Break TODO into parallel work segments
This commit is contained in:
@@ -1,194 +1,342 @@
|
||||
# TODO
|
||||
|
||||
## Single Completion Plan
|
||||
## Parallel Work Segments
|
||||
|
||||
KeePassGO is not complete until every required capability in [`AGENTS.md`](./AGENTS.md) is implemented, verified, and integrated into the product.
|
||||
This plan is intentionally a single plan with a single exit gate. It is not divided into phases or milestone buckets.
|
||||
These segments are intended to be independently executable wherever possible.
|
||||
Each segment has its own local exit criteria.
|
||||
The product is not complete until the global exit criteria at the end of this file are also met.
|
||||
|
||||
## Remaining Work
|
||||
### Segment 1: Application State Ownership
|
||||
|
||||
- Finish real application-state ownership.
|
||||
- Keep application state as the single source of truth for:
|
||||
- current session
|
||||
- vault open or locked status
|
||||
- current group path
|
||||
- selected entry or template
|
||||
- search query
|
||||
- dirty state
|
||||
- error and loading state
|
||||
- Remove remaining direct UI-owned mutation of product state.
|
||||
- Ensure all list, detail, breadcrumb, group, and selection behavior derives from the controller and session layers.
|
||||
Scope:
|
||||
- Keep the controller as the single source of truth for:
|
||||
session state,
|
||||
selected entry,
|
||||
selected template,
|
||||
current path,
|
||||
current section,
|
||||
search query,
|
||||
dirty state,
|
||||
status messaging,
|
||||
and error state.
|
||||
- Remove remaining direct UI-owned mutation of product state.
|
||||
- Keep list, detail, breadcrumb, section, and selection behavior controller-driven.
|
||||
|
||||
- Finish local and remote database lifecycle UX.
|
||||
- Add create new vault flow.
|
||||
- Add open local vault flow.
|
||||
- Add open remote WebDAV vault flow.
|
||||
- Add save current vault.
|
||||
- Add save-as local vault flow.
|
||||
- Add lock and unlock flows.
|
||||
- Add visible handling for:
|
||||
- invalid master key
|
||||
- unreadable file
|
||||
- decode failure
|
||||
- WebDAV conflict
|
||||
- missing path or target
|
||||
- Add dirty-state protection around destructive navigation.
|
||||
Exit criteria:
|
||||
- No core workflow depends on UI-local state as the authoritative source of vault data.
|
||||
- UI list and detail rendering derive from controller or session state only.
|
||||
- Controller behavior tests cover section switching, selection, search, and dirty-state transitions.
|
||||
- `go test ./...` passes.
|
||||
|
||||
- Finish master-key and security configuration behavior.
|
||||
- Add password-only setup.
|
||||
- Add key-file-only setup.
|
||||
- Add composite password plus key-file setup.
|
||||
- Add UI and controller behavior for selecting or changing master-key mode.
|
||||
- Preserve supported KDBX security and KDF settings when loading and saving.
|
||||
- Document any unsupported settings explicitly.
|
||||
### Segment 2: Local Vault Lifecycle UI
|
||||
|
||||
- Finish entry CRUD as a real product workflow.
|
||||
- Add create entry.
|
||||
- Add edit entry.
|
||||
- Add duplicate entry.
|
||||
- Add delete entry to recycle bin.
|
||||
- Add restore entry from recycle bin.
|
||||
- Add entry history browsing.
|
||||
- Add restore historical version behavior.
|
||||
- Add editing for:
|
||||
- title
|
||||
- username
|
||||
- password
|
||||
- URL
|
||||
- notes
|
||||
- tags
|
||||
- custom fields
|
||||
- Add reveal and hide password behavior in the actual product flow, not only the prototype view.
|
||||
Scope:
|
||||
- Create new vault flow.
|
||||
- Open local vault flow.
|
||||
- Save current vault flow.
|
||||
- Save-as local vault flow.
|
||||
- Lock flow.
|
||||
- Unlock flow.
|
||||
- Visible error handling for invalid master key, unreadable file, decode failure, and missing path.
|
||||
|
||||
- Finish template workflows.
|
||||
- Add create template.
|
||||
- Add edit template.
|
||||
- Add delete template.
|
||||
- Add template browsing UI.
|
||||
- Add instantiate-template workflow with override support.
|
||||
- Ensure template behavior is available through both UI and gRPC surfaces.
|
||||
Exit criteria:
|
||||
- A user can create, open, save, save-as, lock, and unlock a local vault through the UI.
