feat: expand roadmap to 12 versions with 52 tools, add release hygiene to CLAUDE.md

TMHSDigital · TMHSDigital · commit eba6eb5a5d1b · 2026-04-05T14:40:21.000-04:00
Made-with: Cursor
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -124,6 +124,32 @@ npm install -g @tmhs/homelab-mcp
 - Skills use kebab-case directory names with YAML frontmatter.
 - Rules use kebab-case filenames with `description` and `alwaysApply` frontmatter.
 
+## Release Hygiene
+
+When preparing a new release version, ALL of the following files must be updated to reflect the new version number, tool/skill/rule counts, and any new entries:
+
+| File | What to update |
+|------|----------------|
+| `mcp-server/package.json` | `version` field |
+| `mcp-server/src/index.ts` | `version` in McpServer constructor |
+| `.cursor-plugin/plugin.json` | `version` field, `description` tool/skill/rule counts |
+| `README.md` | Badge versions, stat line counts, tool/skill/rule tables, roadmap table |
+| `CLAUDE.md` | `Version` field, skill/rule/tool counts and tables |
+| `ROADMAP.md` | Move version from planned to completed, update status |
+| `CHANGELOG.md` | Add new version section with all changes |
+| `docs/index.html` | Update any version references or counts |
+
+Checklist before tagging a release:
+
+1. All new tools registered in `mcp-server/src/index.ts`
+2. All new tools have input validation tests
+3. All new skills have SKILL.md with required frontmatter and sections
+4. All new rules have .mdc with required frontmatter
+5. Structure tests pass (`pytest tests/ -v`)
+6. MCP server builds and tests pass (`npm run build && npm test`)
+7. Version numbers match across all files listed above
+8. CHANGELOG.md entry added for the new version
+
 ## Home Lab Context
 
 The target environment is a Raspberry Pi 5 running:
diff --git a/README.md b/README.md
@@ -269,13 +269,23 @@ Any client supporting MCP stdio transport can use the Home Lab MCP server. Point
 
 &nbsp;
 
-| Version | Theme | MCP Tools | Highlights |
-|---|---|---|---|
-| **v0.1.0** | Foundation | 15 | 10 skills, 5 rules, 15 MCP tools, SSH connectivity |
-| **v0.2.0** | Expanded monitoring | +5 | Log aggregation, alertmanager integration, dashboard provisioning |
-| **v0.3.0** | Multi-node | +5 | Ansible inventory sync, multi-Pi orchestration |
-| **v0.4.0** | Advanced networking | +5 | Tailscale ACL management, DNS analytics, certificate automation |
-| **v1.0.0** | Stable | +0 | Production release (~30 MCP tools) |
+| Version | Theme | New Tools | New Skills | New Rules | Cumulative |
+|---|---|---|---|---|---|
+| **v0.1.0** | Foundation | 15 | 10 | 5 | 15 |
+| v0.2.0 | Extended Monitoring | +5 | +2 | -- | 20 |
+| v0.3.0 | DNS and Reverse Proxy | +5 | +2 | +1 | 25 |
+| v0.4.0 | Backup and Recovery | +4 | +1 | +1 | 29 |
+| v0.5.0 | Security Hardening | +4 | +1 | +2 | 33 |
+| v0.6.0 | Logs and Notifications | +4 | +2 | -- | 37 |
+| v0.7.0 | OS and Package Management | +4 | +2 | +1 | 41 |
+| v0.8.0 | SSL/TLS Certificates | +3 | +1 | -- | 44 |
+| v0.9.0 | Multi-Node Foundation | +4 | +1 | +1 | 48 |
+| v0.10.0 | Testing Infrastructure | +2 | -- | -- | 50 |
+| v0.11.0 | Documentation Site | -- | -- | -- | 50 |
+| v0.12.0 | Polish and Hardening | +2 | -- | -- | 52 |
+| **v1.0.0** | **Stable Release** | -- | -- | -- | **52** |
+
+See [ROADMAP.md](ROADMAP.md) for detailed per-version tool, skill, and rule breakdowns.
 
