Roadmap
What's live, next, and further out.
We don't publish dates; we publish ordering. Now ships today. Next is in active engineering and lands in the weeks ahead. Later is on the deck and will move up as the foundation supports it.
If something on the Later list would unlock a real workload for you today, mail [email protected] — concrete demand reorders the deck.
Everything that already shipped is on the changelog.
Live and supported today.
-
iPhone family fingerprint parity (81 profiles, iPhone 13 → 17 Pro Max)
The fingerprint matches the real phone exactly — bit for bit (bit-identical parity) — across 81 device profiles spanning the iPhone 13 through 17 Pro Max families, on iOS 18.6 / 18.7 and Safari 18.6 through 26.5. Every signal a website can measure matches the real phone, or the build is blocked. This is the platform foundation; everything else builds on top.
-
TypeScript · Python · Go SDKs
Ready-made client libraries in three languages, with duplicate-request protection (idempotency keys), helpers for permission scopes, behaviour presets, and proxy set-up, plus built-in webhook signature verification. All three are regression-tested to send and receive exactly the same data (wire-shape parity).
-
Customer dashboard at app.driftstack.dev
Account self-service for sessions, profiles, snapshots, API keys, webhooks, billing, audit log, MFA enrollment, and team management. Live; ships with the rest of the platform.
-
Webhook delivery infrastructure
Events are cryptographically signed (HMAC-SHA256) so you can verify they really came from us, with a 5-minute clock-difference allowance (timestamp tolerance), retries you configure, a holding queue for deliveries that keep failing (the dead-letter queue), and one-click re-send from the dashboard. Subscribe to session lifecycle, crypto-order, and API-key events.
-
GUI client for human operators
Desktop app (built on Tauri; macOS first) for the Manual plans — Personal, Team, and Agency. Drive sessions yourself, manage 10–200 persistent profiles, no code required.
-
Public status page
status.driftstack.dev with manual + auto-poll incident history, email subscriptions, and a simple-by-design surface for "is the platform working right now?".
-
OAuth signup (Google · GitHub)
"Continue with Google" / "Continue with GitHub" alongside email + password. Provider-verified emails skip the verification step.
-
API key rotation with grace window
Rotate a key without breaking in-flight clients. New key issued, old key kept valid for a configurable grace period, then auto-revoked. Same pattern already shipped for webhook signing secrets.
-
Recipe library (capture + manage at v1.0)
Save a finished agent-session as a replayable recipe — it keeps the step-by-step action list (the structured intent_log) and the transcript, so replaying it doesn't spend AI budget working the steps out again. Create, list, read, and delete ship at v1.0; running a saved recipe (recipe execution) lands at v1.1.
-
Agent sessions — natural-language automation with AI / manual / pair modes
Tell any session what to do in plain language (a chat-style decompose-and-execute loop on top of any driver session). AI mode (the default) turns your message into concrete browser steps — go to a page, tap, wait, capture (structured intents: navigate / interact / wait / capture) — and carries them out; manual mode passes commands straight through when you drive from your own interface; pair mode lets you take over from the AI and hand back. Watch the live transcript as it runs (Server-Sent Events); if your connection drops, it resumes where it left off (Last-Event-ID resume). The built-in AI is opt-in and runs on an Anthropic budget we manage — or bring your own Anthropic key (BYOK) via PUT /v1/account/me/byok-anthropic-key: the server route is live today and your stored key is used automatically; the dashboard page for it lands at v1.1.
In active engineering.
-
Account deletion (GDPR Article 17)
Self-service account deletion with explicit retention disclosure — recordings hard-deleted, invoice history kept per EU tax law, audit trail of the deletion event itself preserved.
-
Live session WebRTC stream
Watch a remote session render live in your browser, including from the GUI client. Useful for debugging detection challenges and verifying that a session actually navigated to where you expected.
-
Workflow recording
Record a manual session in the GUI client, replay it programmatically via the SDK. Closes the gap between "explored manually" and "automated reliably" without re-implementing every click.
On the deck.
-
Older iOS archetypes (iPhone 12 + earlier)
iPhone 12 and earlier device-and-OS combinations, extending the catalog below the current iPhone 13 floor. Same source-level fidelity as the launch archetypes; pick which combination matches your target population. The 81-profile iPhone 13 → 17 Pro Max catalog (iOS 18.6 / 18.7, Safari 18.6–26.5) already ships at launch (see NOW above).
-
Android Chrome archetypes
Samsung Galaxy S24 / Pixel 9 / mid-tier Android device parity, source-level (Chromium fork instead of WebKit fork). Lands after the iOS catalog matures.
-
Hardware-key MFA (WebAuthn)
YubiKey, Touch ID, or your device's built-in unlock (platform authenticators), in addition to today's authenticator-app codes (TOTP) and recovery codes. Single sign-on for team accounts via the standards company identity systems use (SAML / OIDC).
-
Public benchmark page
benchmarks.driftstack.dev with comparative detection results — published methodology, reproducible test rigs, raw data.
-
Self-hosted parity polish
Same control plane as the SaaS — admin UI, dashboard, status surface — runnable entirely inside your own private cloud network (a single VPC) with zero outbound traffic to driftstack.dev.
Influence the order
Tell us what would unlock your workload.
Customer demand is the single best ordering signal we have. If you're trying to decide whether to bet on Driftstack and a Later item is the deal-breaker, say so — that information moves it up.