Enterprise Scaling Roadmap
A long-term roadmap for scaling SDD Tool to enterprise scale (15+ people, 150+ specs, multi-team).
Prerequisite: Proceed after completing Scaling Roadmap Phase 1-5
Goals
- Smooth management with 500+ specs
- Support for geographically distributed teams
- Meet enterprise security/audit requirements
- Organization-wide governance system
Architecture Evolution
Current: File-based
.sdd/
├── constitution.md
├── index.json
└── specs/
└── *.md- Advantages: Simple, Git-friendly
- Limitations: Performance, concurrency, query limitations
Phase 6: Hybrid
.sdd/
├── specs/ # Source (Git version control)
└── .cache/
└── sdd.db # SQLite cache (local)- Files remain source of truth
- SQLite for fast queries/search
- No Git conflicts (cache ignored)
Phase 7+: Server-based
+-------------+ +-------------+ +-------------+
| CLI/IDE |---->| SDD Server |---->| Database |
+-------------+ +-------------+ +-------------+
|
+------+------+
v v
+---------+ +---------+
| Git Sync| | Webhooks|
+---------+ +---------+- Centralized management
- Real-time collaboration
- Advanced analytics/reporting
Phase 6: Local Database
6.1 SQLite Cache Layer
Goal: Improve complex query performance
typescript
// src/core/cache/database.ts
interface SpecDatabase {
// Table structure
specs: {
id: string;
path: string;
hash: string;
title: string;
status: string;
phase: number;
domain: string;
created: string;
updated: string;
content_fts: string; // Full-text search
};
dependencies: {
from_id: string;
to_id: string;
type: 'explicit' | 'inferred';
};
reviews: {
spec_id: string;
reviewer: string;
status: string;
date: string;
comment: string;
};
history: {
spec_id: string;
version: number;
author: string;
action: string;
date: string;
diff: string;
};
}CLI Changes:
bash
sdd cache rebuild # Rebuild cache
sdd cache status # Cache status
sdd cache clear # Clear cache
# Advanced query support
sdd query "status:review AND phase:2"
sdd query "depends_on:user-auth"
sdd query "modified_after:2024-01-01"
sdd query "reviewer:@alice AND NOT approved"Full-text Search:
bash
sdd search "payment failure handling" # Full-text search
sdd search "OAuth" --domain auth # Domain filter
sdd search "MUST validate" --type requirement6.2 Offline-first Sync
Scenario: Distributed teams, unstable network environments
typescript
// src/core/sync/offline.ts
interface OfflineSync {
// Track local changes
pendingChanges: {
id: string;
type: 'create' | 'update' | 'delete';
timestamp: string;
data: SpecData;
}[];
// Conflict resolution
conflicts: {
spec_id: string;
local: SpecData;
remote: SpecData;
base: SpecData; // Common ancestor
}[];
}CLI:
bash
sdd sync status # Sync status
sdd sync push # Local -> Remote
sdd sync pull # Remote -> Local
sdd sync resolve # Conflict resolution (interactive)Phase 7: Central Server
7.1 SDD Server
Architecture:
+--------------------------------------------------------------+
| SDD Server |
+--------------------------------------------------------------+
| |
| +-------------+ +-------------+ +-------------+ |
| | REST API | | WebSocket | | GraphQL | |
| +-------------+ +-------------+ +-------------+ |
| | | | |
| +------+----------------+----------------+------+ |
| | Core Services | |
| +-----------------------------------------------+ |
| | * Spec Management * Review Workflow | |
| | * Dependency Graph * Impact Analysis | |
| | * Search Engine * Notification | |
| | * Audit Log * Access Control | |
| +-----------------------------------------------+ |
| | |
| +-----------------------+-----------------------+ |
| | Data Layer | |
