This document describes the planned development trajectory for Morrigan, from its current state through the v2.0.0 foundation milestone. Versioning follows Semantic Versioning.
Current version: v2.3.32
Last updated: April 2026
Morrigan's version numbers carry meaning:
| Type | Meaning | Example |
|---|---|---|
| Patch (x.x.X) | Bug fixes, security patches, content corrections | v1.1.0 β v1.1.1 |
| Minor (x.X.0) | New features, backward-compatible changes | v1.1.0 β v1.2.0 |
| Major (X.0.0) | Breaking data format or API changes, or milestone events | v1.x.x β v2.0.0 |
The jump from v1.x.x to v2.0.0 marks the completion of an independent cryptographic audit and formal foundation registration β not a feature release.
Theme: Core vault platform + public launch.
- Full multi-page public website (index, features, security, donate)
- Auth pages (login + signup with password strength meter)
- XChaCha20-Poly1305 encryption (client-side, via libsodium.js)
- Argon2id key derivation (64MB / 3 iterations)
- Shamir's Secret Sharing (distributed key recovery)
- Dead man's switch (configurable check-in intervals + grace periods)
- Bitcoin anchoring via OpenTimestamps (SHA-256 β Merkle root β OP_RETURN)
- Dual-channel authentication (email OTP + phone SMS)
- Beneficiary roles and assignment system (UI design)
- Canvas starfield animation, scroll reveals, tab switcher, accordion
- Mobile-responsive design (hamburger nav, fluid typography)
- GitHub repository scaffolding (README, CHANGELOG, CONTRIBUTING, SECURITY, LICENSE)
- AGPLv3 licence
- Setrex-inspired dark design system (BDO Grotesk, rgb(1,1,4), rgb(207,254,37))
Theme: 3-channel identity, documentation overhaul, code audit.
- 3-channel identity system β Email OTP + Phone SMS + TOTP 2FA
- 2-of-3 confirmation policy β any two of three channels must confirm sensitive actions
- TOTP compatibility β RFC 6238-compliant, works with Aegis, Raivo, Bitwarden, Google Authenticator
- security.html updated β 3-channel identity table, corrected auth roadmap, TOTP channel card
- features.html updated β corrected roadmap versions (v1.0.0 β v2.0.0)
- index.html updated β 3-channel copy throughout
- README.md rewrite β extended architecture, cryptographic stack, tech decisions, vibe coding attribution
- ROADMAP.md created β this file; correct versioning throughout
- INSTALL.md rewrite β thorough setup guide for local dev + production
- CHANGELOG.md updated β v1.1.0 entry with correct design tokens
- main.js audit β comprehensive technical comments on all 12 features (621 lines)
- "Built with Perplexity Computer" removed β replaced with "Built with β€οΈ + AI" + vibe coding explanation
- GitHub release v1.1.0 β tag, release notes, badge updates
- FTP deploy β all updated files deployed to morrigan.org
Theme: UI/UX overhaul, spacing system, domain migration.
- v2.3.29 β Nav animation fix: IX2 event
e-37removed fromwebflow.chunk2.js; hover/scroll effects applied to all pages - v2.3.30 β Spacing audit across beyond.html, security.html, how-it-works.html; per-folder encryption content added to how-it-works + beyond
- v2.3.31 β security.html full overhaul: 100/120px section padding, 42px headlines, 17px body, icon+badge chips on all 3 stacks (Cryptography, AI Community, Infrastructure)
- v2.3.32 β Domain migration:
morrigan.lifeβmorrigan.org; 80 replacements across 60 files; all docs updated; new FTP hostesm34.siteground.biz
Theme: Page-by-page content build, nav/footer polish, ZKP/security deep dives.
- beyond.html: full Zero-Knowledge Proof explainer, ZK proof section, enhanced cryptography, infrastructure section, CTA
- security.html: ZK cards, cryptographic stack, what-we-store/never-store, dead man's switch, AI community badges
- how-it-works.html: 5-step flow with SVGs, MorrΓgan-specific copy throughout
- donate.html: membership tiers, governance explainer, budget breakdown
- Nav + footer: hover/scroll effects propagated to all pages
- Per-folder encryption content integrated in how-it-works + beyond
- "MorrΓgan" fada accent enforced site-wide (Γ = U+00ED)
- "Built with Perplexity" removed everywhere β "Built with β€οΈ + AI"
Theme: Full TOTP backend implementation + post-quantum cryptography phase I.
- TOTP setup flow in vault UI (QR code generation, secret provisioning, backup codes)
- TOTP verification endpoint (server-side RFC 6238 validation with timing-safe comparison)
- Kyber-1024 key encapsulation (CRYSTALS-Kyber, NIST PQC standard)
- Dilithium digital signatures (CRYSTALS-Dilithium, NIST PQC standard)
- Hybrid classical + post-quantum encryption scheme (XChaCha20 + Kyber-1024)
- New vaults default to hybrid PQ+classical; migration path for existing vaults
- Documentation: post-quantum cryptography explainer
Theme: WebAuthn / hardware security keys.
- FIDO2 / WebAuthn registration and authentication
- YubiKey support (hardware token, phishing-resistant by cryptographic design)
- Passkey support (device-bound or synced platform keys)
- Passkey as a fourth optional identity channel (2-of-4 policy update)
- Hardware key recovery flow
- Documentation: WebAuthn explainer, hardware key recommendations
Theme: Mobile applications.
- Native iOS app (Swift / SwiftUI)
- Native Android app (Kotlin / Jetpack Compose)
- Biometric unlock (Face ID, Touch ID, fingerprint)
- Push notification check-ins for dead man's switch
- Offline vault access (encrypted local cache)
- Full feature parity with web platform
- TestFlight / Play Store internal testing
Theme: Multi-party vaults and collaborative legacy.
- Multi-owner vault (joint accounts, shared wills)
- Threshold approval for releasing specific items (e.g., 2-of-3 beneficiaries must acknowledge receipt)
- Collaborative editing with per-contributor audit log
- Conflict resolution for concurrent edits
- Role expansion: executor, witness, co-administrator
- Legal notes: multi-party digital will validity by jurisdiction
Theme: Independent audit, bug bounty, foundation registration.
This is a milestone release, not a feature release. The version bump to 2.0.0 marks the completion of:
- Independent cryptographic audit β full third-party review by a recognised security firm. Findings to be published in full.
- Bug bounty programme β public programme with defined scope, severity ratings, and reward tiers
- Foundation registration β formal non-profit legal entity in an appropriate jurisdiction
- Governance structure β foundation board, community advisory council, transparent decision-making
- Security audit publication β full report published regardless of findings
- SPHINCS+ hash-based signatures β post-quantum signature scheme as an alternative to Dilithium
- HQC backup KEM β algorithm diversity in key encapsulation (KEM agility)
These items are explicitly not on the roadmap and would require significant community discussion before being considered:
- Proprietary encryption extensions β the cryptographic model is fixed and open
- AI-generated will content β Morrigan stores what you put in it; it does not generate legal documents
- Centralised key escrow β violates the zero-knowledge guarantee
- Paid tiers with reduced features β Morrigan is free by design. Donations fund development.
- Social recovery via Morrigan staff β we cannot and will not participate in account recovery
This roadmap is a statement of intent, not a contract. Versions may shift based on:
- Security findings that require immediate response
- Community feedback that changes prioritisation
- Dependencies on external cryptographic standards (NIST PQC finalisation, WebAuthn spec changes)
Major shifts will be documented in CHANGELOG.md.