Roadmap

Flux is currently in its early stages (Beta), but the vision is expansive. Below is the active roadmap for upcoming releases.

Contributing

Have a suggestion or found a bug? We value open collaboration.
Feel free to open an issue or contribute to the discussion on our GitHub repository.

The Mission

The goal of Flux is to make the pain points of building a website disappear.

Imagine building a website without having to lose sleep over privacy regulations, GDPR compliance, security patches, input validation, or spam filtering. Often, developers resort to expensive third-party SaaS solutions to handle these, but even those require careful configuration. A single misconfiguration can lead to legal issues or a broken user experience.

Flux identifies two major culprits that introduce disproportionate complexity to static sites: Forms and External Scripts. They are never just "simple features"—they are icebergs with massive hidden requirements.

The "hidden footnotes" of forms

If you simply add a <form> to your site, you become responsible for:

  • Notifications: Delivering messages reliably.
  • Security: Validating inputs and filtering SQL injection/XSS.
  • Spam: Blocking bots without frustrating humans.
  • GDPR/Privacy: Versioning policies, collecting consent, and managing "Right to Access."
  • UX & Accessibility: Handling error states, loading states, and screen readers.
  • Audit Trails: Saving a cryptographic proof of submission.

The "hidden footnotes" of external scripts

Similarly, adding a single line of JavaScript (e.g., for Google Analytics, a Chat Widget, or a Facebook Pixel) triggers a cascade of legal and technical obligations that often outweigh the value of the script itself.

If you add an external script, you become responsible for:

  • Cookie Auditing: You must hunt down every cookie the script sets (and the cookies set by their third-party vendors) and classify them by purpose and lifespan.
  • Policy Updates: You must rewrite your Cookie Policy to explicitly list these new trackers.
  • Consent Gating: You cannot legally load the script immediately. You must write code to block the script until the user explicitly clicks "Accept."
  • Granular Control: You must build a system that loads "Analytics" scripts if the user accepts them, but keeps "Marketing" scripts blocked if they don't.
  • Revocation: You must provide a persistent UI widget that allows users to change their mind and withdraw consent later.
  • The Banner: You must design and display a disruptive cookie banner that blocks the UI until a decision is made.

Flux aims to solve this by providing a self-hosted, single-binary answer to every single one of these points.

Upcoming Features

These features are planned for the near future. They are grouped by their impact on the system.

1. Reliability & Persistence

Currently, Flux acts primarily as a router. We plan to integrate a robust storage layer to ensure no message is ever lost, even if an email provider is down.

  • Submission Database: Implement a DBSubmission table to persist every form entry before attempting notifications.
  • TUI Viewer: Upgrade the SSH interface to browse, filter, and read past submissions.
  • Retry Mechanism: Automatically retry failed notifications (e.g., SMTP timeout) using a background worker.
  • Data Encryption: Ensure stored submission data is encrypted at rest, just like the configuration secrets.

2. Spam Filtering

We want to provide invisible protection that respects user privacy.

  • Rate Limiting: Block IP addresses that submit too frequently.
  • Honeypot Fields: Inject hidden input fields that only bots will see and fill, allowing us to silently reject spam without using Captchas.

3. Feature Expansion

  • File Uploads:
    • Handle multipart/form-data.
    • Secure storage in data/uploads/{form_id}/{uuid}.
    • Strict MIME type and file extension validation.
    • Attach files to Email notifications.
  • Auto-Responder: Send a "Thanks for contacting us!" email back to the user (requires mapping a field to Reply-To).
  • Data Export: Button in TUI to download all submissions as a .CSV file.
  • Policy: Automatically generate a correct Privacy Policy with versioning based on the declared fields.

4. Notifications & Integrations

  • Slack Support: Post formatted messages to a channel.
  • Discord Support: Post alerts via webhooks.
  • Generic Webhooks: POST raw JSON to any URL (Zapier/n8n/Make).

5. Analytics & Observability

  • Better Logging: Implement structured debug logging for easier troubleshooting.
  • TUI Dashboard: Add a visual ASCII chart (using bubbles/chart) to the main screen showing submission volume over the last 7 days.

6. External Scripts Management

  • Declaration: Give the ability to declare external scripts to load from the TUI
  • Loader: Implement a client side loader for external scripts
  • Policy: Automatically generate a correct Cookie Policy based on the loaded scripts with versioning.

Misc

  • Hidden Fields: Ensure hidden fields are correctly captured in the GDPR consent proof.