claudetools/projects/msp-tools/guru-rmm/docs/FEATURE_ROADMAP.md

GuruRMM Feature Roadmap

This document tracks potential features for consideration. Features are categorized by area and marked with priority/status as planning progresses.

Legend

• Not started
• [~] In consideration
• Implemented
• Priority: P1 (critical), P2 (important), P3 (nice-to-have)

---

Core Agent Features

Monitoring & Metrics

• CPU, RAM, disk usage (basic) - P1
• Process monitoring (top processes by resource) - P2
• Service status monitoring - P1
• Disk health (SMART data) - P2
• Network interface stats - P2
• Custom metric collectors (plugin system) - P3
• Windows Event Log monitoring - P2
• Linux syslog/journald monitoring - P2
• Application-specific monitors (SQL Server, IIS, Apache, etc.) - P3

Remote Commands

• Execute shell commands - P1
• PowerShell support (Windows) - P1
• Bash support (Linux/Mac) - P1
• Command templates (reusable scripts) - P2
• Scheduled commands (cron-like) - P2
• Command approval workflow - P3
• Command audit logging - P1

File Operations

• File transfer (push/pull) - P2
• File browser - P3
• Configuration file management - P2
• Backup file retrieval - P3

Software Management

• Installed software inventory - P2
• Software deployment (silent install) - P2
• Patch management integration - P3
• Windows Update status - P2
• Package manager integration (apt, yum, chocolatey, winget) - P3

Agent Updates

• Built-in update handler (not shell script based) - P1
• Server sends update command with version, URL, checksum - P1
• Download to temp, verify SHA256, replace binary - P1
• Platform-specific restart logic - P1
• Backup previous binary for rollback - P2
• Auto-rollback if new version fails to connect - P2
• Version tracking in server database - P1
• Fleet-wide version dashboard - P2
• Staged rollouts (% of agents at a time) - P3
• Update scheduling (maintenance windows) - P2

White-Labeling / Branding

MSPs need to brand the agent with their company identity.

Install-Time Branding

• Custom service name (--service-name "AcmeTech Agent") - P2
• Custom display name (--display-name "AcmeTech Monitor") - P2
• Custom install path (--install-path "C:\Program Files\AcmeTech") - P2
• Custom binary name (rename on install) - P3
• Branding config file (alternative to CLI flags) - P2

Runtime Branding (Server-Managed)

• Branding config pushed from server - P2
• MSP logo/icon URL - P2
• Support contact info (phone, email, URL) - P2
• Custom "About" dialog content - P2
• Per-customer branding overrides - P3

System Tray / End-User Self-Service (Windows/macOS)

Interactive tray icon for end users to access self-service features.

Tray Infrastructure

• System tray icon (Windows) - P2
• Menu bar icon (macOS) - P2
• Custom icon support (MSP branding) - P2
• Connection status indicator (connected/disconnected) - P2
• Tooltip with basic info (hostname, status) - P2

Built-In Actions

• Show System Info dialog (hostname, IP, OS, agent version) - P2
• Create Support Ticket (opens form or portal link) - P2
• Screenshot to Ticket (capture screen, attach to new ticket) - P2
• About dialog (version, MSP branding, support contact) - P2

Admin-Definable Custom Actions

Server pushes custom tray menu items that execute predefined commands.

• Custom action data model (label, icon, command, elevation, confirm) - P2
• Action types: RunCommand, RestartService, OpenUrl, RunScript - P2
• Confirmation dialogs ("Are you sure?") - P2
• Elevation support (run as admin) - P2
• Per-customer action sets - P2
• Action categories/submenus - P3
• Success/failure notifications - P2

Example Custom Actions

├── Quick Actions
│   ├── Restart Print Spooler
│   ├── Clear Temp Files
│   ├── Restart Network Adapter
│   ├── Flush DNS Cache
│   └── (admin-defined...)