 </details>
 
diff --git a/ROADMAP.md b/ROADMAP.md
@@ -1,48 +1,273 @@
 # Roadmap
 
-## Version History
+## Version Summary
 
-| Version | Theme | MCP Tools | Status |
-|---------|-------|-----------|--------|
-| **v0.1.0** | Foundation | 15 | Current |
-| v0.2.0 | Extended Monitoring | +5 | Planned |
-| v0.3.0 | Multi-Node | +5 | Planned |
-| v1.0.0 | Stable | +0 | Planned |
+| Version | Theme | New Tools | New Skills | New Rules | Cumulative Tools |
+|---------|-------|-----------|------------|-----------|-----------------|
+| **v0.1.0** | Foundation | 15 | 10 | 5 | 15 |
+| v0.2.0 | Extended Monitoring | +5 | +2 | -- | 20 |
+| v0.3.0 | DNS and Reverse Proxy | +5 | +2 | +1 | 25 |
+| v0.4.0 | Backup and Recovery | +4 | +1 | +1 | 29 |
+| v0.5.0 | Security Hardening | +4 | +1 | +2 | 33 |
+| v0.6.0 | Logs and Notifications | +4 | +2 | -- | 37 |
+| v0.7.0 | OS and Package Management | +4 | +2 | +1 | 41 |
+| v0.8.0 | SSL/TLS Certificates | +3 | +1 | -- | 44 |
+| v0.9.0 | Multi-Node Foundation | +4 | +1 | +1 | 48 |
+| v0.10.0 | Testing Infrastructure | +2 | -- | -- | 50 |
+| v0.11.0 | Documentation Site | -- | -- | -- | 50 |
+| v0.12.0 | Polish and Hardening | +2 | -- | -- | 52 |
+| **v1.0.0** | **Stable Release** | -- | -- | -- | **52** |
+
+---
 
