From 73ff0fb77daec0685d1bc7dfd627d794f4041cdb Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Wed, 1 Apr 2026 14:22:53 -0700 Subject: [PATCH] Add UI review follow-ups to TODO --- TODO.md | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/TODO.md b/TODO.md index 1a6ddc0..a1c7457 100644 --- a/TODO.md +++ b/TODO.md @@ -6,6 +6,102 @@ These segments are intended to be independently executable wherever possible. Each segment has its own local exit criteria. The product is not complete until the global exit criteria at the end of this file are also met. +## UI Review Follow-Ups + +These items came from a hands-on emulator and desktop walkthrough. +They should be treated as usability work, not just polish. + +### Primary Workflow Changes + +These should remain in the main user flow rather than being hidden behind a settings gear. + +- Local open flow: + make the start screen primarily about opening a vault, not configuring one. +- Local open flow: + keep recent vault selection visually obvious and clearly tappable. +- Local open flow: + once a recent vault is preselected, collapse the full path into a compact summary with a `Change...` affordance. +- Local open flow: + improve Android field focus and IME behavior so the master-password field reliably takes focus and summons the keyboard. +- Local open flow: + show an explicit progress state and allow cancel or retry while opening a vault, especially on Android. +- Remote open flow: + break the remote form into clearer sections such as `Location` and `Authentication`. +- Remote open flow: + make recent remote connections easier to scan with a friendlier label than raw URL and path. +- Locked screen: + show clear vault identity and target summary so the user knows what is being unlocked. +- Entries screen: + tighten the top strip on phone so tabs, breadcrumbs, and group controls do not fight for the same row. +- Entries screen: + make breadcrumbs compress more aggressively on phone. +- Entries screen: + improve entry-row hierarchy and selected-state contrast. +- Entries screen: + provide section-specific empty states for search, recycle bin, API tokens, and empty groups. +- Group navigation: + make the distinction between root, current group, and child groups more obvious. +- Group navigation: + separate navigation controls from group-management controls more clearly. +- Entry detail: + tighten field spacing and reduce unnecessary whitespace. +- Entry detail: + group password reveal and copy actions more clearly. +- Entry detail: + make attachments more visible and actionable. +- Entry edit: + break the editor into clearer subsections such as `Basics`, `Notes`, `Custom Fields`, `History`, and `Attachments`. +- Entry edit: + make add/remove affordances for custom fields more visually obvious. +- Entry edit: + make generated-password draft state more explicit before save. +- Recycle bin: + make it visually distinct from normal entry browsing. +- API tokens: + give token list, token detail, and policy editing a clearer dedicated management surface. +- API tokens: + make policy rows easier to scan by separating effect, operation, and resource visually. +- API audit: + improve empty-state guidance and provide quick filtering by token, decision, and operation. +- Synchronize: + keep the split-button pattern, but reduce the visual weight of the sync controls and make advanced sync affordances clearer. +- Synchronize: + avoid layout-shifting success banners and keep noncritical notifications ephemeral. +- Phone layout: + continue reducing header and control density so content appears sooner. +- Mobile reliability: + fix Android local-open ANR behavior before deeper mobile polish. +- Autofill UX: + surface whether a fill candidate was found, ambiguous, blocked, or awaiting approval. + +### Settings Gear Candidates + +These are important, but they should likely move behind a dedicated settings gear or advanced/settings surface instead of occupying first-run or day-to-day credential screens. + +- Vault security: + move `Cipher` and `KDF` off the main local-open screen and into `Advanced` or `Vault Settings`. +- Vault security: + frame security settings as vault configuration rather than freeform text fields in the primary workflow. +- Remote preferences: + move remembered-auth behavior details and retention policy explanations into settings/help rather than the main open flow. +- UI preferences: + save and expose view preferences such as group-tools collapse state and any future dense/comfortable layout toggle under settings. +- Autofill behavior: + app and browser allowlists, package rules, and first-fill approval preferences should live under a settings/privacy area. +- Sync defaults: + source/direction defaults, conflict preferences, and any future background sync behavior should live under settings. +- Notification preferences: + banner timeout, ephemeral notices, and other noncritical UI feedback tuning should live under settings. +- Accessibility preferences: + future display-density, contrast, reduced-motion, or keyboard-focus tuning should live under settings. + +### Exit Criteria + +- The main workflow screens prioritize opening, browsing, copying, editing, and synchronizing credentials. +- Advanced vault/security and behavior preferences are no longer cluttering the primary open and browsing flows. +- Phone and desktop layouts both present a clear information hierarchy. +- The Android open flow is reliable enough to review and use without ANR during ordinary vault-open operations. + ## API Token And gRPC Authorization Parallel Segments These segments define the work for programmatic access control over gRPC.