Public Roadmap

You need to know what is shipping next before you standardize on an analytics stack. This page summarizes public HitKeep roadmap buckets. The live planning view lives in the HitKeep Release Buckets GitHub Project, where release buckets are tracked as public milestones.

Roadmap Notes

Release numbers are target buckets, not a delivery contract.
Scope can move if implementation details change or a feature adds too much operator complexity.
GitHub Projects tracks the live bucket status. This docs page explains the product direction in plain language.
Release Please, the changelog, and GitHub Releases define the source of truth for shipped versions.
The constraint does not change: HitKeep stays focused on a single-binary, privacy-first, auditable product without turning into a sprawling analytics platform.

Recently Shipped

Recent HitKeep releases focused on migration paths, Search Console reporting, server-side ingest, cleaner data, AI-era reporting, automatic event coverage, Web Vitals, dashboard polish, city and network analytics, and governed access for internal tools.

HitKeep 2.6.0 is the latest stable release. It adds derived city, provider, and ASN analytics across dashboards, Opportunities, MCP, takeout, retention, shared reports, and the API while keeping raw visitor IP addresses out of hit storage. HitKeep 2.5.1 closed the 2.5 line with a dashboard refresh, clearer API-client site grants, token rotation, audit coverage, share-mode Web Vitals reports, and stale AI provider warning cleanup. If you want release-by-release detail, check the changelog, the 2.6.0 release post, the 2.5.1 release post, and the 2.5.0 release post alongside the higher-level roadmap below.

2.6.0 City And Network Analytics

Browser and server-side hits can store derived region, city, provider, ASN, and ASN organization metadata after trusted-proxy IP resolution.
Runtime lookup uses embedded compressed IP2Location LITE-derived assets. It does not download IP metadata or require a download token in production.
Dashboards use consistent tabbed metric-card groups for Content, Acquisition, Audience, Location, and Network where those dimensions apply.
Countries and cities appear under Location. Providers and ASNs appear under Network.
Events, goals, funnels, ecommerce, Web Vitals, AI chatbot analytics, AI visibility, and shared dashboards can show city/provider/ASN aggregate context where useful.
Opportunity Recommendations can cite aggregate top city, provider, and ASN evidence without persisting raw IP addresses, user agents, or visitor rows.
Read-only MCP tools can return city, provider, and ASN aggregate filters and breakdowns without exposing raw visitor data.
Site/user takeout, filtered hit exports, retention archives, deletion/reset, and backup/restore cover the new metadata fields.
Public docs and source attribution include the required IP2Location LITE credit.

2.5.1 Dashboard Refresh And API-Client Clarity

Sidebar navigation groups related destinations while keeping parent labels usable as normal page links.
Settings and admin tables use a shared row-action menu pattern instead of mixed inline action stacks.
Create and edit flows use consistent dialog structure, footer order, close behavior, and submit/cancel handling.
API-client settings now describe site access as explicit grants. Site analytics, site-scoped MCP tools, and ingest require a grant for the target site.
Personal and team API clients can rotate tokens. The old token is invalidated immediately and the new token is shown once.
API-client create, update, revoke, reactivate, delete, and rotate actions are covered by audit entries without token material or token hashes.
Share links include the Web Vitals report, with aggregate p75 cards, trends, page rows, and visitor-context breakdowns.
The Opportunities page has dark-mode polish for filters, cards, evidence rows, status badges, and actions.
System Status clears stale AI provider warnings when the configured provider state recovers.

2.5.0 Opportunities And Web Vitals

Saved Opportunity Recommendations point teams at the next analytics setup, traffic quality, search visibility, AI visibility, or conversion signal worth reviewing.
Deterministic detectors decide the candidate type, evidence, impact, confidence, score, and status. Optional AI enrichment can only choose approved translation keys, interpolation params, and cited evidence IDs.
Optional AI enrichment is provider-agnostic and configured through environment variables on self-hosted instances. Instance owners can see enabled/configured state, provider/model labels, usage counters, cap state, and safe last-error categories in System Status.
Saved recommendations are available in the dashboard, regular email reports, read-only MCP output, share views, API responses, and takeout exports without exposing raw prompts, raw provider payloads, or provider secrets.
The feature avoids financial promises. It describes affected activity, setup gaps, traffic signals, search clicks, AI visibility signals, and conversion-signal coverage from aggregate evidence.
Opt-in Web Vitals reporting adds LCP, INP, CLS, FCP, and TTFB collection through a same-origin hk-vitals.js bundle that only loads when a site enables Web Vitals.
The Web Vitals dashboard shows p75 metric cards, threshold bars, rating mix, trends, searchable path selection, paginated page breakdowns, and browser, country, language, and device context.
Web Vitals samples use server-derived ratings, normalized paths without query strings or hashes, tenant-local storage, retention, takeout, deletion, archive behavior, and read-only MCP aggregate access.
Poor or needs-work Web Vitals can feed Performance Opportunities from aggregate evidence, linking the recommendation back to the relevant metric and page scope.
Self-hosted subdirectory installs can set HITKEEP_PUBLIC_URL to a path-prefixed URL so dashboard assets, API calls, tracker bundles, ingest routes, API reference, and generated public links stay below the configured mount path.

