This is an informal roadmap for Haven. Not everything here is guaranteed or in a fixed order, it's more of a "things I'd like to get to" list. Some of these are based on community suggestions, some are things I've been thinking about. If something on here matters to you, comment and let me know so I can prioritize.
I'll try to keep this updated as stuff gets done or plans change.
OIDC / SSO authentication
Support for logging in via external identity providers (Authentik, Keycloak, etc.) so you don't have to manage passwords in Haven itself. This is a commonly requested feature for self-hosted setups. See #12
Features in progress or recently landed
TOTP / Two-Factor Authentication (done)
Users can enable TOTP 2FA from Settings > Two-Factor. Supports QR code setup and manual secret entry (copy/paste for desktop authenticator apps), 8 single-use backup codes, and a login prompt when 2FA is active. Backup codes can be regenerated from settings at any time. Enabling 2FA also invalidates all other active sessions so stale logins on other devices are cleaned up automatically. See #58
Desktop app (done)
A dedicated Electron-based desktop client with support for multiple Haven servers, persistent voice that doesn't drop when you switch between servers, system tray integration, and native OS notifications. Available at https://github.com/ancsemi/Haven-Desktop.
Android app (done)
A Capacitor WebView wrapper that gives you a dedicated app icon, push notifications, and a proper window without relying on the browser. Lives at https://github.com/ancsemi/Haven-Android. iOS would need a similar approach but Apple's review process makes distribution harder. See #15
One-click installer (done)
Bootstrap installers for all platforms: Install Haven.bat (Windows) and install.sh (Linux/macOS). Downloads Haven, installs Node.js if needed, and opens a local browser-based setup wizard that walks through server name, port, admin credentials, SSL, and push notification config.
FCM / mobile push notifications (done)
Firebase Cloud Messaging support for mobile push notifications. Three modes: direct (drop a Firebase service account JSON in your data folder), custom relay (set FCM_RELAY_URL + FCM_PUSH_KEY in .env), or the community relay (no config needed, works out of the box). A standalone push relay with a Firebase Cloud Function is included in haven-push-relay/ for anyone who wants to self-host the relay.
Link preview embeds (done)
Rich link previews inline in chat. Dedicated handlers for Reddit (JSON API), Twitter/X (oEmbed + fxtwitter fallback), and Pixiv (oEmbed). Generic oEmbed autodiscovery for any oEmbed-compatible site. Fixes for HTML entity decoding so image URLs with special characters render correctly. See #116
Mod Mode (done)
Drag-and-drop layout customization. Rearrange sidebar sections and snap panels to different screen edges. Admin-only toggle in settings.
Tunnel support (done)
Built-in localtunnel and cloudflared support so you can expose your Haven instance to the internet without port forwarding. Toggle and provider picker in admin settings.
PWA / installable app (done)
Haven now has a web app manifest and proper icons. You can install it as a standalone app from your browser, which is also required for iOS push notifications to work.
Custom server emojis (done)
Upload custom emoji images (png/gif/webp) via admin settings. Custom emojis appear in the emoji picker, reaction picker, and render inline in messages using :name: syntax. Non-admin users can be granted the manage_emojis role permission to upload and manage emojis without full admin access.
Custom stickers (done)
Upload sticker images grouped into named packs from Settings > Admin > Stickers. Stickers are larger than emojis and send as standalone images. The picker has an Emoji / Stickers toggle, and you can also send stickers by typing :stickername: in the composer. A small starter pack ships out of the box so the picker isn't empty on a fresh install. Non-admin users can be granted the manage_stickers role permission. See #5335
Burn-after-read DMs (done)
A 🔥 toggle in the DM composer arms the next message to self-destruct 30 seconds after it's first viewed. Both participants see a countdown once the recipient taps to reveal, and the message is wiped from the database server-side. See #5280
Soundboard (done)
Custom soundboard sounds with per-channel playback. Five classic AOL audio cues (Door Open, Door Close, You've Got Mail, Message, Files Done) are bundled and available on every server by default. Non-admin users can be granted the manage_soundboard role permission to upload or manage custom sounds.