| +-----------------------------------------------+ |
| | PostgreSQL | Elasticsearch | Redis | |
| | (specs) | (search) | (cache) | |
| +-----------------------------------------------+ |
| |
+--------------------------------------------------------------+Tech Stack Options:
| Component | Option A (Node.js) | Option B (Go) |
|---|---|---|
| API Server | Fastify/NestJS | Fiber/Echo |
| Database | PostgreSQL | PostgreSQL |
| Search | MeiliSearch | Elasticsearch |
| Cache | Redis | Redis |
| Queue | BullMQ | NATS |
API Design:
typescript
// REST API endpoints
interface SddServerAPI {
// Specs
'GET /api/specs': ListSpecs;
'GET /api/specs/:id': GetSpec;
'POST /api/specs': CreateSpec;
'PUT /api/specs/:id': UpdateSpec;
'DELETE /api/specs/:id': DeleteSpec;
// Dependencies
'GET /api/specs/:id/dependencies': GetDependencies;
'GET /api/specs/:id/dependents': GetDependents;
'GET /api/graph': GetDependencyGraph;
// Reviews
'POST /api/specs/:id/reviews': RequestReview;
'PUT /api/reviews/:id': UpdateReview;
'GET /api/reviews/pending': GetPendingReviews;
// Search
'GET /api/search': SearchSpecs;
'POST /api/search/advanced': AdvancedSearch;
// Analytics
'GET /api/analytics/overview': GetOverview;
'GET /api/analytics/trends': GetTrends;
'GET /api/analytics/team/:id': GetTeamMetrics;
// Audit
'GET /api/audit/logs': GetAuditLogs;
'GET /api/specs/:id/history': GetSpecHistory;
}7.2 Real-time Collaboration
WebSocket Events:
typescript
interface RealtimeEvents {
// Spec changes
'spec:created': { spec: Spec; by: User };
'spec:updated': { spec: Spec; by: User; diff: Diff };
'spec:deleted': { specId: string; by: User };
// Reviews
'review:requested': { spec: Spec; reviewers: User[] };
'review:approved': { spec: Spec; by: User };
'review:rejected': { spec: Spec; by: User; reason: string };
// Collaboration
'spec:locked': { specId: string; by: User };
'spec:unlocked': { specId: string };
'user:viewing': { specId: string; users: User[] };
// System
'notification': { type: string; message: string };
}Concurrent Edit Prevention:
bash
sdd edit user-auth # Acquire lock then edit
sdd edit user-auth --force # Force unlock (admin)
sdd lock status # Current lock status7.3 Git Sync Bridge
Bidirectional Sync:
Git Repository <-------> SDD Server
| |
| push/pull hooks |
| -----------------> |
| |
| server webhooks |
| <----------------- |
| |Configuration:
yaml
# .sdd/server.yml
server:
url: "https://sdd.company.com"
project: "my-project"
sync:
mode: bidirectional # git-primary | server-primary | bidirectional
auto_push: true # Auto push on local changes
auto_pull: true # Auto pull on server changes
conflict_resolution: prompt # prompt | local | remote | mergePhase 8: Enterprise Features
8.1 Access Control (RBAC)
Role Definitions:
yaml
# Role hierarchy
roles:
viewer:
permissions:
- specs:read
- search:use
- reports:view
contributor:
inherits: viewer
permissions:
- specs:create
- specs:update_own
- reviews:request
reviewer:
inherits: contributor
permissions:
- reviews:approve
- reviews:reject
- specs:update_reviewed
domain_admin:
inherits: reviewer
scope: domain # Within domain only
permissions:
- specs:delete
- constitution:update
- members:manage
org_admin:
permissions:
- "*" # All permissionsDomain-specific Permissions:
yaml
# .sdd/access.yml
domains:
auth:
admins: ["@alice", "@security-team"]
reviewers: ["@bob", "@charlie"]
contributors: ["@dev-team"]
billing:
admins: ["@finance-lead"]
reviewers: ["@finance-team"]
contributors: ["@dev-team"]
# Sensitive domain
compliance:
admins: ["@legal-team"]
reviewers: ["@legal-team"]
contributors: [] # No external contributions