Security

• Actions are server-defined only (users can't add) - P1
• Audit logging of tray action executions - P2
• Optional PIN/password for sensitive actions - P3

---

Server/API Features

Authentication & Authorization

• JWT authentication - P1
• API keys for agents - P1
• Role-based access control (RBAC) - P2
• Multi-tenant support - P3
• SSO integration (SAML, OAuth) - P3
• 2FA/MFA support - P2

Agent Management

• Agent registration/enrollment - P1
• Agent grouping/tagging - P2
• Agent policies (config profiles) - P2
• Bulk operations - P2
• Agent health monitoring - P1
• Auto-update agents - P2

Site Proxy / Local Node

• Agent can operate as site proxy/hub - P2
• Local agents connect to proxy instead of cloud - P2
• Proxy aggregates metrics and forwards to server - P2
• Store-and-forward when WAN is unavailable - P2
• Local command relay (proxy executes commands on local agents) - P2
• Reduced WAN bandwidth (batched/compressed uploads) - P3
• Failover between multiple proxies at site - P3
• Proxy discovery (agents auto-find local proxy) - P3
• Mesh communication between proxies - P3
• Local caching of scripts/files for faster deployment - P2
• Site-level alerting (proxy can alert locally if WAN down) - P3

Alerting

• Threshold-based alerts - P1
• Alert escalation - P2
• Alert suppression/maintenance windows - P2
• Email notifications - P1
• SMS notifications - P3
• Webhook notifications - P2
• PagerDuty/Opsgenie integration - P3
• Slack/Teams integration - P2

Reporting & Analytics

• Unified reporting engine (works across RMM, PSA, all modules) - P1
• Clean, modern report templates - P1
• Custom report builder (drag-and-drop) - P2
• Scheduled report delivery (email, portal) - P2
• White-label/branding support - P2
• Export formats: PDF, Excel, CSV, HTML - P1
• Executive summary dashboards - P2
• Uptime/SLA reports - P2
• Resource usage trends with visualizations - P2
• Ticket metrics (response time, resolution time, volume) - P2
• Technician performance/utilization - P2
• Customer health scores - P3
• Revenue/profitability by customer - P3
• Report templates library (pre-built, shareable) - P2

Data Granularity & Flexible Calculations

The data model must support arbitrary business logic, not just canned reports.

• Granular time entry data (tech, client, ticket, service type, rate plan) - P1
• Effective rate tracking per client/plan (block rate vs hourly vs plan) - P2
• Calculated fields / custom formulas in reports - P2
• Multi-variable calculations (hours × effective rate × commission %) - P2
• Aggregation at any level (tech, client, service type, date range) - P2
• Rate plan / contract type as first-class data dimension - P2
• Historical rate tracking (rate was X on this date) - P2
• Payroll-ready exports (base + commission breakdown) - P2
• Custom metrics definition (define your own KPIs) - P2
• Formula builder for complex business rules - P3
• Drill-down from summary to line-item detail - P2
• Data warehouse / OLAP cube for complex analytics - P3
• API access to raw data for external BI tools - P2

---

Dashboard Features

Views

• Agent list with status - P1
• Agent detail view - P1
• Real-time metrics charts - P2
• Map view (geographic) - P3
• Network topology view - P3
• Custom dashboards - P3

Remote Access

• Remote terminal (web-based) - P2
• Remote desktop (RDP/VNC proxy) - P3
• File manager UI - P3

Direct Agent Connection (Admin Tunnel)

• On-demand reverse tunnel to agent - P2
• Live interactive shell session (not queued commands) - P2
• Direct command pipe (real-time stdin/stdout/stderr) - P2
• Point-to-point encrypted tunnel (WireGuard/custom) - P3
• Tunnel enables direct SSH/RDP through agent - P3
• Credential/role-based access (only authorized admins) - P1
• Agent classification determines tunnel capability - P2
• Session recording for audit - P2
• Idle timeout and forced disconnect - P2
• Concurrent session limits - P3
• Tunnel through site proxy (when agent behind NAT) - P3
• Local port forwarding through tunnel - P3

User Experience & Interface Design

Design Philosophy

• Beautiful AND functional - no compromise, no "ugly but it works"
• Clean, modern aesthetic with purposeful whitespace
• Information density without clutter
• Consistent design language across all modules
• Accessibility (WCAG compliance, screen readers, keyboard nav)

Customization

• Dark/light/system theme - P2
• Customizable dashboard layouts (drag-and-drop widgets) - P2
• User-defined color accents/branding - P2
• Configurable data density (compact/comfortable/spacious) - P2
• Saved views and workspace layouts - P2
• Per-user preferences synced across devices - P2
• Custom CSS injection for white-label deployments - P3

Real-Time Updates

• WebSocket-based live data (no page refresh) - P1
• Real-time agent status changes - P1
• Live metric updates on dashboards - P1
• Instant alert notifications (toast/badge) - P1
• Collaborative indicators (who else is viewing this ticket) - P3
• Optimistic UI updates (instant feedback, sync in background) - P2