|
||||
- UI tests or controller-integrated tests cover each lifecycle path.
|
||||
- Lifecycle actions update visible status and error messages consistently.
|
||||
- `go test ./...` passes.
|
||||
|
||||
- Finish group and path management.
|
||||
- Add create group.
|
||||
- Add rename group.
|
||||
- Add delete group.
|
||||
- Add move entry between groups.
|
||||
- Add move template between groups if supported.
|
||||
- Make breadcrumb and group navigation controller-driven throughout the product.
|
||||
- Make templates and recycle-bin locations explicit and navigable.
|
||||
### Segment 3: Remote WebDAV Lifecycle UI
|
||||
|
||||
- Finish search behavior.
|
||||
- Support current-group listing.
|
||||
- Support global search.
|
||||
- Keep visible path context in results.
|
||||
- Define and implement search behavior for:
|
||||
- templates
|
||||
- recycle bin
|
||||
- Add clear and reset behavior.
|
||||
- Ensure search works consistently in desktop and phone layouts.
|
||||
Scope:
|
||||
- Open remote WebDAV vault flow.
|
||||
- Save remote WebDAV vault flow.
|
||||
- Visible handling for remote error states.
|
||||
- Visible handling for conflict responses and retry-safe behavior.
|
||||
|
||||
- Finish data transfer behavior.
|
||||
- Keep copy username, copy password, and copy URL available through the UI.
|
||||
- Keep those behaviors available through gRPC.
|
||||
- Add product behavior for clipboard feedback.
|
||||
- Decide and implement timed clipboard clearing if used.
|
||||
- Ensure errors and logs do not leak secret contents.
|
||||
Exit criteria:
|
||||
- A user can open and save a remote WebDAV-backed vault through the UI.
|
||||
- Conflict and transport failures surface a visible error state.
|
||||
- WebDAV lifecycle tests cover open, save, and conflict behavior.
|
||||
- `go test ./...` passes.
|
||||
|
||||
- Finish attachments UX.
|
||||
- Add attach file to entry.
|
||||
- Add list attachments.
|
||||
- Add export or download attachment.
|
||||
- Add replace attachment.
|
||||
- Add remove attachment.
|
||||
- Add size and error handling.
|
||||
- Add file selection abstraction appropriate for desktop and future Android support.
|
||||
### Segment 4: Master Key Setup And Change Flows
|
||||
|
||||
- Finish password generation UX.
|
||||
- Expose profile-based password generation in the UI.
|
||||
- Allow generated passwords to flow directly into create and edit entry workflows.
|
||||
- Keep generation behavior exposed through gRPC.
|
||||
Scope:
|
||||
- Password-only setup and unlock.
|
||||
- Key-file-only setup and unlock.
|
||||
- Composite password-plus-key-file setup and unlock.
|
||||
- UI for selecting master-key mode when creating a vault.
|
||||
- UI for changing master-key mode on an existing vault where supported.
|
||||
|
||||
- Finish gRPC as the first-class trusted integration surface.
|
||||
- Add open, save, lock, and unlock RPCs.
|
||||
- Add current session status RPC.
|
||||
- Add group listing and group mutation RPCs.
|
||||
- Add history listing and history restore RPCs.
|
||||
- Add attachment listing, upload, and download RPCs.
|
||||
- Add template CRUD RPCs where missing.
|
||||
- Keep authentication and error contracts consistent across all methods.
|
||||
- Keep the API independent of UI state.
|
||||
Exit criteria:
|
||||
- All three master-key modes work through the product UI, not only storage helpers.
|
||||
- Tests cover each mode for create, open, and unlock behavior.
|
||||
- Validation and visible error states exist for missing or invalid key material.
|
||||
- `go test ./...` passes.
|
||||
|
||||
- Resolve the desktop automation requirement.
|
||||
- Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type,
|
||||
- or document, in-repo, that the secure gRPC interface supersedes it and why.
|
||||
- The decision must be explicit and committed.
|
||||
### Segment 5: KDBX Security Settings Preservation
|
||||
|
||||
- Finish accessibility and keyboard-first behavior.
|
||||
- Add keyboard navigation across:
|
||||
- list
|
||||
- detail
|
||||
- search
|
||||
- breadcrumbs
|
||||
- dialogs
|
||||
- Add keyboard shortcuts for:
|
||||
- search
|
||||
- save
|
||||
- lock
|
||||
- create entry
|
||||
- copy username
|
||||
- copy password
|
||||
- copy URL
|
||||
- Add visible focus states.