DM deletion (done)
Users can delete their own DMs. Admins can delete any DM. Messages are permanently removed for both participants.
End-to-end encrypted DM file uploads (done)
Drag-and-drop, paste, and the 📎 attachment button all encrypt files (not just images) before upload when the channel is an E2E DM. The recipient decrypts and saves with one click.
Customizable quick-react bar (done)
Gear icon next to the reaction quickbar lets users swap in their 8 favorite emojis (including custom ones). Persisted in localStorage.
Message threads / reply chains (done)
Reply-to message support with reply context loaded inline in chat history. Threaded sub-conversations with their own composer.
Message search (done)
Full-text search across channels with filter syntax (from:user in:#channel has:image). Client-side cache search for E2E DMs.
Emoji reactions (done)
Full reaction system with add/remove, batch-loaded with message history.
User status messages (done)
Custom status text plus online/away/DND/invisible states, persisted in the database and broadcast to other users.
Webhook / bot integrations (done)
Create and manage webhooks per channel. Messages posted via webhook display with a BOT badge and custom username.
End-to-end encryption for DMs (done)
ECDH P-256 key exchange + AES-256-GCM message encryption. Password-based key wrapping for cross-device sync. Reply chains, file uploads, and image previews all stay encrypted in transit and at rest.
Audit log for admins (done)
Server actions are recorded and viewable by admins (or anyone granted the view_audit_log role permission) from Settings > Admin > Audit Log.
Voice improvements (mostly done)
Per-user volume sliders. Noise suppression via Web Audio noise gate with adjustable threshold. RNNoise processor for stronger denoising. Output device selection persists across sessions. Push-to-talk recording works in the desktop build (lone modifiers, mouse buttons 4/5 supported); browser-side PTT is still a follow-up.
Bot / slash command framework (done)
Slash commands processed server-side with extensible command handlers. Built-ins include /play, /gif, /poll, /me, /shrug, /nick, /clear, /tts:stop.
Channel organization (mostly done)
Custom sort order via drag-and-drop. Category labels for visual grouping. Per-channel permission toggles for streams and music. Slow mode with configurable cooldowns. Read-only announcement channels with override permission. Content filters and per-channel send-links permissions are still on the list.
Docker setup (mostly done)
Dockerfile with healthcheck, docker-compose.yml with volume mapping and env config. Compose-level healthcheck not yet added.
Planned / investigating
Per-app audio streaming
Currently, screen sharing captures full system audio or no audio. Capturing audio from a single app (just your game, not your mic or other calls) is hard since browsers don't support it natively. Options being considered: a native companion app using Windows WASAPI to capture one app's output and bridge it to the browser, or documenting a VB-Cable / virtual audio cable setup. For now the workaround is a virtual audio cable.
Push notification reliability
Push works on Chrome, Edge, Firefox desktop, and Android Chrome. Known pain points:
- Brave blocks push services by default. We detect this and show guidance, but it requires a manual toggle.
- iOS requires the PWA to be installed to the home screen (Safari 16.4+). We detect this and guide users through it.
- Self-signed SSL certs don't work for push at all. A real cert or a tunnel is required.
- Some mobile browsers have inconsistent support.
iOS app
Android is covered by the Capacitor wrapper. iOS would need a similar approach but Apple's review process makes distribution harder. Looking at TestFlight / sideload options before committing.
Disable signups (#29)
Admin toggle to close registration after the desired users have signed up.
Browser-side push-to-talk
Desktop has it via the native shortcuts API. Browser implementation needs a different approach since web pages can't capture global keys; current thinking is a focused-tab fallback plus a guidance prompt when the user isn't in the tab.
Suggested next steps
Things I'm considering pulling off the "ideas" list and into active work soon:
- Browser PTT fallback so non-Desktop users get push-to-talk in the tab.
- Per-channel content / link permissions to round out the channel organization category.
- Theme sharing/import (load
.css themes via a settings panel, not by hand-editing the themes folder).
- Compose-level healthcheck so the docker-compose example sets the example for the bundled
Dockerfile's healthcheck.
- Server-list sync polish so the multi-server picker in Desktop syncs status without manual refreshes.