Third-Party Module Integration

• Plugin/module API for UI extensions - P2
• Dashboard widget SDK (third parties can add widgets) - P2
• Panel embedding (iframe or native component) - P2
• Unified navigation (third-party modules appear native) - P2
• Shared authentication context - P2
• Event bus for cross-module communication - P2
• Style guide/component library for consistent third-party UI - P2

Core UX

• Mobile responsive (PWA capable) - P2
• Keyboard shortcuts with command palette (Cmd+K) - P2
• Saved searches/filters - P2
• Bulk selection and actions - P2
• Contextual right-click menus - P3
• Undo/redo for destructive actions - P2
• Breadcrumb navigation - P1
• Global search (agents, tickets, customers, docs) - P1

Customer Portal (End-User Facing)

• Branded portal per customer (white-label) - P2
• Ticket submission and tracking - P1
• View open/closed ticket history - P1
• Asset inventory view (their devices) - P2
• Service status dashboard (are things healthy?) - P2
• Meaningful metrics (uptime, response times, SLA status) - P2
• Invoice/billing history - P3
• Knowledge base / self-service articles - P2
• Scheduled maintenance notifications - P2
• Contact directory (who to call for what) - P2
• Document library (contracts, policies, procedures) - P3
• Approval workflows (quote approvals, change requests) - P3
• Mobile-friendly / PWA - P2

---

Integration Features

PSA/Ticketing Integration (External)

• ConnectWise Manage - P3
• Autotask - P3
• HaloPSA - P3
• Generic webhook for tickets - P2
• Pluggable PSA adapter architecture - P2

GuruPSA (Companion CRM/PSA) - Separate Project

• Core ticketing system - P1
• Customer/company management - P1
• Contact management - P1
• Asset linking (from RMM) - P1
• Time tracking - P2
• Contracts/SLA management - P2
• Quoting/proposals - P3
• Project management - P3
• Knowledge base - P2
• Technician mobile app - P3
• Calendar/scheduling - P3
• Email integration (ticket from email) - P1
• Alert-to-ticket automation - P1
• Shared reporting engine with RMM - P1

Automated Usage-Based Billing (GuruPSA + RMM Integration)

No more manual agent counting. Usage data flows automatically to invoices.

Core Billing Engine

• Recurring invoice generation - P2
• Usage metering framework (count anything, bill for it) - P2
• Billing rules engine (per-agent, per-user, tiered, flat) - P2
• Proration for mid-cycle changes - P2
• Invoice approval workflow (review before send) - P2
• Multi-currency support - P3
• Tax calculation / integration - P3
• Payment gateway integration (Stripe, QuickBooks, etc.) - P2

RMM-to-Invoice Automation

• Live agent count per customer - P1
• Auto-sync agent count to invoice line items - P2
• Agent add/remove reflected immediately in billing - P2
• Billable vs non-billable agent classification - P2
• Per-agent-type pricing (server vs workstation) - P2
• Audit trail (agent added on X date, removed on Y) - P2
• Usage snapshots for billing period - P2
• Dispute resolution (customer says "I only had 10") - P2

Third-Party Usage Integration

• Generic API adapter for usage data - P2
• MSP Backup integration (licenses, storage used) - P2
• Microsoft 365 license count (via Graph API) - P2
• Google Workspace license count - P3
• DNS/domain registrar counts - P3
• Security product license counts - P3
• Storage/bandwidth metering - P3
• Custom API connector builder - P3

Billing Intelligence

• Usage trending (predict next invoice) - P3
• Anomaly alerts (sudden agent spike/drop) - P2
• Margin analysis per customer - P3
• Contract vs actual usage comparison - P2
• Unbilled usage warnings - P2

Unified API Architecture

• RESTful API for all RMM functions - P1
• RESTful API for all PSA functions - P1
• OpenAPI/Swagger documentation - P1
• Webhook system (outbound events) - P2
• API versioning strategy - P1
• Rate limiting and quotas - P2
• API key management - P1
• OAuth2 for third-party integrations - P2
• GraphQL endpoint (optional) - P3
• Event-driven architecture (pub/sub) - P2
• Integration SDK/client libraries - P3

Documentation

• IT Glue integration - P3
• Hudu integration - P3
• Auto-document discovered info - P3

Backup

• Veeam status monitoring - P3
• Datto status monitoring - P3
• Generic backup job monitoring - P2

Network

• SNMP monitoring - P3
• Network device discovery - P3
• Bandwidth monitoring - P3

---

Security Features

Endpoint Security

• Antivirus status monitoring - P2
• Windows Defender management - P2
• Firewall status - P2
• Security baseline compliance - P3
• Vulnerability scanning integration - P3

