feat(roadmap): add initial roadmap outlining future features and sensitive content handling

Author: AnttiJalomaki

README.md

@@ -4,18 +4,21 @@ AI commit, branch, PR, and changelog generation through terminal AI CLIs.
 
 OpenCodeCommit works as:
 - a Rust / npm CLI (`occ`)
-- a terminal TUI
+- a terminal TUI (`occ tui`)
 - a VS Code / VSCodium extension
 
 Before any prompt leaves your machine, OpenCodeCommit scans the diff locally for secrets, credential files, source maps, private keys, and other sensitive artifacts.
 
-[Open VSX](https://open-vsx.org/extension/Nevaberry/opencodecommit) · [VS Code Marketplace](https://marketplace.visualstudio.com/items?itemName=Nevaberry.opencodecommit) · [npm](https://www.npmjs.com/package/opencodecommit) · [scoped npm alias](https://www.npmjs.com/package/@nevaberry/opencodecommit) · [crates.io](https://crates.io/crates/opencodecommit) · [GitHub](https://github.com/Nevaberry/opencodecommit)
+- <a href="https://open-vsx.org/extension/Nevaberry/opencodecommit"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/vscodium/vscodium-original.svg" width="14"> Open VSX</a>
+- <a href="https://marketplace.visualstudio.com/items?itemName=Nevaberry.opencodecommit"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/vscode/vscode-original.svg" width="14"> VS Code Marketplace</a>
+- <a href="https://www.npmjs.com/package/opencodecommit"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/npm/npm-original-wordmark.svg" width="14"> npm</a>
+- <a href="https://crates.io/crates/opencodecommit"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/rust/rust-original.svg" width="14"> crates.io</a>
+- <a href="https://github.com/Nevaberry/opencodecommit"><img src="https://cdn.jsdelivr.net/gh/devicons/devicon@latest/icons/github/github-original.svg" width="14"> GitHub</a>
 
 ## Install
 
 Extension:
-- Search for `OpenCodeCommit` in VS Code or VSCodium
-- Or run `ext install Nevaberry.opencodecommit`
+- Search for `OpenCodeCommit` in VS Code or VSCodium marketplace
 
 CLI:
 - `cargo install opencodecommit`

ROADMAP.md

@@ -0,0 +1,28 @@
+# Roadmap
+
+## Future Features
+
+### Changelog Conflict Resolution
+
+When `CHANGELOG.md` already contains the requested version, do not stop at a duplicate-version error.
+Use the PR timeout and the stronger, more expensive model, send both the existing changelog entry and the newly generated entry, and ask the model to return one merged Keep a Changelog block for that version.
+If that merge still fails, fall back to manual editing.
+
+### AI-Assisted Sensitive Content Gating
+
+In `config.toml`, a feature (on by default) where lines flagged as sensitive by the regex are sent to a strong/expensive model for secondary analysis. The model responds with a simple **pass** or **block** verdict.
+
+- **Pass example:** `OPENAI_API_KEY="placeholder"` — the regex triggers, but the AI recognizes it as a placeholder and lets it through automatically.
+- **Block example:** `OPENAI_API_KEY="sk-real-key-here"` — the AI detects a real credential and blocks the commit, requiring human confirmation (same flow as the current warning prompt).
+
+This sits between the regex detection and the user prompt: regex fires → AI verdict → if pass, no prompt; if block, show the existing confirmation dialog.
+
+### Sensitive Content Scanning in Metadata Messages
+
+Run the sensitive-content regex against commit messages, branch names, PR titles/bodies, and changelog entries — not just file diffs. Catches cases where secrets or sensitive data leak into metadata rather than code.
+
+Optionally, flagged metadata can also be sent to the strong AI model for pass/block analysis, including an explanation of why the regex triggered.
+
+### Faster Default Models for Basic Commits
+
+Switch the default LLM models used in the standard commit flow to faster, cheaper alternatives. The current models are more capable than necessary for straightforward commit-message generation and changelog updates. By defaulting to lighter models, the basic commit path becomes noticeably quicker while keeping the stronger, more expensive models available for tasks that need them (e.g., conflict resolution, sensitive-content analysis).