📌 Milestone: v1.0.0 Roadmap

We're excited to announce a major set of improvements bringing us significantly closer to the v1.0.0 release of VisionBoard. This update strengthens the platform’s architecture, testing, and deployment—paving the way for new management and developer experience (DX) features.

✅ What's New​

🔧 Web Server & Routing​

• Replaced static file serving with a new Express-based web server.
• Added routes for REST API:
  • /api/v1/__health
  • /api/v1/generate-reports
  • Website routes: /, /projects/:id.
• Built with graceful startup and robust shutdown logic.

🖥 Dynamic Website Rendering​

• EJS templating with partials for consistent layout and DRY structure.
• Website routes now render dynamic content while maintaining support for static report generation (backward-compatible).

✅ End-to-End Testing​

• Fully integrated Playwright-based E2E tests with PostgreSQL-seeded test data.
• CI-powered HTML reports and screenshots for visual regression tracking.
• data-testid attributes added to templates for selector stability.
• GitHub Actions integrated for test results.

🧪 Unit & Integration Tests​

• HTTP route coverage (/, /api/v1/__health, /projects/:id) using Supertest.
• Tests for schema validation, internal link builders, and utility functions.

🔍 API Validation & Swagger​

• Full request/response validation via OpenAPI.
• Swagger UI for easy API exploration.
• API middleware limited to /api/* routes—UI remains unaffected.

🛡 Secure, Health-Checked Containers​

• Hardened Docker and Compose workflows (drop root privileges, health checks...)

🧹 Refactoring & Structure​

• Introduced modular src/reports/ structure for better testability and separation of concerns.
• Isolated static assets and route middleware from server entrypoint.

📦 Dependency Updates​

• Added: express@5, supertest, @playwright/test and swagger-endpoint-validator
• Removed: finalhandler, serve-index

📁 New Directories​

• src/httpServer/: Server setup, routing, middleware.
• src/reports/templates/partials/: EJS partials for shared layout.
• src/schemas/: JSON schema validation.
• e2e/: Playwright tests, setup/teardown scripts, CI workflows.

📄 Full changelog: Compare v0.1.0-beta3...may'25 changes

🔭 What’s Next?​

We’re now focusing on feature expansion and developer tools:

• 🔧 Rewrite CLI to use REST API directly
• 🛠 Build Admin UI for project and checklist management
• Rethink Scorecard integration for broader utility.
• More enhancements in DX, tooling, and project observability.

📌 Track progress on the v1.0.0 Project Board

---

🙌 Thanks​

A huge thank-you to all contributors helping make VisionBoard what it is today. Your efforts are building a rock-solid foundation for the features to come!

Thank you for stopping by, and we look forward to building an amazing open source ecosystem together!
— Ulises Gascón

Welcome to the OpenPathfinder blog! We're thrilled to have you here. This blog will serve as a space to share project insights, tutorials, updates, and community spotlights. If you’re new to OpenPathfinder, this post will give you an overview of what we’re all about, including VisionBoard, FortSphere, and our project History. Plus, we’ve included a special demo video below—check it out!

What is OpenPathfinder?​

OpenPathfinder is a collaborative open source initiative that empowers developers and organizations to secure, monitor, and manage their projects efficiently. We are committed to building tools that:

• Simplify compliance with security and operational standards.
• Automate repetitive tasks, freeing up time for maintaining projects.
• Provide actionable insights to maintain project health.

To get started, visit our Getting Started Guide. Whether you’re an experienced developer or just exploring new technologies, you’ll find everything you need to set up your environment and begin working with OpenPathfinder.

VisionBoard​

VisionBoard is a CLI tool that can query and store information from external resources about your project and perform complex analysis against compliance rules, this helps organizations transform raw data into actionable insights. Created to support the OpenJS Foundation projects, it simplifies the complex task of monitoring security and operational health. Here are a few highlights:

• Customizable Checks and Checklists: Automates compliance with security standards, such as the OpenJS Security Compliance Guide. Offers flexibility to define checks tailored to your project needs.
• Integration with tools: Connects to GitHub APIs, OSSF Scorecard, and other external sources to enrich and analyze data. This ensures up-to-date and comprehensive insights.
• Intuitive dashboards: Offers visual insights into the state of your projects, making it easier to identify trends, risks, and areas for improvement.

By focusing on planning and clarity, VisionBoard helps keep your entire team aligned around compliance and community expectations.

FortSphere​

FortSphere is a community-driven, open source CLI tool crafted with love by maintainers for maintainers. It empowers you to secure and streamline your GitHub organizations and repositories, ensuring you’re always in control. Here are some highlights:

• Your tokens and data stay local: All operations are performed locally—your sensitive information never leaves your machine.
• No blind trust required: As an open source project, you don’t need to trust others—just the transparent and collaborative efforts of its contributors.
• Centralized policy management: Apply security and operational policies across all your GitHub organizations with one command.
• Real-Time checks and updates: Detect non-compliant configurations and resolve them automatically.
• Customizable policies: Choose from a suite of predefined policies or create your own.

By focusing on transparency and modularity, FortSphere empowers OSS Maintainers to improve the security posture for their projects easily.

Watch the Demo​

In this video, you’ll see how seamlessly VisionBoard and fortSphere integrate and how OSS Maintainers can use checks and policies to detect and mitigate security flaws.

Explore our journey​

Curious how OpenPathfinder came to be? Our roots can be traced through the History page, where we highlight major milestones and the long journey that started in 2024 with the creation of the Security Program Standards for the OpenJS Foundation

Get Involved​

We invite you to join the OpenPathfinder journey. Here are some ways to get started:

1. Explore the Docs: Get an overview of VisionBoard, FortSphere, and other modules. You can also visit our Getting Started Guide for setup instructions.
2. Contribute: Check out our Contribute page to learn how to report issues, request features, and submit pull requests.
3. Support: If you’d like to go the extra mile, visit our Support page to see how you can help sustain the project.
4. Stay Updated: Follow this blog for the latest news, tutorials, and community highlights.

Thank you for stopping by, and we look forward to building an amazing open source ecosystem together!
— Ulises Gascón