Document remaining AGENTS gaps

This commit is contained in:
Joe Julian
2026-03-29 13:53:27 -07:00
parent 97f6a34472
commit 01e06deeef
+48
View File
@@ -341,3 +341,51 @@ Do not treat the product as complete until all of the following are true:
- Build and run instructions exist for desktop, and packaging guidance exists for Android.
- `go test ./...` passes.
- `go tool golangci-lint run ./...` passes.
## Remaining Gaps Against AGENTS.md
This section tracks requirements from `AGENTS.md` that are not fully satisfied by the current landed code, even if the segment work and tests are green.
### 1. KDBX Security Settings Are Only Preserved, Not Fully Product-Configurable
Evidence:
- `docs/kdbx-compatibility.md` states that KeePassGO preserves the original opened vault's cipher and KDF selection during save.
- The same document also states:
- KeePassGO does not yet provide a UI for editing cipher or KDF parameters directly.
- New vault creation still uses library default KDBX header settings.
Why this is still a gap:
- `AGENTS.md` requires support for the major KeePass-style encryption and KDF configuration choices represented in KDBX databases.
- Preserving existing settings is good, but it is weaker than allowing the product user to choose those settings for new vaults or change them explicitly for existing vaults.
Remaining work:
- Expose major KDBX cipher/KDF choices in the product UI for vault creation.
- Expose supported security-setting changes for an existing unlocked vault.
- Add behavior tests covering explicit user selection of supported cipher/KDF options.
- Update `docs/kdbx-compatibility.md` once those product-facing controls exist.
Exit criteria for this gap:
- A user can create a vault with a selected supported cipher/KDF combination through the product.
- A user can change supported cipher/KDF settings for an existing vault through the product, where the underlying library supports it.
- Tests cover those choices end to end.
### 2. Accessibility Requirement Needs Explicit Screen-Reader Review
Evidence:
- Keyboard-first behavior and focus handling exist in the landed code.
- Accessibility labels exist in `ui_accessibility.go`.
- The repository does not currently contain a documented review of what screen-reader-conscious behavior Gio can and cannot provide on the supported desktop targets.
Why this is still a gap:
- `AGENTS.md` explicitly calls for screen-reader-conscious design, not only keyboard shortcuts and focus states.
- The current code suggests intent, but the repo does not yet document a concrete accessibility support boundary or validation result.
Remaining work:
- Audit the current Gio accessibility surface on Linux and Windows for the controls used by KeePassGO.
- Document what is currently exposed, what is intentionally labeled, and what remains limited by the toolkit.
- Add targeted tests for any label/focus mapping that can be verified in-repo.
Exit criteria for this gap:
- The repo includes a documented accessibility review for current desktop targets.
- Screen-reader-conscious behavior is explicitly described rather than implied.
- Any in-repo verifiable accessibility mappings have tests.