- Sticker pack import/export as packs grow beyond the starter set.
- Cross-device E2E key sync UX so the password-prompt step is less surprising when adding a new device.
If any of these matter more to you than what I'd otherwise do next, drop a comment on this issue.
Ideas (no timeline, just thinking out loud)
If you want to help with any of this stuff, PRs are welcome. If you have opinions on priorities, drop a comment. This isn't a commitment list, just a general direction.
This is an informal roadmap for Haven. Not everything here is guaranteed or in a fixed order, it's more of a "things I'd like to get to" list. Some of these are based on community suggestions, some are things I've been thinking about. If something on here matters to you, comment and let me know so I can prioritize.
I'll try to keep this updated as stuff gets done or plans change.
OIDC / SSO authentication
Support for logging in via external identity providers (Authentik, Keycloak, etc.) so you don't have to manage passwords in Haven itself. This is a commonly requested feature for self-hosted setups. See #12
Features in progress or recently landed
TOTP / Two-Factor Authentication (done)
Users can enable TOTP 2FA from Settings > Two-Factor. Supports QR code setup and manual secret entry (copy/paste for desktop authenticator apps), 8 single-use backup codes, and a login prompt when 2FA is active. Backup codes can be regenerated from settings at any time. Enabling 2FA also invalidates all other active sessions so stale logins on other devices are cleaned up automatically. See #58
Desktop app (done)
A dedicated Electron-based desktop client with support for multiple Haven servers, persistent voice that doesn't drop when you switch between servers, system tray integration, and native OS notifications. Available at https://github.com/ancsemi/Haven-Desktop.
Android app (done)
A Capacitor WebView wrapper that gives you a dedicated app icon, push notifications, and a proper window without relying on the browser. Lives at https://github.com/ancsemi/Haven-Android. iOS would need a similar approach but Apple's review process makes distribution harder. See #15
One-click installer (done)
Bootstrap installers for all platforms:
Install Haven.bat(Windows) andinstall.sh(Linux/macOS). Downloads Haven, installs Node.js if needed, and opens a local browser-based setup wizard that walks through server name, port, admin credentials, SSL, and push notification config.FCM / mobile push notifications (done)
Firebase Cloud Messaging support for mobile push notifications. Three modes: direct (drop a Firebase service account JSON in your data folder), custom relay (set
FCM_RELAY_URL+FCM_PUSH_KEYin.env), or the community relay (no config needed, works out of the box). A standalone push relay with a Firebase Cloud Function is included inhaven-push-relay/for anyone who wants to self-host the relay.Link preview embeds (done)
Rich link previews inline in chat. Dedicated handlers for Reddit (JSON API), Twitter/X (oEmbed + fxtwitter fallback), and Pixiv (oEmbed). Generic oEmbed autodiscovery for any oEmbed-compatible site. Fixes for HTML entity decoding so image URLs with special characters render correctly. See #116
Mod Mode (done)
Drag-and-drop layout customization. Rearrange sidebar sections and snap panels to different screen edges. Admin-only toggle in settings.
Tunnel support (done)
Built-in localtunnel and cloudflared support so you can expose your Haven instance to the internet without port forwarding. Toggle and provider picker in admin settings.
PWA / installable app (done)
Haven now has a web app manifest and proper icons. You can install it as a standalone app from your browser, which is also required for iOS push notifications to work.
Custom server emojis (done)
Upload custom emoji images (png/gif/webp) via admin settings. Custom emojis appear in the emoji picker, reaction picker, and render inline in messages using
:name:syntax. Non-admin users can be granted themanage_emojisrole permission to upload and manage emojis without full admin access.Custom stickers (done)
Upload sticker images grouped into named packs from Settings > Admin > Stickers. Stickers are larger than emojis and send as standalone images. The picker has an Emoji / Stickers toggle, and you can also send stickers by typing
:stickername:in the composer. A small starter pack ships out of the box so the picker isn't empty on a fresh install. Non-admin users can be granted themanage_stickersrole permission. See #5335Burn-after-read DMs (done)
A 🔥 toggle in the DM composer arms the next message to self-destruct 30 seconds after it's first viewed. Both participants see a countdown once the recipient taps to reveal, and the message is wiped from the database server-side. See #5280
Soundboard (done)
Custom soundboard sounds with per-channel playback. Five classic AOL audio cues (Door Open, Door Close, You've Got Mail, Message, Files Done) are bundled and available on every server by default. Non-admin users can be granted the
manage_soundboardrole permission to upload or manage custom sounds.DM deletion (done)
Users can delete their own DMs. Admins can delete any DM. Messages are permanently removed for both participants.
