> ## Documentation Index
> Fetch the complete documentation index at: https://docs.0xkey.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Roadmap

> Current implementation status of 0xkey modules, APIs, chains, and protocols.

**Legend:** **Supported** — available in Phase 1 · **Partial** — some flows work or known field differences · **Coming soon** — planned, not yet productized · **N/A** — not exposed in the current public API

***

## Runtime services

| Component                                              | Status          | Notes                                                                                                                                                                                     |
| :----------------------------------------------------- | :-------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Coordinator (activity orchestration, gRPC)             | **Supported**   | Organization / sub-org, wallet, policy, session dispatch                                                                                                                                  |
| Registrar (tenant, proxy config, magic-link session)   | **Supported**   | Control plane; coordinates with Coordinator for root org creation                                                                                                                         |
| Auth Proxy (`POST /v1/*`)                              | **Supported**   | 9 endpoints: `signup`, `otp_init`, `otp_verify`, `otp_login`, `oauth2_authenticate`, `oauth_login`, `email_auth`, `account`, `wallet_kit_config` — hosted at `https://authproxy.0xkey.io` |
| API Gateway (HTTP→gRPC, stamp forwarding)              | **Supported**   | Full `PublicApiService` via grpc-gateway (`/public/v1/query/*`, `/public/v1/submit/*`)                                                                                                    |
| Dashboard Gateway + Dashboard (Next.js)                | **Partial**     | Session / WebAuthn baseline and 40+ console pages (orgs, users, wallets, policies, activities, tenants); full hosted-console narrative not yet complete                                   |
| Enclave: Signer                                        | **Supported**   | P-256 / secp256k1 / Ed25519 signing                                                                                                                                                       |
| Enclave: Policy                                        | **Partial**     | CEL evaluation, consensus, ETH / Solana / EIP-712 / Tron contexts; per-chain `*.tx.*` parity for other non-EVM chains **Coming soon**                                                     |
| Enclave: Notarizer                                     | **Supported**   | Organization aggregate notarization (genesis / sub-org / refresh / Merkle)                                                                                                                |
| Enclave: TLS Fetcher                                   | **Supported**   | External HTTPS (OIDC JWKS, OAuth token endpoints) with `FetchProof`                                                                                                                       |
| Enclave: Transaction Parser                            | **Partial**     | EVM (legacy + type 1/2/3/4), Solana (legacy + V0), EIP-712, Tron. BTC / Cosmos / Aptos / Sui / Sei / TON / XRP / Stellar / Doge **Coming soon**                                           |
| Company Wallets (co-signing, institutional automation) | **Coming soon** | Phase 1 focuses on Embedded Wallets and public API compatibility                                                                                                                          |
| Verifiable Cloud / TEE product (external SKU)          | **Coming soon** | Architecture chapters are illustrative                                                                                                                                                    |

***

## Authentication

| Component                                      | Status                     | Notes                                                                                 |
| :--------------------------------------------- | :------------------------- | :------------------------------------------------------------------------------------ |
| Passkey / WebAuthn + `stamp_login`             | **Supported**              | Validated with demo-style frontends                                                   |
| Google OAuth (OIDC `id_token`)                 | **Supported**              | Requires a real IdP token                                                             |
| Email OTP                                      | **Supported**              | `otp_init` V3, `otp_verify` V2, `otp_login` V2; Resend-backed for email               |
| SMS OTP                                        | **Partial**                | API paths exist (`OTP_TYPE_SMS`); no real SMS provider wired in Phase 1               |
| Email auth (magic link, `email_auth`)          | **Supported**              | Depends on mail delivery configuration                                                |
| OAuth2 code exchange (non-OIDC provider)       | **Partial**                | Enclave paths exist; not every provider is end-to-end validated                       |
| Apple / Facebook / Discord / X social login    | **Partial \~ Coming soon** | Depends on `oauthProviders` and deployment                                            |
| Session: read-write + credential bundle (HPKE) | **Supported**              |                                                                                       |
| Session: read-only                             | **Partial**                | API + executor wired; current TypeScript SDKs do not expose read-only session helpers |