|
||||
- Improve screen-reader-conscious labeling where the toolkit allows it.
|
||||
- Verify high-DPI behavior.
|
||||
Scope:
|
||||
- Preserve supported cipher and KDF settings when reopening and saving.
|
||||
- Surface relevant settings in product-facing docs or UI where appropriate.
|
||||
- Document unsupported settings explicitly.
|
||||
|
||||
- Finish UI completion and polish.
|
||||
- Replace remaining prototype-only behavior.
|
||||
- Add empty states.
|
||||
- Add loading states.
|
||||
- Add error states.
|
||||
- Add recycle-bin view.
|
||||
- Add template view.
|
||||
- Add lock screen.
|
||||
- Add master-key prompt screens.
|
||||
- Add save-conflict surfaces.
|
||||
- Keep desktop information-dense.
|
||||
- Keep phone layout optimized for low tap count.
|
||||
Exit criteria:
|
||||
- Reopen-and-save cycles preserve supported KDBX security settings.
|
||||
- Compatibility notes are current in `docs/kdbx-compatibility.md`.
|
||||
- Tests cover settings preservation across save cycles.
|
||||
- `go test ./...` passes.
|
||||
|
||||
- Finish packaging and runnable-product shape.
|
||||
- Keep the desktop app runnable from the repo.
|
||||
- Add documented build and run instructions.
|
||||
- Add packaging guidance for desktop release builds.
|
||||
- Add Android packaging guidance with `gogio`.
|
||||
- Add icon and application metadata placeholders.
|
||||
### Segment 6: Entry CRUD UI
|
||||
|
||||
- Finish integration and regression coverage.
|
||||
- Add controller and UI behavior tests for completed workflows.
|
||||
- Add gRPC integration tests for lifecycle and mutation flows.
|
||||
- Add WebDAV conflict and reload coverage.
|
||||
- Add attachment workflow coverage.
|
||||
- Add history and recycle-bin integration coverage.
|
||||
- Add regression coverage for stable entry IDs across reopen and remote save cycles.
|
||||
Scope:
|
||||
- Create entry.
|
||||
- Edit entry.
|
||||
- Duplicate entry.
|
||||
- Delete entry to recycle bin.
|
||||
- Restore entry from recycle bin.
|
||||
- Move entry between groups if needed for editing flow.
|
||||
|
||||
## Exit Criteria
|
||||
Exit criteria:
|
||||
- All core entry CRUD actions are available from the UI.
|
||||
- Entry editor supports title, username, password, URL, notes, tags, and custom string fields.
|
||||
- Deletion routes entries to recycle behavior rather than permanent loss.
|
||||
- Tests cover create, edit, duplicate, delete, and restore flows.
|
||||
- `go test ./...` passes.
|
||||
|
||||
Do not stop until all of the following are true:
|
||||
### Segment 7: Entry History UI
|
||||
|
||||
Scope:
|
||||
- Browse history for the selected entry.
|
||||
- Select a historical version.
|
||||
- Restore a historical version into the current entry.
|
||||
|
||||
Exit criteria:
|
||||
- Entry history is visible and restorable from the UI.
|
||||
- History restore creates the expected new current state.
|
||||
- Tests cover history listing and restore behavior.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 8: Group And Path Management UI
|
||||
|
||||
Scope:
|
||||
- Create group.
|
||||
- Rename group.
|
||||
- Delete group.
|
||||
- Breadcrumb-driven path navigation.
|
||||
- Explicit navigation for templates and recycle bin.
|
||||
- Move entries between groups.
|
||||
|
||||
Exit criteria:
|
||||
- Nested group management works from the UI.
|
||||
- Breadcrumb navigation and group listing are controller-driven.
|
||||
- Templates and recycle-bin locations are explicit and navigable.
|
||||
- Tests cover create, rename, delete, navigate, and move behavior.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 9: Search Completion
|
||||
|
||||
Scope:
|
||||
- Current-group listing.
|
||||
- Global search.
|
||||
- Visible path context in results.
|
||||
- Explicit behavior for templates search.
|
||||
- Explicit behavior for recycle-bin search.
|
||||
- Clear and reset behavior.
|
||||
|
||||
Exit criteria:
|
||||
- Search behavior is consistent across desktop and phone layouts.
|
||||
- Search results always retain visible path context.
|
||||
- Template and recycle-bin search behavior is defined and tested.