 ## v0.1.0 - Foundation (current)
 
 - [x] 10 skills covering core home lab workflows
 - [x] 5 rules for best-practice enforcement
 - [x] 15 MCP tools for Pi management via SSH
 - [x] Plugin manifest and structure tests
-- [x] CI/CD pipelines
-
-## v0.2.0 - Extended Monitoring (planned)
-
-- [ ] `homelab_prometheusQuery` - Run PromQL queries against Prometheus
-- [ ] `homelab_grafanaSnapshot` - Export Grafana dashboard snapshots
-- [ ] `homelab_uptimeKumaStatus` - Get Uptime Kuma monitor statuses
-- [ ] `homelab_alertList` - List active Alertmanager alerts
-- [ ] `homelab_speedtestResults` - Get recent speedtest results
-- [ ] New skill: grafana-dashboards (creating and managing dashboards)
-- [ ] New skill: alerting-rules (writing Prometheus alert rules)
-
-## v0.3.0 - Multi-Node (planned)
-
-- [ ] Support for multiple SSH targets (not just one Pi)
-- [ ] `homelab_nodeList` - List all managed nodes and their status
-- [ ] `homelab_nodeExec` - Execute a command on a specific node
-- [ ] `homelab_inventorySync` - Sync Ansible inventory with discovered nodes
-- [ ] `homelab_tailscaleNodes` - List Tailscale network nodes
-- [ ] New skill: multi-node-management
-- [ ] New rule: inventory-consistency
-
-## v1.0.0 - Stable (planned)
-
-- [ ] All tools tested against live Pi environments
-- [ ] npm package published (@tmhs/homelab-mcp)
-- [ ] Comprehensive documentation and examples
-- [ ] GitHub Pages site with full tool reference
+- [x] CI/CD pipelines (validate, typecheck, CodeQL, release drafter, npm publish)
+- [x] npm package published (`@tmhs/homelab-mcp`)
+
+---
+
+## v0.2.0 - Extended Monitoring
+
+Deep integration with the monitoring stack already running on the Pi.
+
+**MCP tools (+5):**
+
+- [ ] `homelab_prometheusQuery` -- run PromQL queries against Prometheus
+- [ ] `homelab_grafanaSnapshot` -- export Grafana dashboard snapshots
+- [ ] `homelab_uptimeKumaStatus` -- get Uptime Kuma monitor statuses
+- [ ] `homelab_alertList` -- list active Alertmanager alerts
+- [ ] `homelab_speedtestResults` -- get recent Speedtest Tracker results
+
+**Skills (+2):**
+
+- [ ] `grafana-dashboards` -- creating and managing dashboards
+- [ ] `alerting-rules` -- writing Prometheus alert rules
+
+---
+
+## v0.3.0 - DNS and Reverse Proxy
+
+Manage the network gateway layer -- AdGuard Home and Nginx Proxy Manager.
+
+**MCP tools (+5):**
+
+- [ ] `homelab_adguardStats` -- query/filter stats, top blocked domains
+- [ ] `homelab_adguardFilters` -- list/toggle filter lists
+- [ ] `homelab_adguardQueryLog` -- search DNS query log
+- [ ] `homelab_npmProxyHosts` -- list proxy host configs from NPM
+- [ ] `homelab_npmCerts` -- list SSL certificates and expiry dates
+
+**Skills (+2):**
+
+- [ ] `dns-management` -- AdGuard filters, local DNS records, blocklists
+- [ ] `reverse-proxy-management` -- NPM routing, SSL config, access lists
+
+**Rules (+1):**
+
+- [ ] `exposed-ports` -- flag services bound to 0.0.0.0 or missing proxy config
+
+---
+
+## v0.4.0 - Backup and Recovery
+
+Go beyond "check status / trigger backup" to full disaster recovery workflows.
+
+**MCP tools (+4):**
+
+- [ ] `homelab_backupList` -- list all restic snapshots with filtering
+- [ ] `homelab_backupRestore` -- restore files from a snapshot (requires confirm=true)
+- [ ] `homelab_backupDiff` -- diff two snapshots
+- [ ] `homelab_volumeBackup` -- backup a specific Docker volume
+
+**Skills (+1):**
+
+- [ ] `disaster-recovery` -- full Pi restore workflow, SD card imaging, migration checklist
+
+**Rules (+1):**
+
+- [ ] `backup-coverage` -- flag Docker volumes not covered by any backup job
+
+---
+
+## v0.5.0 - Security Hardening
+
+Deeper security tooling and automated auditing.
+
+**MCP tools (+4):**
+
+- [ ] `homelab_ufwStatus` -- list UFW rules and status
+- [ ] `homelab_fail2banStatus` -- list jails, banned IPs, recent bans
+- [ ] `homelab_openPorts` -- scan for listening ports and map to services
+- [ ] `homelab_containerScan` -- check running containers for known vulnerabilities (via Trivy or similar)
+
+**Skills (+1):**
+
+- [ ] `secrets-management` -- managing credentials with Vaultwarden, env vars, Docker secrets
+
+**Rules (+2):**
+
+- [ ] `privileged-containers` -- flag containers running as root or with privileged mode
+- [ ] `weak-credentials` -- flag default/weak passwords in compose env vars
+
+---
+
+## v0.6.0 - Logs and Notifications
+
+Centralized log access and alerting pipelines.
+
+**MCP tools (+4):**
+
+- [ ] `homelab_journalLogs` -- query systemd journal with filters (unit, priority, time range)
+- [ ] `homelab_logSearch` -- search across container logs with grep patterns
+- [ ] `homelab_ntfySend` -- send a notification via Ntfy
+- [ ] `homelab_ntfyTopics` -- list Ntfy topics and recent messages
