diff --git a/TODO.md b/TODO.md index bd73621..feef56d 100644 --- a/TODO.md +++ b/TODO.md @@ -130,6 +130,98 @@ These are important, but they should likely move behind a dedicated settings gea - Accessibility preferences: future display-density, contrast, reduced-motion, or keyboard-focus tuning should live under settings. +## Upstream Gap Review + +This section tracks explicit feature gaps against the source-level behavior of: + +- KeePass 2.57.1 +- KeePassHttp +- Keepass2Android + +These are not speculative enhancements. They are parity gaps relative to the +stated product requirement to cover the practical feature surface of those +upstream tools where it fits KeePassGO's security model. + +### Stage 1 + +- Android autofill parity/completeness: + close the remaining gaps in Android autofill behavior, including broader + page/app detection coverage, stronger approval and visibility UX, and more + reliable fill behavior across real-world apps and browsers. +- Android fallback fill workflows: + provide a non-autofill fallback comparable in usefulness to KP2A's keyboard + and share-driven workflows for apps and browsers that do not cooperate with + platform autofill. +- Browser extension save/update: + add the browser-side save/update-credential workflow after successful form + submission, not only lookup and fill. +- Search and matching controls: + browser/API result behavior does not yet expose KeePassHttp-style controls + such as best-match-only, scheme matching, and sort preferences as a finished + product surface. +- Unlock-request workflow: + KeePassHttp has an explicit locked-database browser flow; KeePassGO still + needs a polished browser-visible locked/unlock request experience. +- Android share/intents: + browser/app share-driven lookup and open flows comparable to KP2A are not + implemented as a full user workflow. + +### Stage 2 + +- OTP/TOTP: + implement real OTP/TOTP support, including storage conventions compatible + with common KeePass ecosystems and usable display/copy/fill workflows. +- TOTP product surface: + KP2A exposes TOTP directly in entry and list UX; KeePassGO does not. +- Browser-returned field breadth: + KeePassHttp can return string fields for browser consumers; KeePassGO does + not yet have a finished policy and browser UX for rich field return. +- Placeholder and field-reference parity: + KeePass-style placeholder expansion, field references, and related command + and URL override behavior are not implemented as a product surface. +- Offline/work-offline flow: + KP2A has explicit offline/cache-oriented remote-file workflows that are more + mature than KeePassGO's current user-facing remote behavior. + +### Stage 3 + +- Desktop automation: + implement desktop login automation comparable in practical capability to + KeePass auto-type, or replace it with a demonstrably superior workflow that + covers global invocation, selected-entry invocation, window targeting, and + field sequencing. +- Trigger system: + KeePass-style event/condition/action triggers are not implemented. +- Import/export breadth: + KDBX load/save exists, but KeePass-style breadth for CSV/XML/HTML and other + exchange formats is still missing. +- Multi-database lookup: + KeePassHttp can search across all opened databases when configured; KeePassGO + does not yet have an equivalent multi-vault lookup model. +- Remote backend breadth: + KP2A supports far more remote/file backends than KeePassGO currently does; + KeePassGO is still effectively WebDAV-first. +- Plugin/extensibility model: + KeePassGO has integrations, but not a first-class plugin model comparable to + KeePass. +- Plugin ecosystem replacements: + QR transfer, keyboard transport, and related mobile integration equivalents + do not exist in KeePassGO. +- Emergency and recovery utilities: + emergency-sheet/key-file-backup style flows are not implemented. + +### Immediate Product Questions + +- Desktop automation: + decide whether KeePassGO will implement true auto-type, or a different + security model that still satisfies the practical workflows KeePass users + expect. +- OTP model: + decide the canonical KeePassGO representation for TOTP/HOTP so desktop, + Android, gRPC, and browser workflows can all target the same semantics. +- Remote breadth: + decide which non-WebDAV backends are in product scope after WebDAV. + ### Exit Criteria - The main workflow screens prioritize opening, browsing, copying, editing, and synchronizing credentials. @@ -269,7 +361,7 @@ Exit criteria: - Tests cover clear/reset transitions. - `go test ./...