Site export dropdown actions stay bound to the intended site row while the menu is open
Site-specific CSV, XLSX, Parquet, JSON, and NDJSON takeout downloads remain available from the Import & Export page
The all-sites export dropdown behavior is unchanged
Focused unit and Playwright coverage verify the localized desktop export flow before release

2.4.1 MCP Reverse Proxy Reliability And Go Security Fixes

MCP initialization now works for reverse-proxied deployments that expose a public /mcp endpoint while HitKeep listens on loopback
MCP request hosts are validated against HITKEEP_PUBLIC_URL, with loopback access preserved for local development
Unexpected MCP hosts still receive 403 Forbidden, while missing bearer tokens on valid hosts receive 401 Unauthorized
MCP tools, resources, token format, API-client scopes, and dashboard API behavior are unchanged
Release binaries, Docker images, and CI now use Go 1.26.3, clearing the standard-library govulncheck findings reported against Go 1.26.2

2.4.0 Imports, Search Console, Server-Side Ingest, And Dutch Localization

Historical Plausible imports from export ZIP files or loose CSV files with supported Plausible headers
Historical Simple Analytics imports from the All datapoints CSV export
Mandatory validation manifests before analytics rows are committed, with accepted files, date ranges, skipped rows, warnings, and supported coverage made visible
Compatible historical reporting for imported aggregate traffic and event data, with explicit exclusions when a report would need raw relationships the source export cannot prove
A shared dashboard, CLI, and Imports API lifecycle for chunked upload, validation, start, status, history, and deletion
Google Search Console integration with read-only OAuth, team-scoped connection state, admin-only property mapping, and tenant-scoped Search Analytics imports
Authenticated Search Console drilldowns for mapped sites, with clicks, impressions, CTR, average position, trends, top queries, top pages, and country/device breakdowns
Read-only MCP tools for mapped Search Console sites through hitkeep_get_search_console_status and hitkeep_get_search_console
API-client-only server-side tracking for trusted pageviews and custom events with original RFC3339 timestamps and transient visitor IP context for derived country, region, city, provider, and ASN metadata
Dutch dashboard and email localization

AI Visibility

Built-in AI visibility analytics for tracking AI crawler fetches and correlating them with later AI-referred visits
Reporting dimensions around assistant family, operator family, and resource type
A clearer way to answer which AI systems are discovering your content versus sending real follow-up traffic

AI Chatbots

Built-in AI chatbot analytics for on-site assistants, support bots, shopping helpers, and docs bots
Structured reporting for prompts, responses, citations, handoffs, and assisted conversions
Native dashboard support instead of forcing teams to stitch this together from generic custom-event charts alone

Spam Filtering Pipeline

A more sophisticated spam filtering pipeline with automated, sensitive defaults
Spamhaus integration for blocking known bad networks before they pollute reports
Referrer filtering to suppress classic analytics spam patterns
Host name filtering to cut out junk host values and noisy traffic sources
Cleaner reports without turning spam mitigation into a manual maintenance project

Automatic Events

Built-in automatic events for outbound_click, file_download, and form_submit
Privacy-safe event properties that strip query strings, hashes, link text, form fields, and request bodies
Dashboard analysis through the existing Event Analytics page
Per-site tracking settings and snippet attributes to disable specific automatic event classes

First-Party WordPress Integration

A first-party WordPress integration that installs the normal hk.js tracker without theme edits
Settings for self-hosted or managed HitKeep instances
WordPress-native controls for logged-in user tracking and automatic event coverage

Optional MCP Server

Optional MCP Streamable HTTP route at /mcp
Read-only aggregate analytics and official docs tools for assistants and internal reporting automation
Existing API client bearer tokens, site permissions, API rate limits, and tenant-aware analytics store resolution
No dashboard cookies, write tools, raw hit exports, admin operations, or billing operations

Next Target After 2.6.0: Stability And Enterprise Access Groundwork

The next target bucket after the 2.6.0 release is focused on making HitKeep easier to trust in daily use: calmer dashboard workflows, framework hardening, enterprise identity groundwork, and reliability work that reduces operator surprise.

