Break TODO into parallel work segments

This commit is contained in:
Joe Julian
2026-03-29 11:10:12 -07:00
parent ce01c47256
commit a4b3d5c1e1
+310 -162
View File
@@ -1,194 +1,342 @@
# TODO # TODO
## Single Completion Plan ## Parallel Work Segments
KeePassGO is not complete until every required capability in [`AGENTS.md`](./AGENTS.md) is implemented, verified, and integrated into the product. These segments are intended to be independently executable wherever possible.
This plan is intentionally a single plan with a single exit gate. It is not divided into phases or milestone buckets. Each segment has its own local exit criteria.
The product is not complete until the global exit criteria at the end of this file are also met.
## Remaining Work ### Segment 1: Application State Ownership
- Finish real application-state ownership. Scope:
- Keep application state as the single source of truth for: - Keep the controller as the single source of truth for:
- current session session state,
- vault open or locked status selected entry,
- current group path selected template,
- selected entry or template current path,
- search query current section,
- dirty state search query,
- error and loading state dirty state,
- Remove remaining direct UI-owned mutation of product state. status messaging,
- Ensure all list, detail, breadcrumb, group, and selection behavior derives from the controller and session layers. and error state.
- Remove remaining direct UI-owned mutation of product state.
- Keep list, detail, breadcrumb, section, and selection behavior controller-driven.
- Finish local and remote database lifecycle UX. Exit criteria:
- Add create new vault flow. - No core workflow depends on UI-local state as the authoritative source of vault data.
- Add open local vault flow. - UI list and detail rendering derive from controller or session state only.
- Add open remote WebDAV vault flow. - Controller behavior tests cover section switching, selection, search, and dirty-state transitions.
- Add save current vault. - `go test ./...` passes.
- Add save-as local vault flow.
- Add lock and unlock flows.
- Add visible handling for:
- invalid master key
- unreadable file
- decode failure
- WebDAV conflict
- missing path or target
- Add dirty-state protection around destructive navigation.
- Finish master-key and security configuration behavior. ### Segment 2: Local Vault Lifecycle UI
- Add password-only setup.
- Add key-file-only setup.
- Add composite password plus key-file setup.
- Add UI and controller behavior for selecting or changing master-key mode.
- Preserve supported KDBX security and KDF settings when loading and saving.
- Document any unsupported settings explicitly.
- Finish entry CRUD as a real product workflow. Scope:
- Add create entry. - Create new vault flow.
- Add edit entry. - Open local vault flow.
- Add duplicate entry. - Save current vault flow.
- Add delete entry to recycle bin. - Save-as local vault flow.
- Add restore entry from recycle bin. - Lock flow.
- Add entry history browsing. - Unlock flow.
- Add restore historical version behavior. - Visible error handling for invalid master key, unreadable file, decode failure, and missing path.
- Add editing for:
- title
- username
- password
- URL
- notes
- tags
- custom fields
- Add reveal and hide password behavior in the actual product flow, not only the prototype view.
- Finish template workflows. Exit criteria:
- Add create template. - A user can create, open, save, save-as, lock, and unlock a local vault through the UI.
- Add edit template. - UI tests or controller-integrated tests cover each lifecycle path.
- Add delete template. - Lifecycle actions update visible status and error messages consistently.
- Add template browsing UI. - `go test ./...` passes.
- Add instantiate-template workflow with override support.
- Ensure template behavior is available through both UI and gRPC surfaces.
- Finish group and path management. ### Segment 3: Remote WebDAV Lifecycle UI
- Add create group.
- Add rename group.
- Add delete group.
- Add move entry between groups.
- Add move template between groups if supported.
- Make breadcrumb and group navigation controller-driven throughout the product.
- Make templates and recycle-bin locations explicit and navigable.
- Finish search behavior. Scope:
- Support current-group listing. - Open remote WebDAV vault flow.
- Support global search. - Save remote WebDAV vault flow.
- Keep visible path context in results. - Visible handling for remote error states.
- Define and implement search behavior for: - Visible handling for conflict responses and retry-safe behavior.
- templates
- recycle bin
- Add clear and reset behavior.
- Ensure search works consistently in desktop and phone layouts.
- Finish data transfer behavior. Exit criteria:
- Keep copy username, copy password, and copy URL available through the UI. - A user can open and save a remote WebDAV-backed vault through the UI.