|
||||
- Tests cover clear/reset transitions.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 10: Template CRUD UI
|
||||
|
||||
Scope:
|
||||
- Create template.
|
||||
- Edit template.
|
||||
- Delete template.
|
||||
- Browse template list.
|
||||
- Instantiate a template with overrides.
|
||||
|
||||
Exit criteria:
|
||||
- Templates are manageable from the UI.
|
||||
- Template instantiation can create a real entry with overrides.
|
||||
- Tests cover template CRUD and instantiation behavior.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 11: Attachment Workflow UI
|
||||
|
||||
Scope:
|
||||
- Add attachment.
|
||||
- List attachments.
|
||||
- Export attachment.
|
||||
- Replace attachment.
|
||||
- Remove attachment.
|
||||
- Error and size handling.
|
||||
|
||||
Exit criteria:
|
||||
- Attachments are manageable from the UI end to end.
|
||||
- Attachment workflows are covered by tests.
|
||||
- Replace and remove behavior preserve expected vault state.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 12: Password Generation UX
|
||||
|
||||
Scope:
|
||||
- Expose password generation profiles in the UI.
|
||||
- Allow generated passwords to populate the active entry form.
|
||||
- Keep generator behavior aligned with gRPC.
|
||||
|
||||
Exit criteria:
|
||||
- Users can generate a password from the UI without leaving the entry workflow.
|
||||
- Profile selection is visible and tested.
|
||||
- Generated values flow into entry create and edit forms correctly.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 13: Copy, Reveal, And Secret Transfer UX
|
||||
|
||||
Scope:
|
||||
- Copy username.
|
||||
- Copy password.
|
||||
- Copy URL.
|
||||
- Reveal or hide password.
|
||||
- Visible copy feedback.
|
||||
- Secret-safe error and status behavior.
|
||||
- Optional timed clipboard clearing if retained.
|
||||
|
||||
Exit criteria:
|
||||
- Copy and reveal flows work in the UI end to end.
|
||||
- Clipboard feedback is visible and non-secret-bearing.
|
||||
- If timed clearing exists, it is tested.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 14: gRPC Lifecycle API
|
||||
|
||||
Scope:
|
||||
- Session status RPC.
|
||||
- Open local vault RPC.
|
||||
- Open remote vault RPC.
|
||||
- Save vault RPC.
|
||||
- Lock vault RPC.
|
||||
- Unlock vault RPC.
|
||||
|
||||
Exit criteria:
|
||||
- Trusted clients can manage vault lifecycle through gRPC.
|
||||
- Authentication and error contracts are consistent across lifecycle methods.
|
||||
- Lifecycle gRPC integration tests pass.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 15: gRPC Mutation API
|
||||
|
||||
Scope:
|
||||
- Entry mutation RPCs.
|
||||
- Group mutation RPCs.
|
||||
- Template mutation RPCs.
|
||||
- History restore RPCs.
|
||||
- Attachment upload, download, list, and delete RPCs.
|
||||
- Copy-field RPCs.
|
||||
- Password generation RPC.
|
||||
|
||||
Exit criteria:
|
||||
- Trusted clients can perform all major mutation workflows through gRPC.
|
||||
- The API does not depend on UI-local state.
|
||||
- Integration tests cover the mutation surfaces.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 16: Accessibility And Keyboard-First Behavior
|
||||
|
||||
Scope:
|
||||
- Keyboard navigation for search, list, detail, dialogs, and breadcrumbs.
|
||||
- Shortcuts for save, lock, new entry, search focus, and field copy actions.
|
||||
- Visible focus states.
|
||||
- High-DPI sanity coverage.
|
||||
- Screen-reader-conscious labels where Gio permits.
|
||||
|
||||
Exit criteria:
|
||||
- Core workflows are operable without a pointing device on desktop.
|
||||
- Keyboard shortcuts exist for major actions and are tested.
|
||||
- Focus and accessibility states are visible and intentional.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 17: UI Completion And Error Surfaces
|
||||
|
||||
Scope:
|
||||
- Empty states.
|
||||
- Loading states.
|
||||
- Error states.
|
||||
- Lock screen.
|
||||
- Master-key prompts.
|
||||
- Save conflict surfaces.
|
||||
- Remove remaining prototype-only affordances.
|
||||
|
||||
Exit criteria:
|
||||
- Core product workflows no longer rely on prototype-style hidden assumptions.
|
||||
- Lock, error, loading, and empty states are visible and intentional.
