Skip to content
TCTDX Identity

Open source readiness

The repository should be honest before it is public.

Public stance

  • The Next.js provider is a prototype.
  • The Rust provider is the production direction.
  • Known security flaws are documented.
  • Discovery metadata must advertise only implemented behavior.
  • The docs site is separate from the provider runtime.

What readers should see

Readers should understand the project in three layers:

  1. Prototype: useful product exploration, not a production security boundary.
  2. Rewrite: manual Rust implementation with audit findings turned into tests.
  3. Cloud: planned IllusionVibe offering for teams that want managed identity without IAM overhead.

What contributors should optimize for

Contributors should make security properties easier to inspect. That means small state machines, clear tests, safe defaults, and public docs that explain what is not implemented yet.