- Keep those behaviors available through gRPC. - Conflict and transport failures surface a visible error state.
- Add product behavior for clipboard feedback. - WebDAV lifecycle tests cover open, save, and conflict behavior.
- Decide and implement timed clipboard clearing if used. - `go test ./...` passes.
- Ensure errors and logs do not leak secret contents.
- Finish attachments UX. ### Segment 4: Master Key Setup And Change Flows
- Add attach file to entry.
- Add list attachments.
- Add export or download attachment.
- Add replace attachment.
- Add remove attachment.
- Add size and error handling.
- Add file selection abstraction appropriate for desktop and future Android support.
- Finish password generation UX. Scope:
- Expose profile-based password generation in the UI. - Password-only setup and unlock.
- Allow generated passwords to flow directly into create and edit entry workflows. - Key-file-only setup and unlock.
- Keep generation behavior exposed through gRPC. - Composite password-plus-key-file setup and unlock.
- UI for selecting master-key mode when creating a vault.
- UI for changing master-key mode on an existing vault where supported.
- Finish gRPC as the first-class trusted integration surface. Exit criteria:
- Add open, save, lock, and unlock RPCs. - All three master-key modes work through the product UI, not only storage helpers.
- Add current session status RPC. - Tests cover each mode for create, open, and unlock behavior.
- Add group listing and group mutation RPCs. - Validation and visible error states exist for missing or invalid key material.
- Add history listing and history restore RPCs. - `go test ./...` passes.
- Add attachment listing, upload, and download RPCs.
- Add template CRUD RPCs where missing.
- Keep authentication and error contracts consistent across all methods.
- Keep the API independent of UI state.
- Resolve the desktop automation requirement. ### Segment 5: KDBX Security Settings Preservation
- Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type,
- or document, in-repo, that the secure gRPC interface supersedes it and why.
- The decision must be explicit and committed.
- Finish accessibility and keyboard-first behavior. Scope:
- Add keyboard navigation across: - Preserve supported cipher and KDF settings when reopening and saving.
- list - Surface relevant settings in product-facing docs or UI where appropriate.
- detail - Document unsupported settings explicitly.
- search
- breadcrumbs
- dialogs
- Add keyboard shortcuts for:
- search
- save
- lock
- create entry
- copy username
- copy password
- copy URL
- Add visible focus states.
- Improve screen-reader-conscious labeling where the toolkit allows it.
- Verify high-DPI behavior.
- Finish UI completion and polish. Exit criteria:
- Replace remaining prototype-only behavior. - Reopen-and-save cycles preserve supported KDBX security settings.
- Add empty states. - Compatibility notes are current in `docs/kdbx-compatibility.md`.
- Add loading states. - Tests cover settings preservation across save cycles.
- Add error states. - `go test ./...` passes.
- Add recycle-bin view.
- Add template view.
- Add lock screen.
- Add master-key prompt screens.
- Add save-conflict surfaces.
- Keep desktop information-dense.
- Keep phone layout optimized for low tap count.
- Finish packaging and runnable-product shape. ### Segment 6: Entry CRUD UI
- Keep the desktop app runnable from the repo.
- Add documented build and run instructions.
- Add packaging guidance for desktop release builds.
- Add Android packaging guidance with `gogio`.
- Add icon and application metadata placeholders.
- Finish integration and regression coverage. Scope:
- Add controller and UI behavior tests for completed workflows. - Create entry.
- Add gRPC integration tests for lifecycle and mutation flows. - Edit entry.
- Add WebDAV conflict and reload coverage. - Duplicate entry.
- Add attachment workflow coverage. - Delete entry to recycle bin.
- Add history and recycle-bin integration coverage. - Restore entry from recycle bin.
- Add regression coverage for stable entry IDs across reopen and remote save cycles. - Move entry between groups if needed for editing flow.
## Exit Criteria Exit criteria:
- All core entry CRUD actions are available from the UI.
- Entry editor supports title, username, password, URL, notes, tags, and custom string fields.
- Deletion routes entries to recycle behavior rather than permanent loss.
- Tests cover create, edit, duplicate, delete, and restore flows.
- `go test ./...` passes.
Do not stop until all of the following are true: ### Segment 7: Entry History UI
Scope:
- Browse history for the selected entry.
- Select a historical version.
- Restore a historical version into the current entry.
Exit criteria:
- Entry history is visible and restorable from the UI.