visibility: restricted # Only authorized users can view8.2 Audit Logs
Tracked Items:
typescript
interface AuditLog {
id: string;
timestamp: string;
actor: {
id: string;
name: string;
ip: string;
userAgent: string;
};
action: AuditAction;
resource: {
type: 'spec' | 'review' | 'constitution' | 'config';
id: string;
domain?: string;
};
details: {
before?: any;
after?: any;
diff?: string;
reason?: string;
};
metadata: {
requestId: string;
sessionId: string;
source: 'cli' | 'web' | 'api' | 'automation';
};
}
type AuditAction =
| 'spec.create' | 'spec.update' | 'spec.delete'
| 'spec.view' | 'spec.export'
| 'review.request' | 'review.approve' | 'review.reject'
| 'constitution.update'
| 'access.grant' | 'access.revoke'
| 'config.change';CLI:
bash
sdd audit logs # Recent logs
sdd audit logs --actor @alice # Specific user
sdd audit logs --action spec.delete # Specific action
sdd audit logs --resource user-auth # Specific resource
sdd audit logs --since 2024-01-01 # Date filter
sdd audit export --format csv # ExportRetention Policy:
yaml
audit:
retention:
default: 2y # Default 2 years
sensitive: 7y # Sensitive data 7 years
compliance: 10y # Compliance 10 years
export:
schedule: daily
destination: s3://audit-logs/
encryption: AES-2568.3 Compliance
Supported Frameworks:
| Framework | Supported Features |
|---|---|
| SOC 2 | Audit logs, access control, change tracking |
| GDPR | Data export, right to delete, consent tracking |
| HIPAA | Encryption, access logs, least privilege |
| ISO 27001 | Documentation, risk assessment, continuous improvement |
Compliance Dashboard:
bash
sdd compliance status # Compliance status
sdd compliance report --framework soc2 # Framework-specific report
sdd compliance gaps # Unmet items8.4 SSO/SAML Integration
Supported IdPs:
- Okta
- Azure AD
- Google Workspace
- OneLogin
- Custom SAML 2.0
Configuration:
yaml
# Server configuration
auth:
provider: saml
saml:
entry_point: "https://idp.company.com/sso/saml"
issuer: "sdd-server"
cert: "/etc/sdd/idp-cert.pem"
attribute_mapping:
email: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
name: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
groups: "http://schemas.xmlsoap.org/claims/Group"
group_mapping:
"SDD-Admins": org_admin
"SDD-Reviewers": reviewer
"SDD-Contributors": contributor
"SDD-Viewers": viewerPhase 9: Analytics Platform
9.1 Metrics Collection
Collected Data:
typescript
interface SpecMetrics {
// Volume
totalSpecs: number;
specsByStatus: Record<Status, number>;
specsByDomain: Record<string, number>;
specsByPhase: Record<number, number>;
// Velocity
avgTimeToApproval: number; // draft -> approved
avgTimeToImplement: number; // approved -> implemented
reviewCycleTime: number; // Review cycle
// Quality
avgQualityScore: number;
specsWithTests: number;
syncCoverage: number; // Code link rate
// Activity
createdThisWeek: number;
updatedThisWeek: number;
reviewsCompleted: number;
// Complexity
avgDependencies: number;
maxDependencyDepth: number;
circularDependencies: number;
}
interface TeamMetrics {
team: string;
members: number;
ownedSpecs: number;
pendingReviews: number;
avgResponseTime: number;
completionRate: number;
}9.2 Dashboard UI
Web Dashboard:
+---------------------------------------------------------------------+
| SDD Analytics Dashboard Alerts Admin |
+---------------------------------------------------------------------+
| |
| +-------------------------------------------------------------+ |
| | Overview Last 30 days | |
| +-------------------------------------------------------------+ |
| | | |
| | 247 89% 4.2 days 12 | |
| | Total Completion Avg Cycle Pending | |
