Roadmap
What we plan to build, what we are exploring, and what recently shipped. This page deliberately carries no dates: FragonForge is built by a small team, and we do not publish deadlines we cannot keep. Items ship when they are done and tested. When plans change, we update this page rather than let it rot.
Planned
decided, no promised orderManaged hosting for what the agent builds
further outThe project orchestrator already turns a goal into a dependency-ordered pipeline of merge requests. Managed hosting is the step after the merge: you mark a repository as ready, FragonForge produces a hosting-ready build and runs it on the same EU Kubernetes infrastructure our sandboxes use. From issue to running app, not just issue to merge request.
Billing would follow what actually runs, per workload, on top of your plan. We write "would" deliberately: the pricing model is not designed yet, and we are not going to invent one on a roadmap page. Territory for the next major version, not for tomorrow.
Dropped: the self-hosted runner
This page used to list a self-hosted runner as the planned answer for forges that are only reachable inside a VPN. We dropped it. A runner in your network would hold your forge token and LLM key itself, a different security model than the credential-free sandbox we run today, and we would rather remove a promise than keep one we are not sure we should build. The answer for VPN-only setups is now the Enterprise tier, where a deployment on your own hardware can be arranged by agreement. If this change affects your decision, tell us.
Exploring
not committedThings we want and have not committed to. They are listed here so you can tell us which of them would actually change your decision.
Per-tenant budget caps and full spend metering
Today the cost dashboard meters planning and indexing calls; model spend inside the sandbox goes directly to your provider and is not metered by us. Real caps need token counting at our egress proxy first, so until then our honest advice stays: set a spending limit at your provider.
SOC 2 / ISO 27001 certification
Asked for by every regulated prospect, and honestly answered with 'not yet' today. Certification is a question of audit budget and calendar time; we will not claim progress before an engagement exists.
SAML single sign-on
Google sign-in exists today, and Microsoft Entra ID is wired in the code, waiting on production configuration. SAML, which larger identity setups still require, is the part we have not committed to.
EU-hosted inference option
BYOK means your prompts go to the provider you choose. An EU-hosted inference path would close the remaining jurisdiction question for teams that cannot send source code to a US provider.
Recently shipped
liveBitbucket pull-request triggers
Pull-request webhooks on Bitbucket Cloud now dispatch automatically: opened and updated PRs run analysis, comments reach the agent for feedback, merges and declines are tracked. The issue-label trigger is off the list for a structural reason - Bitbucket Cloud has no issue labels.
Manual run trigger via API and CLI
Start a run without labeling an issue, from the API or the CLI. Manually started runs pass the exact same plan, quota, and concurrency checks as webhook runs.
Legal package
Terms, Privacy Policy, DPA, and a public sub-processor list - published and in force.
Business tier on the pricing page
EUR 299/month: 30 repositories, 30 seats, 5 concurrent runs, 120-minute wall clock, Kata VM runtime.
Audit log with CSV export
90+ audited actions, filterable in the dashboard, exportable.
This page is a statement of intent, not a contractual commitment. For what the product does today, read how it works and the security architecture.