***

## Public HTTP API

| Category                   | Examples                                                                                                  | Status                                                                                                                                          |
| :------------------------- | :-------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------- |
| Auth Proxy                 | `POST /v1/account`, `/v1/otp_init`, `/v1/otp_verify`                                                      | **Supported**                                                                                                                                   |
| Query                      | `get_sub_org_ids`, `get_wallets`, `get_wallet_accounts`, `get_user`                                       | **Supported**                                                                                                                                   |
| Submit                     | `create_sub_organization`, `oauth_login`                                                                  | **Supported**                                                                                                                                   |
| Submit                     | `stamp_login`                                                                                             | **Supported** (requires browser WebAuthn)                                                                                                       |
| Submit                     | `eth_send_raw_transaction`                                                                                | **Partial** (executor wired; broadcast is a mock — `endpoint: "mock"`, no real RPC)                                                             |
| Submit                     | `eth_send_transaction`, `sol_send_transaction` (unsigned high-level)                                      | **Coming soon** (executor returns an error today; raw flow is the supported path)                                                               |
| Submit                     | `create_oauth_providers`                                                                                  | **Partial** (returns empty `provider_ids` list in Phase 1)                                                                                      |
| Submit / Query             | `create_webhook_endpoint`, `update_webhook_endpoint`, `delete_webhook_endpoint`, `list_webhook_endpoints` | **Partial** (wired for `ACTIVITY_UPDATES`; update supports URL/name/active status, not subscription changes)                                    |
| Submit                     | `create_fiat_on_ramp_credential`, `init_fiat_on_ramp` (and CRUD)                                          | **Coming soon** (notarize-only executor, no real on-ramp wired)                                                                                 |
| Query                      | `get_send_transaction_status`, `get_on_ramp_transaction_status`, `get_gas_usage`, `get_nonces`            | **Coming soon** (returns empty / zero-valued response)                                                                                          |
| Query                      | `list_fiat_on_ramp_credentials`                                                                           | **Coming soon** (returns empty list — not yet backed by storage)                                                                                |
| Query                      | `get_policy_evaluations`                                                                                  | **Partial** (Coordinator persists evaluations best-effort after a Policy ruling; data appears once a parser-backed activity has been evaluated) |
| Query                      | `get_boot_proof`, `get_latest_boot_proof`, `list_app_proofs`                                              | **Coming soon** (returns empty response in Phase 1)                                                                                             |
| Query                      | `get_balances`, `get_app_status` (a.k.a. TVC App status)                                                  | **N/A** (no corresponding RPC in the current `public_api.proto`)                                                                                |
| Query                      | `get_attestation_document`                                                                                | **Coming soon** (stub returns empty bytes; production wiring routes through the enclave NSM)                                                    |
| Other activities / queries | Various `create_*`, `sign_*`, `list_*`                                                                    | **Partial / Coming soon** (depends on Coordinator enablement)                                                                                   |

***

## Chains and curves

| Topic                                                                                                  | Status          | Notes                                                                                                                                           |
| :----------------------------------------------------------------------------------------------------- | :-------------- | :---------------------------------------------------------------------------------------------------------------------------------------------- |
| Curve: secp256k1                                                                                       | **Supported**   | Primary EVM signing; BIP32 HD derivation                                                                                                        |
| Curve: Ed25519                                                                                         | **Supported**   | Solana / Sui / Aptos signing; SLIP-0010 HD (hardened-only)                                                                                      |
| Curve: P-256                                                                                           | **Supported**   | WebAuthn and session keys (no HD derivation)                                                                                                    |
| **EVM** (Ethereum L1/L2)                                                                               | **Supported**   | Address derivation, in-enclave tx parsing, EIP-712, policy contexts                                                                             |
| **Solana (SVM)**                                                                                       | **Partial**     | Address derivation + Ed25519 signing + in-enclave parsing complete; broadcast is **Coming soon** (`sol_send_transaction` executor errors today) |
| **Tron**                                                                                               | **Partial**     | Address derivation + in-enclave tx parsing + policy contexts; broadcast **Coming soon**                                                         |
| Address derivation: Cosmos, Sei, Sui, Aptos, BTC variants, Doge, Stellar, TON, XRP                     | **Supported**   | Address-only; signing via raw payload                                                                                                           |
| Transaction parsing & policy contexts: Bitcoin, Cosmos, Aptos, Sui, Sei, TON, XRP, Stellar, Doge, etc. | **Coming soon** | Network and policy-example pages are placeholders                                                                                               |
| Hyperliquid, Stacks, Movement, IOTA, Tempo, Spark                                                      | **Coming soon** | No parser or address derivation yet                                                                                                             |
| Fiat on-ramp                                                                                           | **Coming soon** | Credential CRUD is a no-op compatibility layer                                                                                                  |
| Import / export wallets and private keys                                                               | **Partial**     | Signer-side HPKE bundle path (`ExportWalletExecutor` etc.) wired end-to-end; Dashboard product flows still in progress                          |