| | Specs Rate Time Reviews | |
| | | |
| +-------------------------------------------------------------+ |
| |
| +--------------------------+ +------------------------------+ |
| | Progress by Phase | | Specs by Domain | |
| | -------------------- | | ------------------------ | |
| | | | | |
| | P1 ============ 100% | | auth ======== 32 | |
| | P2 =========--- 78% | | billing ====== 24 | |
| | P3 ======------ 52% | | core ============ 48 | |
| | P4 ===--------- 25% | | api ========== 40 | |
| | | | ... | |
| +--------------------------+ +------------------------------+ |
| |
| +-------------------------------------------------------------+ |
| | Activity Timeline | |
| | --------------------------------------------------------- | |
| | | |
| | +-+ +-+ | |
| | +- -+ +--+ +- -+ +--+ | |
| | --+ +------+ +------+ +------+ +---- | |
| | Mon Tue Wed Thu Fri Sat Sun Mon Tue | |
| | | |
| | - Created - Updated - Approved | |
| | | |
| +-------------------------------------------------------------+ |
| |
| +--------------------------+ +------------------------------+ |
| | Team Performance | | Review Queue | |
| | -------------------- | | ------------------------ | |
| | | | | |
| | Core Team A 98% | | * billing/refund 2d | |
| | Auth Team A 95% | | * auth/mfa-setup 3d | |
| | Billing Team B 87% | | * api/rate-limit 5d | |
| | Platform Team B 82% | | * core/migration 7d | |
| | | | | |
| +--------------------------+ +------------------------------+ |
| |
+---------------------------------------------------------------------+9.3 Notification System
Channels:
- Slack / Microsoft Teams
- Webhook
- In-app notifications
Notification Rules:
yaml
notifications:
rules:
- name: "Review SLA Warning"
condition: "review.pending_days >= 5"
channels: [slack, email]
recipients: ["@reviewer", "@domain-admin"]
message: "Review pending for {spec.title} - {review.pending_days} days"
- name: "Circular Dependency Alert"
condition: "graph.new_cycle_detected"
channels: [slack]
recipients: ["#sdd-alerts"]
priority: high
- name: "Quality Score Drop"
condition: "spec.quality_score < 60"
channels: [email]
recipients: ["@author"]
- name: "Daily Digest"
schedule: "0 9 * * 1-5" # Weekdays 9 AM
channels: [email]
recipients: ["@all-contributors"]
template: daily_digestPhase 10: Ecosystem Expansion
10.1 Plugin System
Plugin Types:
typescript
interface SddPlugin {
name: string;
version: string;
type: 'validator' | 'exporter' | 'importer' | 'analyzer' | 'integration';
// Lifecycle hooks
hooks: {
'spec:beforeCreate'?: (spec: Spec) => Promise<Spec>;
'spec:afterCreate'?: (spec: Spec) => Promise<void>;
'spec:beforeUpdate'?: (old: Spec, new: Spec) => Promise<Spec>;
'spec:afterUpdate'?: (spec: Spec) => Promise<void>;
'validate:custom'?: (spec: Spec) => Promise<ValidationResult>;
'export:format'?: (specs: Spec[], options: any) => Promise<Buffer>;
};
// CLI extensions
commands?: {
name: string;
description: string;
handler: (args: any) => Promise<void>;
}[];
// UI extensions (web)
components?: {
slot: 'sidebar' | 'toolbar' | 'detail-panel';
component: React.ComponentType;
}[];
}Official Plugins:
| Plugin | Description |
|---|---|
@sdd/plugin-jira | Jira issue sync |
@sdd/plugin-confluence | Confluence document export |
@sdd/plugin-figma | Figma design spec connection |
@sdd/plugin-openapi | OpenAPI spec generation/validation |
@sdd/plugin-dbml | Data model visualization |
@sdd/plugin-mermaid | Auto diagram generation |
@sdd/plugin-ai | AI-based spec suggestions/review |
10.2 API SDK
Language SDKs:
typescript
// TypeScript/JavaScript
import { SddClient } from '@sdd/sdk';
