What we’re building.

In flight this week. Either nearly done or actively coded against.

1. this week

   openai-compat adapter — downgrade `response_format: json_object` to `text` when target rejects it

   platform

   After the local-discovery + harness-exit fixes shipped, re-running the agency dry-run against LM Studio surfaced the next layer: the openai-compat adapter maps `decoding.mode: json` (in the agency YAMLs) to `response_format: { type: 'json_object' }`. OpenAI accepts that; LM Studio's stricter spec only accepts `'json_schema'` or `'text'`. Three paths: (a) per-provider response_format mapping (cleanest, half-day), (b) author local-friendly agency variants with `decoding.mode: free`, (c) per-provider config knob in the catalog YAML. After (a), qwen3.x / deepseek-r1 can complete a full agency cascade against LM Studio at $0.

2. this week

   preTool / postTool hooks fire from inside the engine dispatch loop

   platform

   The Wave-CLI hooks system loads `~/.aldo/hooks.json` + `<workspace>/.aldo/hooks.json` and fires preRun / postRun around every TUI turn. preTool and postTool entries are loaded but don't fire yet — that needs a hook point inside the engine's tool-dispatch loop so we can shell out before/after every tool call without forcing every caller to instrument. The lib + settings shape are stable; this is a one-engine-PR change.

3. this week

   Local-model tool-use coaching for thinking-style models

   platform

   qwen3.6 / DeepSeek-R1 / similar thinking models reason about which tools to call and then emit the calls as prose instead of `tool_call` deltas. The aldo CLI infrastructure routes fine; the system prompt + `tool_choice: "auto"` flag in the openai-compat adapter doesn't reliably nudge them to emit structured calls. Two-day fix: stronger system prompt for the iterative loop + an adapter knob for `tool_choice: "required"` when the agent spec opts in. Captured during the Wave-CLI dogfood against LM Studio.

4. this week

   Customer engagement UI — milestones, sign-off, comments

   web

   The Wave-Agency push (2026-05-05) shipped the engagement-surface API: /v1/engagements, milestones with sign-off + reject + reason captured, threaded comments in three kinds (comment / change_request / architecture_decision), all tenant-scoped. The customer-facing pages (/engagements list, /engagements/[slug] detail with milestone timeline + comment thread + sign-off button) are the natural follow-up — purely frontend, the wire surface is complete.

5. this week

   In-flight termination on tenant budget-cap crossing

   platform

   Wave-Agency landed the engagement-level USD cap at the POST /v1/runs gate (HTTP 402 tenant_budget_exceeded). The next chunk wires the same check inside the iterative loop’s pre-step termination predicate so a stuck run also stops mid-cycle, plus the supervisor pre-spawn hook so the composite tree halts before fanning out children.

6. this week

   live:network harness instrumentation — fast-fail on per-stage progress

   eval

   The Wave-Agency dogfood smoke surfaced a real signal: the live:network run wedges between bootstrap and runtime.runAgent on a fresh disposable worktree (process at 0% CPU, no Ollama traffic, no .aldo-memory directory). The harness needs per-stage instrumentation + fast-fail timeouts so a single dispatch reports "stuck in stage X for 60s" instead of going silent. After that, the dogfood-against-local-Ollama story turns up either nothing (✅) or a real punch list ($0 of inference, either way).

7. this week

   mcp.aldo.tech hosted MCP endpoint — DNS + edge route

   ops

   The Streamable-HTTP MCP server (@aldo-ai/mcp-platform) is built, tested, container ready. Pure ops follow-up: DNS A record, edge nginx route to the new container, TLS via the existing certbot path, docker-compose entry. Once live, ChatGPT custom GPTs / Cursor / any HTTP-only MCP client can drive ALDO directly.

8. this week

   Publish Python + TypeScript SDKs and the VS Code extension

   sdk

   All three are dry-run green; the release workflows have confirm-version guards. Awaiting PyPI / npm / VSCE tokens + the VS Code Marketplace publisher account, then the workflows fire and the public install paths light up.

Confirmed direction. Picked up the moment Now clears.

1. 1–2 weeks

   Stripe live billing — flip pricing CTAs to real checkout

   platform

   Backend is 100% wired (webhook switchboard, subscription store, trial-gate, customer portal). Five env vars away from live: STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SIGNING_SECRET, STRIPE_PRICE_SOLO, STRIPE_PRICE_TEAM, STRIPE_BILLING_PORTAL_RETURN_URL. Push secrets + redeploy and the pricing page is chargeable.

2. 1–2 weeks

   Engine resolve-from-store of agent.promptRef

   platform

   Wave-4 shipped prompts as first-class data with version history. The wire shape + UI are done; the engine still inlines prompt text. One-file follow-up in @aldo-ai/registry to read promptRef → fetch from prompts-store → cache per-run.