End-to-end encrypted DM file uploads (done)
Drag-and-drop, paste, and the 📎 attachment button all encrypt files (not just images) before upload when the channel is an E2E DM. The recipient decrypts and saves with one click.
Customizable quick-react bar (done)
Gear icon next to the reaction quickbar lets users swap in their 8 favorite emojis (including custom ones). Persisted in localStorage.
Message threads / reply chains (done)
Reply-to message support with reply context loaded inline in chat history. Threaded sub-conversations with their own composer.
Message search (done)
Full-text search across channels with filter syntax (from:user in:#channel has:image). Client-side cache search for E2E DMs.
Emoji reactions (done)
Full reaction system with add/remove, batch-loaded with message history.
User status messages (done)
Custom status text plus online/away/DND/invisible states, persisted in the database and broadcast to other users.
Webhook / bot integrations (done)
Create and manage webhooks per channel. Messages posted via webhook display with a BOT badge and custom username.
End-to-end encryption for DMs (done)
ECDH P-256 key exchange + AES-256-GCM message encryption. Password-based key wrapping for cross-device sync. Reply chains, file uploads, and image previews all stay encrypted in transit and at rest.
Audit log for admins (done)
Server actions are recorded and viewable by admins (or anyone granted the
view_audit_logrole permission) from Settings > Admin > Audit Log.Voice improvements (mostly done)
Per-user volume sliders. Noise suppression via Web Audio noise gate with adjustable threshold. RNNoise processor for stronger denoising. Output device selection persists across sessions. Push-to-talk recording works in the desktop build (lone modifiers, mouse buttons 4/5 supported); browser-side PTT is still a follow-up.
Bot / slash command framework (done)
Slash commands processed server-side with extensible command handlers. Built-ins include
/play,/gif,/poll,/me,/shrug,/nick,/clear,/tts:stop.Channel organization (mostly done)
Custom sort order via drag-and-drop. Category labels for visual grouping. Per-channel permission toggles for streams and music. Slow mode with configurable cooldowns. Read-only announcement channels with override permission. Content filters and per-channel send-links permissions are still on the list.
Docker setup (mostly done)
Dockerfile with healthcheck, docker-compose.yml with volume mapping and env config. Compose-level healthcheck not yet added.
Planned / investigating
Per-app audio streaming
Currently, screen sharing captures full system audio or no audio. Capturing audio from a single app (just your game, not your mic or other calls) is hard since browsers don't support it natively. Options being considered: a native companion app using Windows WASAPI to capture one app's output and bridge it to the browser, or documenting a VB-Cable / virtual audio cable setup. For now the workaround is a virtual audio cable.
Push notification reliability
Push works on Chrome, Edge, Firefox desktop, and Android Chrome. Known pain points:
iOS app
Android is covered by the Capacitor wrapper. iOS would need a similar approach but Apple's review process makes distribution harder. Looking at TestFlight / sideload options before committing.
Disable signups (#29)
Admin toggle to close registration after the desired users have signed up.
Browser-side push-to-talk
Desktop has it via the native shortcuts API. Browser implementation needs a different approach since web pages can't capture global keys; current thinking is a focused-tab fallback plus a guidance prompt when the user isn't in the tab.
Suggested next steps
Things I'm considering pulling off the "ideas" list and into active work soon:
.cssthemes via a settings panel, not by hand-editing the themes folder).Dockerfile's healthcheck.If any of these matter more to you than what I'd otherwise do next, drop a comment on this issue.
Ideas (no timeline, just thinking out loud)
If you want to help with any of this stuff, PRs are welcome. If you have opinions on priorities, drop a comment. This isn't a commitment list, just a general direction.