Framework And Runtime Hardening

Angular, PrimeNG, Tailwind, Go, and dependency updates with focused regression testing
Dashboard performance and bundle-size checks where they affect real operator workflows
Continued single-binary behavior with no new required database, cache, queue, or hosted analytics dependency

Dashboard UX And Operations Polish

Continued refinement of empty, loading, error, and refresh states across analytics and administration pages
Clearer setup and integration confidence states for tracking, WordPress, automatic events, and connected data sources
Smaller workflow fixes that make repeated dashboard use calmer for operators, agencies, and team admins

Identity Groundwork

Preparatory work for future enterprise identity without shipping full BYO SSO as part of this bucket
Cleaner auth, permission, and audit boundaries where they reduce risk for later OIDC work
Full BYO SSO remains in a later Enterprise Access bucket

Later Target: Enterprise Access

The later enterprise access bucket is where full BYO SSO and governed identity work belongs once test coverage, security boundaries, and operator configuration are ready.

Human SSO

OIDC-based sign-in for dashboard users
Team and role mapping from trusted identity-provider claims
Self-hosted-friendly configuration for providers such as Keycloak, Authentik, Entra ID, Okta, and Google Workspace
Managed cloud support using the same underlying identity model, with plan gates where needed

AI And Automation Access

OIDC/JWT-governed access for MCP clients, API automation, and internal reporting tools
Tenant-aware permission checks for team, site, and analytics scope access
A model where AI tools can read approved aggregate analytics without sharing dashboard cookies or long-lived personal sessions

Audit And Operations

Audit events for human SSO sign-ins, machine-token access, denied access, and permission changes
Clear actor, client, team, site, scope, and timestamp context in the audit trail
Operator controls that fit the existing single-binary deployment model

Later Candidates: Insights, Attribution, And Reporting

These items remain active product directions after 2.4.0. They are target areas, not a commitment that every item lands in one release.

Team And System Audit Overview

More capable team audit visibility for member, role, invite, API client, site transfer, import, and settings activity
Clearer system audit visibility for instance maintenance, mail tests, spam refreshes, import staging cleanup, authentication events, and system operations
Shared audit table behavior across team and system views, including action, target type, outcome, actor, date range, free-text query, pagination, and evidence details where available
Permission-gated audit access so team activity and instance operations remain separate views for different operational questions
Owner export paths for matching instance audit rows in JSON or CSV
Continued invariant that data operations produce audit events, including imports and Search Console data operations

Automatic Insights And Traffic Monitoring

Traffic spike and drop detection across pageviews, visitors, campaigns, referrers, goals, funnels, ecommerce, downloads, and outbound clicks
New or unusual referrers, campaigns, pages, AI sources, and automatic-event activity
Period summaries that point to the biggest movers instead of making teams inspect every chart by hand
Deterministic local reporting. No required external AI service

Conversion Attribution

Campaign, referrer, landing page, and AI-source reporting tied to goals, funnels, ecommerce revenue, downloads, form submissions, and outbound clicks
A clearer way to answer which sources and pages brought converting traffic
Attribution built on aggregate HitKeep events and sessions, without adding user-level tracking or cookie-based identity

Page Intelligence

Focused page reports for traffic trends, entrances, exits, sources, UTM campaigns, goals, events, downloads, outbound clicks, AI referrals, and AI fetch activity
Better context when a top page changes, underperforms, or becomes an important conversion path
Continued reuse of the existing page, event, ecommerce, and AI visibility data model

Smarter Scheduled Reports

Daily, weekly, and monthly reports that summarize the most important changes for each site or account
Report sections for campaign winners, conversion drops, new referrers, changed pages, and automatic-event movement
Client-ready reporting that stays useful for agencies, internal stakeholders, and operators who do not live in the dashboard every day

Further Horizon

These are active product directions, but they sit beyond the near-term release buckets above.

First-Party SDKs And Integrations

More first-party SDKs and integrations after the initial WordPress work
A smoother path for teams that want native platform setup instead of wiring everything through the raw snippet or ingest API
Continued focus on keeping integrations simple and aligned with the core HitKeep data model

Custom Branding

Custom branding for teams, agencies, and customer-facing dashboards
Better fit for client portals, shared dashboards, and branded cloud workspaces

What Will Not Change

Even as the feature set grows, the product direction stays the same:

single binary
zero external database dependency
privacy-first defaults
open export formats
self-hosted and managed cloud from the same product foundation

If you need something specific for a deployment, procurement review, or migration, open an issue on GitHub or see HitKeep Cloud if you want the same product without the operational overhead.