- History restore creates the expected new current state.
- Tests cover history listing and restore behavior.
- `go test ./...` passes.
### Segment 8: Group And Path Management UI
Scope:
- Create group.
- Rename group.
- Delete group.
- Breadcrumb-driven path navigation.
- Explicit navigation for templates and recycle bin.
- Move entries between groups.
Exit criteria:
- Nested group management works from the UI.
- Breadcrumb navigation and group listing are controller-driven.
- Templates and recycle-bin locations are explicit and navigable.
- Tests cover create, rename, delete, navigate, and move behavior.
- `go test ./...` passes.
### Segment 9: Search Completion
Scope:
- Current-group listing.
- Global search.
- Visible path context in results.
- Explicit behavior for templates search.
- Explicit behavior for recycle-bin search.
- Clear and reset behavior.
Exit criteria:
- Search behavior is consistent across desktop and phone layouts.
- Search results always retain visible path context.
- Template and recycle-bin search behavior is defined and tested.
- Tests cover clear/reset transitions.
- `go test ./...` passes.
### Segment 10: Template CRUD UI
Scope:
- Create template.
- Edit template.
- Delete template.
- Browse template list.
- Instantiate a template with overrides.
Exit criteria:
- Templates are manageable from the UI.
- Template instantiation can create a real entry with overrides.
- Tests cover template CRUD and instantiation behavior.
- `go test ./...` passes.
### Segment 11: Attachment Workflow UI
Scope:
- Add attachment.
- List attachments.
- Export attachment.
- Replace attachment.
- Remove attachment.
- Error and size handling.
Exit criteria:
- Attachments are manageable from the UI end to end.
- Attachment workflows are covered by tests.
- Replace and remove behavior preserve expected vault state.
- `go test ./...` passes.
### Segment 12: Password Generation UX
Scope:
- Expose password generation profiles in the UI.
- Allow generated passwords to populate the active entry form.
- Keep generator behavior aligned with gRPC.
Exit criteria:
- Users can generate a password from the UI without leaving the entry workflow.
- Profile selection is visible and tested.
- Generated values flow into entry create and edit forms correctly.
- `go test ./...` passes.
### Segment 13: Copy, Reveal, And Secret Transfer UX
Scope:
- Copy username.
- Copy password.
- Copy URL.
- Reveal or hide password.
- Visible copy feedback.
- Secret-safe error and status behavior.
- Optional timed clipboard clearing if retained.
Exit criteria:
- Copy and reveal flows work in the UI end to end.
- Clipboard feedback is visible and non-secret-bearing.
- If timed clearing exists, it is tested.
- `go test ./...` passes.
### Segment 14: gRPC Lifecycle API
Scope:
- Session status RPC.
- Open local vault RPC.
- Open remote vault RPC.
- Save vault RPC.
- Lock vault RPC.
- Unlock vault RPC.
Exit criteria:
- Trusted clients can manage vault lifecycle through gRPC.
- Authentication and error contracts are consistent across lifecycle methods.
- Lifecycle gRPC integration tests pass.
- `go test ./...` passes.
### Segment 15: gRPC Mutation API
Scope:
- Entry mutation RPCs.
- Group mutation RPCs.
- Template mutation RPCs.
- History restore RPCs.
- Attachment upload, download, list, and delete RPCs.
- Copy-field RPCs.
- Password generation RPC.
Exit criteria:
- Trusted clients can perform all major mutation workflows through gRPC.
- The API does not depend on UI-local state.
- Integration tests cover the mutation surfaces.
- `go test ./...` passes.
### Segment 16: Accessibility And Keyboard-First Behavior
Scope:
- Keyboard navigation for search, list, detail, dialogs, and breadcrumbs.
- Shortcuts for save, lock, new entry, search focus, and field copy actions.
- Visible focus states.
- High-DPI sanity coverage.
- Screen-reader-conscious labels where Gio permits.
Exit criteria:
- Core workflows are operable without a pointing device on desktop.
- Keyboard shortcuts exist for major actions and are tested.
- Focus and accessibility states are visible and intentional.
- `go test ./...` passes.
### Segment 17: UI Completion And Error Surfaces
Scope:
- Empty states.
- Loading states.
- Error states.
- Lock screen.
- Master-key prompts.
- Save conflict surfaces.
- Remove remaining prototype-only affordances.