Audit & Compliance

• Full audit trail - P1
• Session recording - P3
• Compliance reporting (SOC2, etc.) - P3
• Data retention policies - P2

Agent Security Hardening (P1 post-alpha)

• Dependency vulnerability scanning (CI/CD pipeline) - P1
• Automated CVE monitoring for all dependencies - P1
• Regular security audits of agent codebase - P1
• Minimal attack surface (no unnecessary open ports) - P1
• Code signing for agent binaries - P1
• Secure update mechanism (signed updates only) - P1
• Memory-safe language benefits (Rust) - P1
• Principle of least privilege (drop privs where possible) - P1
• Certificate pinning for server communication - P2
• Tamper detection (agent integrity monitoring) - P2
• Sandboxed command execution option - P3
• Security disclosure program / responsible disclosure policy - P2
• Penetration testing (periodic) - P2
• SBOM (Software Bill of Materials) for transparency - P2
• Rapid patch deployment capability - P1

---

Infrastructure

Deployment

Development/Small Scale

• Docker Compose deployment - P1
• Single-server setup (dev, small MSP <500 agents) - P1

Production/Cloud Scale

• Kubernetes deployment - P2
• Cloud-native architecture (AWS, Azure, GCP) - P2
• Horizontal scaling (stateless API servers) - P2
• Auto-scaling based on load - P2
• High availability (multi-zone, failover) - P2
• Load balancing (API, WebSocket, dashboard) - P2
• Geographic distribution (multi-region) - P3
• CDN for dashboard/static assets - P2
• Managed database services (RDS, Cloud SQL) - P2
• Message queue for agent check-ins (Redis, RabbitMQ, SQS) - P2
• Connection pooling for 50k+ concurrent agents - P2
• Read replicas for reporting/analytics queries - P2
• Tenant isolation (multi-tenant SaaS) - P3

Code Signing & Distribution (Pre-Release)

• Windows EV Code Signing Certificate - P1 (pre-release)
  • Required for SmartScreen reputation
  • ~$400-600/year (DigiCert, Sectigo, GlobalSign)
  • Hardware token required for private key
• Apple Developer Program enrollment - P1 (pre-release)
  • $99/year - covers macOS signing and notarization
  • Required for Gatekeeper approval on macOS 10.15+
• Signing pipeline integration (CI/CD) - P1 (pre-release)
• Notarization workflow for macOS builds - P1 (pre-release)
• Secure key storage (HSM or hardware token) - P1 (pre-release)

Data

• PostgreSQL backend - P1
• Redis caching - P2
• Time-series DB for metrics (InfluxDB/TimescaleDB) - P2
• Data archival/retention - P2
• Backup/restore - P1

---

Platform Support

Agent Platforms

• Windows (x64) - P1
• Windows (ARM64) - P3
• Linux (x64) - P1
• Linux (ARM64) - P2
• macOS (Intel) - P2
• macOS (Apple Silicon) - P2
• FreeBSD - P3

Mobile Device Management (MDM)

• iOS/iPadOS agent (MDM profile-based) - P2
• Android agent (Work Profile / Device Admin) - P2
• Mobile device inventory - P2
• App deployment/management - P3
• Remote lock/wipe - P2
• Location tracking (with consent) - P3
• Compliance policies (PIN, encryption) - P2
• BYOD vs corporate device handling - P3
• Apple Business Manager integration - P3
• Android Enterprise integration - P3
• Mobile management dashboard - P2
• Push notification for alerts - P2

Appliance/NAS Agents

• Unraid plugin - P2
• Synology package (DSM) - P2
• QNAP package (QTS) - P3
• TrueNAS plugin - P3
• Netgear ReadyNAS (limited/polling) - P3
• Docker container agent (for containerized appliances) - P2
• SNMP-based monitoring (for appliances without agent support) - P2
• Proxmox integration - P2
• ESXi/vSphere monitoring - P3

Appliance-Specific Metrics

• RAID/array health status - P2
• Drive temperatures and SMART data - P2
• Share/volume utilization - P2
• Replication/sync job status - P3
• UPS status (NUT integration) - P2
• Docker container status (for Unraid/NAS) - P2
• VM status (Proxmox/ESXi) - P3
• Backup job status - P2

Installation Methods

• MSI installer (Windows) - P1
• DEB package (Debian/Ubuntu) - P2
• RPM package (RHEL/Fedora) - P2
• Homebrew (macOS) - P3
• One-liner install script - P1

