
- 🤝 Contributions are welcome — see Contributing.