+
+**Skills (+2):**
+
+- [ ] `log-analysis` -- structured log querying, Loki integration, journald workflows
+- [ ] `notification-workflows` -- Ntfy setup, alert routing, webhook pipelines
+
+---
+
+## v0.7.0 - OS and Package Management
+
+System-level maintenance beyond apt update.
+
+**MCP tools (+4):**
+
+- [ ] `homelab_aptUpgradable` -- list upgradable packages with version details
+- [ ] `homelab_aptHistory` -- show recent apt install/upgrade history
+- [ ] `homelab_kernelInfo` -- kernel version, loaded modules, boot params
+- [ ] `homelab_systemdServices` -- list systemd units, enable/disable/status
+
+**Skills (+2):**
+
+- [ ] `os-update-management` -- unattended-upgrades config, kernel updates, reboot scheduling
+- [ ] `performance-tuning` -- kernel params, swap config, I/O scheduler, GPU memory split
+
+**Rules (+1):**
+
+- [ ] `resource-limits` -- flag containers without memory/CPU limits set
+
+---
+
+## v0.8.0 - SSL/TLS Certificates
+
+Certificate lifecycle management.
+
+**MCP tools (+3):**
+
+- [ ] `homelab_certCheck` -- check SSL cert expiry for a domain/host
+- [ ] `homelab_certRenew` -- trigger Let's Encrypt renewal (requires confirm=true)
+- [ ] `homelab_certList` -- list all managed certificates and their status
+
+**Skills (+1):**
+
+- [ ] `certificate-management` -- Let's Encrypt, self-signed certs, renewal automation, NPM cert integration
+
+---
+
+## v0.9.0 - Multi-Node Foundation
+
+Support managing multiple SSH targets. Core infrastructure change.
+
+**MCP tools (+4):**
+
+- [ ] `homelab_nodeList` -- list all managed nodes and their connection status
+- [ ] `homelab_nodeExec` -- execute a command on a specific node by name
+- [ ] `homelab_nodeStatus` -- get system status for a specific node (like piStatus but for any node)
+- [ ] `homelab_inventorySync` -- sync/discover nodes from Ansible inventory or Tailscale
+
+**Infrastructure changes:**
+
+- [ ] `ssh-api.ts` refactored to support a node registry (env var or config file for multiple hosts)
+- [ ] All existing tools gain optional `node` parameter (defaults to primary Pi)
+
+**Skills (+1):**
+
+- [ ] `multi-node-management` -- managing fleets, inventory, parallel operations
+
+**Rules (+1):**
+
+- [ ] `inventory-consistency` -- flag nodes in inventory but unreachable, or missing from inventory
+
+---
+
+## v0.10.0 - Testing Infrastructure
+
+Real test coverage before v1.0.
+
+**MCP tools (+2):**
+
+- [ ] `homelab_healthCheck` -- comprehensive self-test (SSH connectivity, Docker availability, required tools present)
+- [ ] `homelab_diagnostics` -- collect debug info bundle (versions, connectivity, config)
+
+**Testing layers:**
+
+- [ ] Integration tests with mocked SSH (ssh2-mock or similar)
+- [ ] E2E test suite that runs against a real Pi (gated behind `HOMELAB_TEST_PI=true` env var)
+- [ ] CI workflow that connects to a Pi via Tailscale for e2e (self-hosted runner or SSH tunnel)
+
+---
+
+## v0.11.0 - Documentation Site
+
+Upgrade GitHub Pages from placeholder to full tool reference.
+
+**Site features:**
+
+- [ ] Interactive tool reference with parameters, examples, and output samples
+- [ ] Skill catalog with trigger conditions and example prompts
+- [ ] Rule catalog with scope and example violations
+- [ ] Search functionality
+- [ ] Dark/light mode
+
+**Docs automation:**
+
+- [ ] Rule or CLAUDE.md section ensuring all release-related info (version numbers, tool counts, changelogs) is updated across README, CLAUDE.md, ROADMAP.md, plugin.json, package.json, and the docs site on every release
+
+---
+
+## v0.12.0 - Polish and Hardening
+
+Final quality pass before stable.
+
+**MCP tools (+2):**
+
+- [ ] `homelab_configExport` -- export current MCP server config (sanitized, no secrets)
+- [ ] `homelab_configValidate` -- validate environment setup and required Pi-side dependencies
+
+**Quality pass:**
+
+- [ ] All tools reviewed for error handling, timeout tuning, and output formatting
+- [ ] All skills reviewed for accuracy, completeness, and cross-linking
+- [ ] All rules reviewed for false positive rates
+- [ ] README, CLAUDE.md, ROADMAP.md, plugin.json, package.json fully in sync
+- [ ] CHANGELOG complete for all versions
+
+---
+
+## v1.0.0 - Stable Release
+
+Production-ready, fully tested, fully documented.
+
+**Release criteria:**
+
+- [ ] All tools tested against live Pi environments (e2e CI green)
+- [ ] npm package published with provenance (`@tmhs/homelab-mcp`)
+- [ ] GitHub Pages site live with full tool/skill/rule reference
+- [ ] Multi-node support functional
+- [ ] No known bugs in issue tracker
+- [ ] CHANGELOG, README, CLAUDE.md, ROADMAP.md, plugin.json all version-synced
+
+**Final counts: ~52 MCP tools, ~22 skills, ~11 rules**
+
+---
 
 ## Completed
 