|
||||
- UI tests or controller-integrated tests cover these states.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 18: Desktop Automation Resolution
|
||||
|
||||
Scope:
|
||||
- Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type,
|
||||
- or explicitly finalize the design that secure gRPC supersedes auto-type.
|
||||
- Keep the decision documented in-repo.
|
||||
|
||||
Exit criteria:
|
||||
- The desktop automation requirement is explicitly resolved in code or docs.
|
||||
- The chosen approach is documented in `docs/desktop-automation.md`.
|
||||
- Any implemented behavior is tested.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 19: Packaging And Runbook
|
||||
|
||||
Scope:
|
||||
- Keep the app runnable from source.
|
||||
- Document desktop build and run steps.
|
||||
- Document Android packaging with `gogio`.
|
||||
- Add icon and metadata placeholders if missing.
|
||||
|
||||
Exit criteria:
|
||||
- `README.md` is accurate for local build, run, and Android packaging guidance.
|
||||
- Placeholder metadata exists where needed for packaging.
|
||||
- The app still builds from the repo.
|
||||
- `go test ./...` passes.
|
||||
|
||||
### Segment 20: Regression And Integration Coverage
|
||||
|
||||
Scope:
|
||||
- Add integration coverage for reopen/save cycles.
|
||||
- Add regression coverage for stable entry IDs.
|
||||
- Add regression coverage for remote save and reopen.
|
||||
- Add regression coverage for history, recycle bin, templates, groups, and attachments together.
|
||||
|
||||
Exit criteria:
|
||||
- Cross-feature regressions have dedicated tests.
|
||||
- Stable identity and persistence guarantees are covered by tests.
|
||||
- `go test ./...` passes.
|
||||
|
||||
## Global Exit Criteria
|
||||
|
||||
Do not treat the product as complete until all of the following are true:
|
||||
|
||||
- Segment 1 through Segment 20 are all complete.
|
||||
- KeePassGO can create, open, edit, save, save-as, lock, and unlock local KDBX databases through the UI.
|
||||
- KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible handling of conflict and error states.
|
||||
- KeePassGO supports master password, key file, and composite key workflows in the product, not just in storage helpers.
|
||||
- KeePassGO preserves supported KDBX security and KDF settings and documents any unsupported settings.
|
||||
- KeePassGO supports nested groups, path-aware navigation, and explicit template and recycle-bin navigation.
|
||||
- KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible conflict and error handling.
|
||||
- KeePassGO supports master password, key file, and composite key workflows in the product.
|
||||
- KeePassGO preserves supported KDBX security and KDF settings and documents unsupported settings.
|
||||
- KeePassGO supports nested groups, path-aware navigation, explicit template navigation, and explicit recycle-bin navigation.
|
||||
- KeePassGO supports entry create, edit, duplicate, delete, restore, history browse, and history restore through the UI.
|
||||
- KeePassGO supports title, username, password, URL, notes, tags, and custom string fields through the UI.
|
||||
- KeePassGO supports attachment add, remove, replace, list, and export through the UI.
|
||||
- KeePassGO supports attachment add, replace, remove, list, and export through the UI.
|
||||
- KeePassGO supports reusable templates through the UI and through the gRPC API.
|
||||
- KeePassGO supports current-group listing, global search, and visible path context consistently across desktop and phone layouts.
|
||||
- KeePassGO supports copy username, copy password, copy URL, and reveal or hide password behavior end to end.
|
||||
- KeePassGO exposes password generation profiles through both UI and gRPC workflows.
|
||||
- The secure gRPC API is broad enough for trusted automation and browser-extension style integration, including lifecycle and mutation operations.
|
||||
- The desktop automation requirement is explicitly resolved, either by implementation or committed justification that gRPC supersedes it.
|
||||
- Keyboard-first navigation and common shortcuts exist for the major product workflows.
|
||||
- KeePassGO exposes password generation profiles through both UI and gRPC.
|
||||
- The secure gRPC API is broad enough for trusted automation and browser-extension-style integration.
|
||||
- The desktop automation requirement is explicitly resolved.
|
||||
- Keyboard-first navigation and common shortcuts exist for major product workflows.
|
||||
- The UI no longer depends on prototype-only mock behavior for any core workflow.
|
||||
- Build and run instructions exist for desktop, and packaging guidance exists for Android.
|
||||
- `go test ./...` passes.
|
||||
|
||||
Reference in New Issue
Block a user