***

## Client libraries

| Item                                                   | Status                    | Notes                                                                                                           |
| :----------------------------------------------------- | :------------------------ | :-------------------------------------------------------------------------------------------------------------- |
| TypeScript / React packages (`@0xkey-io/*`)            | **Supported**             | `@0xkey-io/react-wallet-kit`, `@0xkey-io/core`, `@0xkey-io/sdk-server`; see [SDK reference](/sdks/introduction) |
| Go server SDK (`github.com/0xkey-io/sdk-go`)           | **Supported**             | Published on [pkg.go.dev](https://pkg.go.dev/github.com/0xkey-io/sdk-go)                                        |
| Mobile / native (React Native, Flutter, Swift, Kotlin) | **Partial / Coming soon** |                                                                                                                 |
| Server-side (Ruby, Python, Rust)                       | **Coming soon**           |                                                                                                                 |
| CLI (`brew install …`)                                 | **Coming soon**           | Not yet released; use SDK stampers or `sdk-go/examples/apikey` until then                                       |

***

## Policies, webhooks, and observability

| Topic                                                     | Status          | Notes                                                                                                                                            |
| :-------------------------------------------------------- | :-------------- | :----------------------------------------------------------------------------------------------------------------------------------------------- |
| Policy CRUD, defaults, post-registration async deployment | **Supported**   |                                                                                                                                                  |
| Transaction parsing and fine-grained policy conditions    | **Partial**     | EVM + Solana + EIP-712 + Tron today; other chains **Coming soon**                                                                                |
| `get_policy_evaluations` (policy-evaluation history)      | **Partial**     | Coordinator writes evaluations best-effort after Policy returns a ruling; visible once a parser-backed activity has run                          |
| Webhooks                                                  | **Coming soon** | No webhook RPC in `public_api.proto`; both endpoint CRUD and event delivery are unimplemented                                                    |
| QuorumOS / remote attestation                             | **Coming soon** | QOS lives in the enclave vendor tree and release pipeline; no customer-facing public attestation HTTP yet (`get_attestation_document` is a stub) |
| Public boot-proof / TVC / app-proof queries               | **Coming soon** | Returns empty response in Phase 1                                                                                                                |

***

## Coming soon features (planned)

The following capabilities are on the roadmap but not yet available in Phase 1:

* **Company Wallets** — co-signing, institutional signing automation, multi-party approvals
* **Non-EVM transaction parsing & policy** — Bitcoin, Cosmos, Aptos, Sui, Sei, TON, XRP, Stellar, Doge, plus Stacks / Movement / IOTA / Hyperliquid / Tempo / Spark
* **On-chain broadcast pipeline** — real RPC for `eth_send_raw_transaction` (currently mock) and full executors for `eth_send_transaction` / `sol_send_transaction` (currently error)
* **Cookbook integrations** — Morpho, Aave, Jupiter, LiFi, 0x, Polymarket, Relay, Breeze, Yield XYZ, Base builder codes
* **Fiat on-ramp** — third-party on-ramp credential flows and status tracking
* **Wallet import / export end-to-end** — productized Dashboard / SDK flows on top of the existing HPKE primitives
* **OAuth provider linking** — full `create_oauth_providers` / `oauth2_authenticate` provider catalog beyond Google + Apple
* **Account abstraction** — gas sponsorship, smart account wallets
* **Server-side SDKs** — Python, Ruby, Rust
* **CLI tooling** — standalone `0xkey` CLI for key generation and signing automation
* **Verifiable Cloud** — external TEE attestation SKU
* **Webhook API + delivery** — both `*_webhook_endpoint` activities and event streaming from Coordinator
* **Public verifiable-data surfaces** — boot proofs, app proofs, attestation documents, and balance / TVC queries (`get_balances`, `get_app_status`) currently absent from `public_api.proto`