3. 1–2 weeks

   Production PromptRunner via gateway

   platform

   Today /v1/prompts/:id/test returns a deterministic stub. Wiring the real gateway through (capability routing, privacy enforcement, telemetry into usage_records) lights up the prompt playground end-to-end.

4. 1–2 weeks

   Git OAuth-app installation (GitHub + GitLab)

   mcp

   The wave-3 git integration ships with PAT auth — paste a PAT into the connect form. OAuth apps remove that step entirely: customers click "Install ALDO" on GitHub, repos are connected via the app installation token, no PAT minting required.

5. 1–2 weeks

   OCI Helm chart publish workflow

   ops

   charts/aldo-ai is in-repo, helm-lint clean, kubeconform 37/37 against k8s 1.31. Operators self-hosting today clone the repo. The publish workflow pushes the chart to ghcr.io so `helm install oci://ghcr.io/aldo-tech-labs/charts/aldo-ai` works, and the chart README on ArtifactHub becomes the docs entry point.

6. 2 weeks

   Background scanner picks up inputs (today: re-spawns empty)

   platform

   The scanner that recovers orphaned queued runs spawns the engine with empty inputs because runs.inputs_jsonb does not yet exist. New migration adds the column; POST /v1/runs persists the inputs alongside the queued row; scanner reads them back. Closes the only correctness gap in the recovery path.

Committed. Sequenced behind Next based on customer pulls + dependencies.

1. 1–2 quarters

   SOC 2 Type 1 — auditor + evidence collection scaffolding

   security

   Multi-month elapsed — months of evidence + an auditor. Engineering posture is already tight (privacy-tier router, audit log, encrypted secrets, runbook, retention enforcement). The auditor relationship + Vanta-shape evidence platform is the next slice.

2. 1 quarter

   SSO / SAML on /login — mid-market unblock

   security

   Email + password is fine for solo + tiny team. The first 5+ seat customer needs OIDC + SAML. Identity-store schema, SCIM provisioning, and the /login UX flip are the three pieces.

3. 1 quarter

   Per-row USD cost in eval-playground

   platform

   The playground table reserves the cost column today but reports honest 0 because the gateway does not yet surface per-call USD on the response. Gateway change, not playground change.

4. when first tenant hits the threshold

   Spend dashboard SQL pivot

   platform

   JS-side bucket fold beats 3 round-trips on pglite up to ~1M usage rows in a 90-day window. Once a tenant exceeds that, pivot to date_trunc + GROUP BY in Postgres. Documented at the bottom of routes/spend.ts.

5. 1 quarter

   Real-cluster Helm e2e (kind in CI + per-cloud nightly)

   platform

   The chart lints + templates + kubeconforms green offline. To prevent a regression that lints but breaks on `helm install` against a real apiserver, add a kind-in-CI job and per-cloud (EKS / GKE / AKS) nightlies.

6. 1 quarter

   Bidirectional git sync — write agent edits back via PR

   mcp

   Today the wave-3 git integration is read-only: changes flow repo → ALDO. Bidirectional means an edit to an agent in /agents/[name] opens a PR in the connected repo. Net-new wedge — combined with the read-only sync, the repo becomes the source of truth and ALDO is the IDE.

Conditional. Lands only when a specific signal arrives.

1. —

   EU data residency — second region + tenant routing

   platform

   Quarter-scale build. Only worth it for a confirmed EU customer who would not sign without it. Today's posture (single-region) is a procurement question we answer honestly; the build is a question we answer with cash on the table.

2. —

   Long-tail observability exporters (Datadog, Grafana, OTLP, Slack)

   platform

   Build 2–3 only when a named customer asks. The catalog approach is a procurement-checklist trap; we would rather ship the two integrations a real customer needs deeply than thirty integrations no one uses.

3. —

   Drag-drop visual workflow builder

   web

   Explicit non-goal per the platform invariants — the wedge is "agents are data" (YAML + git). Could become a yes if a customer with non-engineer authors ever needs it; would ship as one-way export to YAML so the source of truth stays declarative.

Explicitly not doing

Listing these here so a prospect can disqualify us fast — your time matters more than our pipeline.

• Hyperscaler-shape managed cloud (Bedrock / Vertex / Foundry)

  Wrong moat. Bedrock and friends own enterprise procurement + IAM + 15+ compliance certs each — we cannot beat them at their own game and we should not try.

• LangChain-style framework

  We are framework-agnostic by design. The platform invariant: every code path goes through the gateway by capability + privacy + cost. Adding a framework above that would re-introduce the lock-in we exist to prevent.

• Vibe-coding studio

  Other vendors say "not production-ready" out loud. We say the opposite: every primitive (specs, runs, evals, replays) is engineered to ship in production on day one.