` passes. -### Segment 10: Template CRUD UI +### Segment 10 (stage 3): Template CRUD UI Scope: - Create template. diff --git a/browser/extension/icons/icon-128.png b/browser/extension/icons/icon-128.png new file mode 100644 index 0000000..8602f77 Binary files /dev/null and b/browser/extension/icons/icon-128.png differ diff --git a/browser/extension/icons/icon-16.png b/browser/extension/icons/icon-16.png new file mode 100644 index 0000000..e976c5e Binary files /dev/null and b/browser/extension/icons/icon-16.png differ diff --git a/browser/extension/icons/icon-32.png b/browser/extension/icons/icon-32.png new file mode 100644 index 0000000..c1faec1 Binary files /dev/null and b/browser/extension/icons/icon-32.png differ diff --git a/browser/extension/icons/icon-48.png b/browser/extension/icons/icon-48.png new file mode 100644 index 0000000..2144944 Binary files /dev/null and b/browser/extension/icons/icon-48.png differ diff --git a/browser/extension/icons/icon-96.png b/browser/extension/icons/icon-96.png new file mode 100644 index 0000000..00c1a42 Binary files /dev/null and b/browser/extension/icons/icon-96.png differ diff --git a/browser/extension/manifest.firefox.json b/browser/extension/manifest.firefox.json index e652fad..1c15b6e 100644 --- a/browser/extension/manifest.firefox.json +++ b/browser/extension/manifest.firefox.json @@ -3,6 +3,13 @@ "name": "KeePassGO Browser", "version": "0.1.0", "description": "Fill credentials from KeePassGO on sign-in pages.", + "icons": { + "16": "icons/icon-16.png", + "32": "icons/icon-32.png", + "48": "icons/icon-48.png", + "96": "icons/icon-96.png", + "128": "icons/icon-128.png" + }, "permissions": [ "activeTab", "nativeMessaging", @@ -16,6 +23,10 @@ }, "browser_action": { "default_title": "KeePassGO Browser", + "default_icon": { + "16": "icons/icon-16.png", + "32": "icons/icon-32.png" + }, "default_popup": "popup.html" }, "options_ui": { @@ -31,7 +42,14 @@ ], "browser_specific_settings": { "gecko": { - "id": "browser@keepassgo.com" + "id": "browser@keepassgo.com", + "data_collection_permissions": { + "required": ["authenticationInfo", "websiteActivity"] + }, + "strict_min_version": "140.0" + }, + "gecko_android": { + "strict_min_version": "142.0" } } } diff --git a/packaging/archlinux/keepassgo-git/PKGBUILD.tmpl b/packaging/archlinux/keepassgo-git/PKGBUILD.tmpl index ed9e2e2..8301fd9 100644 --- a/packaging/archlinux/keepassgo-git/PKGBUILD.tmpl +++ b/packaging/archlinux/keepassgo-git/PKGBUILD.tmpl @@ -56,6 +56,16 @@ package() { "${pkgdir}/usr/share/keepassgo/browser-extension/background.js" install -Dm644 browser/extension/content.js \ "${pkgdir}/usr/share/keepassgo/browser-extension/content.js" + install -Dm644 browser/extension/icons/icon-16.png \ + "${pkgdir}/usr/share/keepassgo/browser-extension/icons/icon-16.png" + install -Dm644 browser/extension/icons/icon-32.png \ + "${pkgdir}/usr/share/keepassgo/browser-extension/icons/icon-32.png" + install -Dm644 browser/extension/icons/icon-48.png \ + "${pkgdir}/usr/share/keepassgo/browser-extension/icons/icon-48.png" + install -Dm644 browser/extension/icons/icon-96.png \ + "${pkgdir}/usr/share/keepassgo/browser-extension/icons/icon-96.png" + install -Dm644 browser/extension/icons/icon-128.png \ + "${pkgdir}/usr/share/keepassgo/browser-extension/icons/icon-128.png" install -Dm644 browser/extension/manifest.chromium.json \ "${pkgdir}/usr/share/keepassgo/browser-extension/manifest.chromium.json" install -Dm644 browser/extension/manifest.firefox.json \