Exit criteria:
- Core product workflows no longer rely on prototype-style hidden assumptions.
- Lock, error, loading, and empty states are visible and intentional.
- UI tests or controller-integrated tests cover these states.
- `go test ./...` passes.
### Segment 18: Desktop Automation Resolution
Scope:
- Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type,
- or explicitly finalize the design that secure gRPC supersedes auto-type.
- Keep the decision documented in-repo.
Exit criteria:
- The desktop automation requirement is explicitly resolved in code or docs.
- The chosen approach is documented in `docs/desktop-automation.md`.
- Any implemented behavior is tested.
- `go test ./...` passes.
### Segment 19: Packaging And Runbook
Scope:
- Keep the app runnable from source.
- Document desktop build and run steps.
- Document Android packaging with `gogio`.
- Add icon and metadata placeholders if missing.
Exit criteria:
- `README.md` is accurate for local build, run, and Android packaging guidance.
- Placeholder metadata exists where needed for packaging.
- The app still builds from the repo.
- `go test ./...` passes.
### Segment 20: Regression And Integration Coverage
Scope:
- Add integration coverage for reopen/save cycles.
- Add regression coverage for stable entry IDs.
- Add regression coverage for remote save and reopen.
- Add regression coverage for history, recycle bin, templates, groups, and attachments together.
Exit criteria:
- Cross-feature regressions have dedicated tests.
- Stable identity and persistence guarantees are covered by tests.
- `go test ./...` passes.
## Global Exit Criteria
Do not treat the product as complete until all of the following are true:
- Segment 1 through Segment 20 are all complete.
- KeePassGO can create, open, edit, save, save-as, lock, and unlock local KDBX databases through the UI. - KeePassGO can create, open, edit, save, save-as, lock, and unlock local KDBX databases through the UI.
- KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible handling of conflict and error states. - KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible conflict and error handling.
- KeePassGO supports master password, key file, and composite key workflows in the product, not just in storage helpers. - KeePassGO supports master password, key file, and composite key workflows in the product.
- KeePassGO preserves supported KDBX security and KDF settings and documents any unsupported settings. - KeePassGO preserves supported KDBX security and KDF settings and documents unsupported settings.
- KeePassGO supports nested groups, path-aware navigation, and explicit template and recycle-bin navigation. - KeePassGO supports nested groups, path-aware navigation, explicit template navigation, and explicit recycle-bin navigation.
- KeePassGO supports entry create, edit, duplicate, delete, restore, history browse, and history restore through the UI. - KeePassGO supports entry create, edit, duplicate, delete, restore, history browse, and history restore through the UI.
- KeePassGO supports title, username, password, URL, notes, tags, and custom string fields through the UI. - KeePassGO supports title, username, password, URL, notes, tags, and custom string fields through the UI.
- KeePassGO supports attachment add, remove, replace, list, and export through the UI. - KeePassGO supports attachment add, replace, remove, list, and export through the UI.
- KeePassGO supports reusable templates through the UI and through the gRPC API. - KeePassGO supports reusable templates through the UI and through the gRPC API.
- KeePassGO supports current-group listing, global search, and visible path context consistently across desktop and phone layouts. - KeePassGO supports current-group listing, global search, and visible path context consistently across desktop and phone layouts.
- KeePassGO supports copy username, copy password, copy URL, and reveal or hide password behavior end to end. - KeePassGO supports copy username, copy password, copy URL, and reveal or hide password behavior end to end.
- KeePassGO exposes password generation profiles through both UI and gRPC workflows. - KeePassGO exposes password generation profiles through both UI and gRPC.
- The secure gRPC API is broad enough for trusted automation and browser-extension style integration, including lifecycle and mutation operations. - The secure gRPC API is broad enough for trusted automation and browser-extension-style integration.
- The desktop automation requirement is explicitly resolved, either by implementation or committed justification that gRPC supersedes it. - The desktop automation requirement is explicitly resolved.
- Keyboard-first navigation and common shortcuts exist for the major product workflows. - Keyboard-first navigation and common shortcuts exist for major product workflows.
- The UI no longer depends on prototype-only mock behavior for any core workflow. - The UI no longer depends on prototype-only mock behavior for any core workflow.
- Build and run instructions exist for desktop, and packaging guidance exists for Android. - Build and run instructions exist for desktop, and packaging guidance exists for Android.
- `go test ./...` passes. - `go test ./...` passes.