MMPlugs Logo

Docs / MMCRA Toolkit / Roadmap

Roadmap

Roadmap

What's in flight, what's next, and what's parked. Honest dates only.

In flight

Stripe checkout integration on mmplugs.com. Required for actually selling licenses. Target: before the September 11 deadline. License CPT on the server already supports the flow; just need the checkout half wired up.

Public key baked in for signed updates. The 1.10.0 release ships with a placeholder constant. First real production release will bake in the real key. Target: this month.

Next

Free version on WordPress.org. Stripped down to SBOM generation only, no Plugin Scanner, no monitoring, no bundle export. Funnels to the paid version. Target: Q3 2026, only after we have ~20 paying customers and the product is genuinely stable.

More SBOM ecosystems. Currently covers Composer and npm. Adding pip (Python), bundler (Ruby), and cargo (Rust) for plugins that ship server-side components in those ecosystems. Demand-driven — let us know if you need one.

OSV.dev → SBOM autocorrelation. Today the Vulnerability Check page runs against your latest SBOM. We want a tighter loop where new advisories during the week trigger an immediate alert if they affect any dependency currently in any saved SBOM. Same data, faster signal.

Per-product VDP variants. Today the VDP is site-wide. Some agencies want one VDP per plugin. Will add a per-product override mechanism.

Parked

Multisite support. The toolkit works on subdirectory multisite installs but hasn't been deeply tested on subdomain multisite. Will revisit when a paying customer asks.

WP-CLI interface. Most actions are bulk-action-able from the Dashboard. A WP-CLI command set would be nice for CI/CD integration but isn't blocking anyone today.

REST API for headless WordPress. Same logic — toolkit is admin-UI-first. Headless customers can hit the underlying classes directly from PHP. A formal REST API can wait.

Translations beyond .pot generation. The plugin ships an up-to-date .pot file. Actual translations need volunteers; we'll publish ones we get back. Not a paid effort.

Mobile app. No.

How to influence the roadmap

The fastest way to move something from "Parked" or "Next" to "In flight" is to be a paying customer who asks for it. Email hello@mmplugs.com or open a support ticket. We track every request and the priority is approximately "how many paying customers asked × how compliance-relevant × how feasible."

If you have a feature request that's outside the CRA compliance scope, we'll be honest about that too. The toolkit is for CRA-affected commercial WordPress plugin developers; it's not a general-purpose SBOM platform.