---

Future Considerations

AI/Automation

Ticket Intelligence (P2)

• Grammar/spelling correction for technician notes
• Professional tone enhancement (convert shorthand to proper language)
• Auto-summarization of long ticket threads
• Smart ticket categorization/tagging based on content
• Duplicate/related ticket detection (3 people report same issue → merge offer)

Troubleshooting Assistant (P2)

• Suggest solutions based on similar past tickets
• Pattern matching on ticket subject/description
• Alert-to-resolution correlation (what fixed this alert before?)
• Knowledge base article suggestions
• "This issue was resolved X times before by doing Y"

Proactive Intelligence (P3)

• Anomaly detection (ML-based)
• Auto-remediation scripts (with approval workflow)
• Natural language queries ("show me servers with high CPU this week")
• Predictive alerting (disk will be full in 3 days based on trend)

Advanced Features

• Asset lifecycle management - P3
• License management - P3
• Cost tracking/billing - P3
• API for third-party integrations - P2

(White-labeling moved to Core Agent Features → White-Labeling / Branding)

---

Development Phases

Phase 1: Foundation (MVP)

Core RMM functionality - enough to monitor your own clients.

• Agent: heartbeat, basic metrics (CPU, RAM, disk), Windows + Linux
• Server: agent registration, API, database
• Dashboard: agent list, status, basic metrics view
• Alerts: threshold-based, email notification

Phase 2: Operational

Day-to-day MSP operations.

• Remote commands, PowerShell/Bash execution
• Patch status, software inventory
• Alert escalation, maintenance windows
• Basic reporting

Phase 3: PSA Integration

GuruPSA companion or third-party PSA.

• Ticketing, customer management
• Alert-to-ticket automation
• Time tracking, basic billing
• Customer portal

Phase 4: Scale & Polish

Production-ready for broader use.

• Cloud deployment, horizontal scaling
• Advanced reporting, usage-based billing
• UI polish, customization
• Third-party integrations, plugin SDK

Phase 5: Intelligence

Differentiation features.

• AI ticket enhancement, troubleshooting suggestions
• Anomaly detection, predictive alerting
• Advanced analytics

---

Design Principles

True Integration, Not API Checkboxes

Unlike vendors who claim "API integration" but deliver siloed products that barely talk to each other, GuruRMM and GuruPSA must be designed as a unified system:

• Single Action, Full Workflow: When an admin initiates an EDR scan from the RMM, the PSA should automatically:

  • Create/update a ticket with scan status
  • Log the action against the asset
  • Update documentation with findings
  • Trigger alerts/escalations based on results
  • No manual steps, no copy-paste, no "check the other product"

• Bidirectional Context: A technician viewing a ticket should see:

  • Real-time agent status
  • Recent alerts and metrics
  • One-click remote access
  • Full asset history
  • Not just a link to "go look it up in the RMM"

• Event-Driven Architecture: Actions in one product automatically trigger appropriate responses in others. Not "you can build it yourself with the API" - it works out of the box.

• Shared Data Model: Assets, customers, contacts, and history exist once and are referenced everywhere. No sync conflicts, no duplicate data entry.

Avoid the Datto Anti-Pattern

Datto owns ITGlue, Autotask, DattoRMM, and EDR - yet they operate as separate products that happen to have APIs. Example failures to avoid:

• EDR scan results don't auto-create tickets
• RMM alerts require manual ticket creation
• Documentation requires separate manual updates
• "Integration" means "we have an API, build it yourself"

GuruRMM/GuruPSA should feel like one product with different views, not two products bolted together.

---

Notes

Add feature ideas and notes here as they come up:

• GuruPSA will be a separate repo but designed to integrate seamlessly with GuruRMM
• API-first design: both products should be fully controllable via API
• Users can use GuruRMM standalone, GuruPSA standalone, or both together
• Third-party PSA users get first-class integration via pluggable adapters
• Consider shared authentication/SSO between RMM and PSA

Project Structure

GuruRMM (this repo)
├── agent/        - Rust agent for endpoints
├── server/       - Rust API server
├── dashboard/    - React web dashboard
└── docs/         - Documentation

GuruPSA (future repo)
├── server/       - API server (Rust or Node?)
├── dashboard/    - React web dashboard
├── portal/       - Customer portal
└── docs/         - Documentation

Shared
├── guru-api-sdk/ - Client libraries for API
└── guru-common/  - Shared types/utilities

---

Last updated: 2025-12-15