| title | Roadmap |
|---|---|
| description | SINT Protocol development roadmap — from npm publish to enterprise adoption. |
| sidebarTitle | Roadmap |
This roadmap is based on what we've built, what the market needs right now, and the fastest path to adoption and revenue. Updated April 2026.
Everything built and verified:
| Deliverable | Status | Details |
|---|---|---|
| SINT Protocol core | ✅ Complete | 24 packages, 1,363 tests, 67 build tasks |
| Policy Gateway | ✅ Complete | 32 REST endpoints, intercept pipeline |
| Capability Tokens | ✅ Complete | Ed25519, attenuation-only delegation, max depth 3 |
| Evidence Ledger | ✅ Complete | SHA-256 hash chain, proof receipts, SIEM export |
| 12 Protocol Bridges | ✅ Complete | ROS2, MCP, gRPC, MAVLink, A2A, MQTT, OPC-UA, IoT, OpenRMF, Economy, Swarm |
| 3 SDKs | ✅ Complete | TypeScript, Python (1,871 lines), Go (220 lines) |
| sintctl CLI | ✅ Complete | Token, ledger, approvals, policy management |
| SINT Console | ✅ Complete | 31 features, 60+ feature flags, WebSocket gateway |
| Visual Workflow Builder | ✅ Complete | 13 node types, topological execution, n8n integration |
| Goal Hijack Detector | ✅ Complete | 25+ patterns, confidence scoring |
| Security Audit | ✅ Complete | 0 vulnerabilities, all 8 attack surfaces verified |
| Documentation | ✅ Complete | 19 pages on docs.sint.gg |
| SINT Avatar | ✅ Complete | 3D avatar, ElevenLabs lipsync, 12 expressions |
| CMO Operator | ✅ Complete | 18 skills, video→content pipeline |
| SINT Outreach | ✅ Complete | LinkedIn automation, BrightBeam pilot active |
Goal: Make SINT Protocol installable by anyone. Get the first external integrations.
Publish to npm registry: `@sint/core`, `@sint/gate-capability-tokens`, `@sint/gate-policy-gateway`, `@sint/gate-evidence-ledger`, `@sint/persistence`, `@sint/bridge-mcp`, `@sint/client`, `@sint/bridge-ros2`**Blocked:** Needs NPM_TOKEN or interactive `npm login`.
**Impact:** Unlocks all downstream integration work.
```python
from sint import SintGovernanceHandler
chain = agent.with_config(callbacks=[SintGovernanceHandler(gateway_url)])
```
**Target:** LangChain community packages, blog post on LangChain blog.
**Target:** CrewAI plugin registry.
Position: "We built what Microsoft's Agent Governance Toolkit does, plus physical AI safety (robots, drones, industrial)."
Position: SINT covers all 10 OWASP Agentic Top 10 risk categories with working code.
Timeline: 2-3 weeks after npm publish unblock.
Goal: Become the default governance layer for popular agent frameworks.
| Integration | Framework | What We Build |
|---|---|---|
@sint/langchain |
LangChain / LangGraph | Callback handler + chain interceptor |
@sint/crewai |
CrewAI | Task decorator + crew-level policy |
@sint/autogen |
Microsoft AutoGen | Agent runtime wrapper |
@sint/google-adk |
Google ADK | Plugin for A2A governance |
@sint/openai-agents |
OpenAI Agents SDK | Tool middleware |
@sint/openclaw |
OpenClaw | Policy provider plugin |
Each integration is a thin wrapper (~200-500 lines) that:
- Intercepts tool calls / agent actions
- Validates against SINT capability tokens
- Logs to evidence ledger
- Returns approve/deny/escalate
Success metric: 3+ framework integrations published, 100+ npm downloads/week.
Goal: First real-world robotics integration. Prove the thesis that AI agents controlling physical systems need governed middleware.
| Target | What They Do | SINT Value | Approach |
|---|---|---|---|
| RobotecAI (RAI) | ROS2 agentic robotics | ROS2 bridge + capability tokens | PR to rai repo with SINT safety layer |
| Dronecode / PX4 | Open-source drone platform | MAVLink bridge + geofence enforcement | Plugin for QGroundControl |
| GrayMatter Robotics | LA-based factory AI | Force/velocity constraints + audit trail | Direct sales (local neighbor) |
| NVIDIA IsaacSim | Robot simulation | T1 Sandbox → T4 Autonomous tier progression | IsaacSim extension |
| Open-RMF | Multi-robot fleet mgmt | OpenRMF bridge + zone governance | Community contribution |
First target: RobotecAI — they have a vendor-agnostic ROS2 framework with zero safety governance. Our @sint/bridge-ros2 drops in directly.
