ROADMAP

Direction, not commitments.

The north star: an AI-native iGaming framework where agents don't just help build it - they help run it.

NOW

Live in the repo today

NEXT

Actively planned, coming next

LATER

Directional - not committed

VISION

Most iGaming platforms are built and operated by large specialist teams. Openora is a framework designed so AI agents are first-class from day one: they read the self-describing codebase, build features, write tests, review changes and - over time - assist operations. Its job is to stay contract-first, headless and greppable, so agents can always reason about it safely.

PRODUCT CAPABILITIES

What Openora does.

Player-, wallet-, compliance- and game-facing capabilities, and how far along each one is.

Player management

NOW
  • Player profile - core data and status management
  • Player status change history
  • Player segmentation and tagging
NEXT
  • GDPR export and erasure
  • Age-gate / DOB enforcement
LATER
  • AI-driven player insights and segment suggestions via MCP

Access control

NOW
  • Admin authentication
  • Roles and permissions matrix
NEXT

-

LATER

-

Wallet management

NOW
  • Omnibus wallet - deposits, withdrawals, auto-withdrawal rules
  • Transaction history (wins, losses, multi-currency)
  • PSP adapter port - operators bind their own payment provider
  • Idempotency keys on the deposit/withdraw money path
NEXT
  • Crypto custody adapter interface - operators bring their own custody solution
  • A production PSP reference implementation (only a mock ships today)
LATER
  • Per-user vs. omnibus custody as a configurable choice

Compliance

NOW
  • KYC interface - plug in any external provider (a mock ships as the reference)
  • Responsible gambling - limits, cooling-off, self-exclusion
  • Audit log - append-only, sha256 hash-chained event logging
  • Sealed tokens - a plugin cannot override a regulator-mandated service
  • Geo rules - jurisdiction allow/deny at the edge of the API
NEXT
  • Sealed-token implementations (RG, AML/SAR, ledger, RNG)
  • AML / SAR monitoring foundations
  • Geo-deny baseline - OFAC / sanctions lists
  • A production KYC vendor binding
  • GDPR export and erasure
  • Age-gate / DOB enforcement
LATER
  • Jurisdiction-specific compliance rule packs

Game management

NOW
  • Game catalogue, lobby categories and featured slots
  • Game rounds - start/end, recorded against the wallet
  • Game, RNG and aggregator adapter ports (mock implementations ship)
NEXT
  • A production game aggregator reference implementation
  • Sportsbook adapter interface - operators bring their own odds and risk provider
LATER
  • Promotions and bonus engine management

Backoffice experience

NOW
  • Admin-console module - admin routes behind a single AdminGuard enforcement point
  • Roles, permissions and admin invitations (IAM)
NEXT
  • A public reference backoffice UI, decoupled from any operator's brand
  • Full module coverage in that reference UI (wallet, RG, KYC screens)
LATER
  • White-label backoffice themes for studios and partners
  • Multi-brand management from a single backoffice

AI operations

NOW
  • MCP server - manage Openora via natural language
NEXT
  • Configurable agent scope - operators control what agents can touch
  • AI copilots surfaced in the backoffice UI
LATER
  • Agent-assisted ops - fraud triage, support, compliance review
  • AI-driven player insights and segment suggestions
TECHNICAL IMPROVEMENTS

How it's built.

Repository, architecture, AI-native tooling and the quality bar behind the product.

Repository

NOW
  • Public release readiness - no client refs, no secrets
  • Drizzle migrations squashed to a clean baseline
  • AGPLv3 + commercial license integrated
  • Repository and backoffice pages cleanup
NEXT
  • Stable 1.0 release line with semver guarantees
LATER

-

Architecture

NOW
  • Published @openora/core on npm - consumers upgrade by bumping a version, no forking
  • Single @openora/core package with domain subpaths
  • Headless - no UI in core, frontend lives in the consumer
  • oRPC + Hono API with Zod-first contracts
  • Plugin host with last-wins adapter binding
  • create:app scaffolds a downstream operator repo linked to core
NEXT

-

LATER
  • A durable broker driver (Kafka/Redpanda, NATS) as a drop-in swap
  • Hot modules extractable to independent deployables
  • Multi-brand / multi-tenant hardening for studios

AI-native surface

NOW
  • MCP dev server - list modules, routes, schemas, propose tables
  • AGENTS.md per module - AI-first documentation
  • Claude Code + GitHub Copilot parity via pnpm sync:agents
  • Scaffolders - pnpm gen module | route | plugin | adapter | event | job-worker
NEXT

-

LATER
  • Agent-built verticals - promotions, loyalty, reporting end-to-end
  • Richer scaffolders and playbooks per business domain

Documentation and DX

NOW
  • Architecture docs - contract spine, plugin host, adapter seams
  • Consumer / Operator Guide - how to extend without forking
  • Quick Start - clone, install, run in under 15 minutes
  • Reference adapter - mock KYC as a starting point
NEXT

-

LATER

-

Quality and security

NOW
  • OSS security review - secrets scan, dependency scan, repo audit
  • No-drift CI check on all generated files
  • pnpm verify (typecheck + boundary lint + unit) + integration in CI
NEXT
  • E2E test coverage for all money-path flows
  • E2E test coverage for auth flows
LATER

-

Adapter contracts

NOW

-

NEXT
  • Production-ready PSP adapter contract with reference implementation
  • Production-ready crypto custody adapter contract
  • Game aggregator adapter contract with reference implementation
  • Sportsbook adapter contract with reference implementation
LATER
  • CRM and marketing platform adapter contract
  • Notifications adapter contract (email, SMS, push)
  • Analytics adapter contract

Infrastructure

NOW

-

NEXT
  • Reusable Pulumi infra generator - ECS, RDS, Redis, ALB
  • igaming-deployer agent wired into the consumer scaffolder
LATER

-

Ecosystem

NOW

-

NEXT

-

LATER
  • Community plugin marketplace
  • Adapter registry - PSP, KYC, aggregator, notifications, CRM
HOW AI SHAPES EVERY LAYER

Built for agents, not bolted onto them.

01
Contracts

Machine-readable (Zod + OpenAPI) so agents validate against truth, not guesses.

02
Docs

AGENTS.md files are written for agents first, humans second.

03
Tooling

MCP servers and scaffolders give agents safe, deterministic actions instead of free-form edits.

04
Guardrails

Boundary lint, sealed tokens and drift checks let an agent move fast without breaking architecture or compliance.

This page is a living document - it tracks the ADRs under docs/adr/ in the Openora repo. Treat dates and scope as directional.

Build it. Evolve it.
Own it.

Whether you're building from scratch, extending a legacy platform or planning a gradual migration, the framework gives you the freedom to evolve without vendor lock-in.