const client = new SddClient({
serverUrl: 'https://sdd.company.com',
apiKey: process.env.SDD_API_KEY,
});
// Query specs
const specs = await client.specs.list({ domain: 'auth' });
// Create spec
const newSpec = await client.specs.create({
title: 'New Feature',
domain: 'core',
content: '...',
});
// Request review
await client.reviews.request(newSpec.id, {
reviewers: ['@alice', '@bob'],
});
// Real-time subscription
client.subscribe('spec:updated', (event) => {
console.log(`Spec ${event.spec.id} updated by ${event.by.name}`);
});python
# Python
from sdd import SddClient
client = SddClient(
server_url="https://sdd.company.com",
api_key=os.environ["SDD_API_KEY"]
)
# Search specs
specs = client.specs.search("payment", domain="billing")
# Impact analysis
impact = client.analysis.impact("user-auth")
print(f"Affected specs: {impact.affected_count}")10.3 Enhanced CI/CD Integration
GitHub Actions:
yaml
# .github/workflows/sdd.yml
name: SDD Validation
on: [push, pull_request]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: SDD Validate
uses: sdd-tool/action-validate@v2
with:
server: ${{ secrets.SDD_SERVER }}
token: ${{ secrets.SDD_TOKEN }}
fail_on: error # error | warning | none
- name: SDD Sync Check
uses: sdd-tool/action-sync@v2
with:
threshold: 80
report: true
- name: SDD Impact Report
if: github.event_name == 'pull_request'
uses: sdd-tool/action-impact@v2
with:
comment: true # Comment on PRGitLab CI:
yaml
sdd:validate:
image: sdd-tool/cli:latest
script:
- sdd validate --ci
- sdd sync --ci --threshold 80
rules:
- changes:
- ".sdd/**/*"
- "src/**/*"Deployment Options
Self-hosted
yaml
# docker-compose.yml
version: '3.8'
services:
sdd-server:
image: sdd-tool/server:latest
ports:
- "3000:3000"
environment:
- DATABASE_URL=postgresql://...
- REDIS_URL=redis://...
- ELASTICSEARCH_URL=http://...
volumes:
- ./config:/etc/sdd
postgres:
image: postgres:15
volumes:
- postgres_data:/var/lib/postgresql/data
redis:
image: redis:7
elasticsearch:
image: elasticsearch:8.11.0Kubernetes
yaml
# Helm values
sdd:
server:
replicas: 3
resources:
requests:
cpu: 500m
memory: 512Mi
postgresql:
enabled: true
persistence:
size: 100Gi
elasticsearch:
enabled: true
replicas: 3
ingress:
enabled: true
host: sdd.company.com
tls: trueCloud (SaaS)
- SDD Cloud (coming soon)
- Managed service
- SOC 2 Type II certified
- 99.9% SLA
Implementation Priority
| Phase | Feature | Complexity | Value | Dependencies |
|---|---|---|---|---|
| 6 | SQLite cache | Medium | High | - |
| 6 | Offline sync | Medium | Medium | 6.1 |
| 7 | SDD Server (MVP) | High | High | 6 |
| 7 | Real-time collaboration | High | Medium | 7.1 |
| 7 | Git bridge | Medium | High | 7.1 |
| 8 | RBAC | Medium | High | 7.1 |
| 8 | Audit logs | Medium | High | 7.1 |
| 8 | SSO/SAML | Medium | Medium | 8.1 |
| 9 | Analytics dashboard | Medium | Medium | 7.1 |
| 9 | Notification system | Medium | Medium | 7.1 |
| 10 | Plugin system | High | Medium | 7 |
| 10 | SDK | Medium | Medium | 7.1 |
Migration Path
File-based -> Hybrid
bash
# 1. Initialize cache
sdd cache init
# 2. Index existing specs
sdd cache rebuild
# 3. Verify
sdd cache verifyHybrid -> Server-based
bash
# 1. Connect to server
sdd server connect https://sdd.company.com
# 2. Migrate project
sdd server migrate --project my-project
# 3. Invite team
sdd server invite @team --role contributor
# 4. Set sync mode
sdd config set sync.mode bidirectionalRelated Documentation
- Current Limitations - Realistic tool limitations
- Scaling Roadmap - Medium-scale expansion (Phase 1-5)
- Roadmap Overview - Complete roadmap
- Best Practices - Effective usage