Success metric: 1 working robotics integration with external project.
Goal: Position SINT as the compliance answer for enterprise AI agent deployments.
| OWASP Risk | SINT Mitigation | Package |
|---|---|---|
| AG01: Excessive Agency | Capability token scoping | @sint/gate-capability-tokens |
| AG02: Inadequate Sandboxing | T1 Sandbox tier + capsule sandbox | @sint/engine-capsule-sandbox |
| AG03: Unrestricted Resource Access | Constraint enforcement (force, velocity, geofence) | @sint/gate-policy-gateway |
| AG04: Insufficient Credential Handling | Ed25519 identity, no credential sharing | @sint/gate-capability-tokens |
| AG05: Prompt Injection | Goal hijack detector (25+ patterns) | @sint/gate-policy-gateway |
| AG06: Inadequate Audit | SHA-256 evidence ledger + proof receipts | @sint/gate-evidence-ledger |
| AG07: Lack of Human Oversight | T2 approval gates + SSE/WebSocket approval queue | Gateway server |
| AG08: Insufficient Error Handling | Circuit breaker (e-stop invariant I-G2) | @sint/gate-policy-gateway |
| AG09: Supply Chain Risk | Ed25519 supply chain verifier | @sint/gate-policy-gateway |
| AG10: Insufficient Monitoring | CSML anomaly scoring + risk stream | @sint/gate-evidence-ledger |
| Feature | Description | Priority |
|---|---|---|
| Redis-backed rate limiting | Multi-instance rate limit state | 🟡 Medium |
| PostgreSQL evidence store | Production-grade persistence | 🟢 Ready (adapter exists) |
| SSO integration | SAML 2.0 / OIDC for enterprise auth | 🟡 Medium |
| SIEM connectors | Splunk, Datadog, Elastic integration | 🟡 Medium |
| Compliance reports | Auto-generated OWASP / SOC2 evidence reports | 🔴 High |
| Multi-tenant isolation | Namespace-level resource separation | 🟡 Medium |
Success metric: 1 enterprise pilot ($5K-$15K/mo), OWASP compliance report generator shipped.
Goal: Decentralized agent governance — multiple organizations running SINT gateways and trusting each other's capability tokens via the Open Agent Trust Registry.
| Component | Status | Next Step |
|---|---|---|
| Trust Registry | ✅ 8 issuers registered | Open registration, governance voting |
| Token delegation | ✅ Cross-agent delegation working | Cross-organization delegation |
| A2A bridge | ✅ Agent-to-agent protocol | Multi-gateway federation |
| Economy bridge | ✅ Budget tracking | Cross-org settlement |
Vision: Agent A (governed by Org 1's gateway) delegates a capability token to Agent B (governed by Org 2's gateway). Both gateways verify the token chain. Evidence is logged to both ledgers. The Trust Registry validates both issuers.
| Quarter | Source | Target |
|---|---|---|
| Q2 2026 | BrightBeam pilot closes ($5K) | $5K |
| Q2 2026 | GrayMatter Robotics intro (LA) | Pipeline |
| Q3 2026 | Enterprise compliance pilot (1 client) | $10-15K/mo |
| Q3 2026 | Framework integration consulting | $5-10K/mo |
| Q4 2026 | Protocol SaaS (hosted gateway) | $2-5K/mo/customer |
| SINT Protocol | Microsoft AGT | Proofpoint AI Security | |
|---|---|---|---|
| Physical AI | ✅ ROS2, MAVLink, OPC-UA, MQTT | ❌ Software only | ❌ Software only |
| Open source | ✅ MIT | ✅ MIT | ❌ Proprietary |
| Capability tokens | ✅ Ed25519, attenuation-only | ❌ Policy-only | ❌ N/A |
| Evidence ledger | ✅ SHA-256 hash chain | ❌ Logging only | ❌ Proprietary |
| OWASP coverage | ✅ 10/10 | ✅ 10/10 | Partial |
| Framework support | 🔜 Coming (Phase 2) | ✅ LangChain, CrewAI, ADK | ❌ Standalone |
| Console UI | ✅ 31 modules | ❌ CLI only | ✅ SaaS dashboard |
| Price | Free (MIT) + hosted SaaS | Free (MIT) | $$$$ enterprise |
Want to help? The highest-impact areas right now:
- Framework integrations — Write a SINT wrapper for your favorite agent framework
- Bridge adapters — Add new protocol bridges (MQTT 5.0, WebSocket, Bluetooth LE)
- Console features — Enable and build out flagged features (60+ flags, many stubbed)
- Trust Registry — Register as an issuer, add your organization
- Documentation — Tutorials, guides, video walkthroughs