From e15cfb15358749350f20645d2fcd9999133db9f0 Mon Sep 17 00:00:00 2001 From: Joe Julian Date: Sun, 29 Mar 2026 11:10:12 -0700 Subject: [PATCH] Break TODO into parallel work segments --- TODO.md | 472 +++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 310 insertions(+), 162 deletions(-) diff --git a/TODO.md b/TODO.md index 6850c13..12d1931 100644 --- a/TODO.md +++ b/TODO.md @@ -1,194 +1,342 @@ # TODO -## Single Completion Plan +## Parallel Work Segments -KeePassGO is not complete until every required capability in [`AGENTS.md`](./AGENTS.md) is implemented, verified, and integrated into the product. -This plan is intentionally a single plan with a single exit gate. It is not divided into phases or milestone buckets. +These segments are intended to be independently executable wherever possible. +Each segment has its own local exit criteria. +The product is not complete until the global exit criteria at the end of this file are also met. -## Remaining Work +### Segment 1: Application State Ownership -- Finish real application-state ownership. - - Keep application state as the single source of truth for: - - current session - - vault open or locked status - - current group path - - selected entry or template - - search query - - dirty state - - error and loading state - - Remove remaining direct UI-owned mutation of product state. - - Ensure all list, detail, breadcrumb, group, and selection behavior derives from the controller and session layers. +Scope: +- Keep the controller as the single source of truth for: + session state, + selected entry, + selected template, + current path, + current section, + search query, + dirty state, + status messaging, + and error state. +- Remove remaining direct UI-owned mutation of product state. +- Keep list, detail, breadcrumb, section, and selection behavior controller-driven. -- Finish local and remote database lifecycle UX. - - Add create new vault flow. - - Add open local vault flow. - - Add open remote WebDAV vault flow. - - Add save current vault. - - Add save-as local vault flow. - - Add lock and unlock flows. - - Add visible handling for: - - invalid master key - - unreadable file - - decode failure - - WebDAV conflict - - missing path or target - - Add dirty-state protection around destructive navigation. +Exit criteria: +- No core workflow depends on UI-local state as the authoritative source of vault data. +- UI list and detail rendering derive from controller or session state only. +- Controller behavior tests cover section switching, selection, search, and dirty-state transitions. +- `go test ./...` passes. -- Finish master-key and security configuration behavior. - - Add password-only setup. - - Add key-file-only setup. - - Add composite password plus key-file setup. - - Add UI and controller behavior for selecting or changing master-key mode. - - Preserve supported KDBX security and KDF settings when loading and saving. - - Document any unsupported settings explicitly. +### Segment 2: Local Vault Lifecycle UI -- Finish entry CRUD as a real product workflow. - - Add create entry. - - Add edit entry. - - Add duplicate entry. - - Add delete entry to recycle bin. - - Add restore entry from recycle bin. - - Add entry history browsing. - - Add restore historical version behavior. - - Add editing for: - - title - - username - - password - - URL - - notes - - tags - - custom fields - - Add reveal and hide password behavior in the actual product flow, not only the prototype view. +Scope: +- Create new vault flow. +- Open local vault flow. +- Save current vault flow. +- Save-as local vault flow. +- Lock flow. +- Unlock flow. +- Visible error handling for invalid master key, unreadable file, decode failure, and missing path. -- Finish template workflows. - - Add create template. - - Add edit template. - - Add delete template. - - Add template browsing UI. - - Add instantiate-template workflow with override support. - - Ensure template behavior is available through both UI and gRPC surfaces. +Exit criteria: +- A user can create, open, save, save-as, lock, and unlock a local vault through the UI. +- UI tests or controller-integrated tests cover each lifecycle path. +- Lifecycle actions update visible status and error messages consistently. +- `go test ./...` passes. -- Finish group and path management. - - Add create group. - - Add rename group. - - Add delete group. - - Add move entry between groups. - - Add move template between groups if supported. - - Make breadcrumb and group navigation controller-driven throughout the product. - - Make templates and recycle-bin locations explicit and navigable. +### Segment 3: Remote WebDAV Lifecycle UI -- Finish search behavior. - - Support current-group listing. - - Support global search. - - Keep visible path context in results. - - Define and implement search behavior for: - - templates - - recycle bin - - Add clear and reset behavior. - - Ensure search works consistently in desktop and phone layouts. +Scope: +- Open remote WebDAV vault flow. +- Save remote WebDAV vault flow. +- Visible handling for remote error states. +- Visible handling for conflict responses and retry-safe behavior. -- Finish data transfer behavior. - - Keep copy username, copy password, and copy URL available through the UI. - - Keep those behaviors available through gRPC. - - Add product behavior for clipboard feedback. - - Decide and implement timed clipboard clearing if used. - - Ensure errors and logs do not leak secret contents. +Exit criteria: +- A user can open and save a remote WebDAV-backed vault through the UI. +- Conflict and transport failures surface a visible error state. +- WebDAV lifecycle tests cover open, save, and conflict behavior. +- `go test ./...` passes. -- Finish attachments UX. - - Add attach file to entry. - - Add list attachments. - - Add export or download attachment. - - Add replace attachment. - - Add remove attachment. - - Add size and error handling. - - Add file selection abstraction appropriate for desktop and future Android support. +### Segment 4: Master Key Setup And Change Flows -- Finish password generation UX. - - Expose profile-based password generation in the UI. - - Allow generated passwords to flow directly into create and edit entry workflows. - - Keep generation behavior exposed through gRPC. +Scope: +- Password-only setup and unlock. +- Key-file-only setup and unlock. +- Composite password-plus-key-file setup and unlock. +- UI for selecting master-key mode when creating a vault. +- UI for changing master-key mode on an existing vault where supported. -- Finish gRPC as the first-class trusted integration surface. - - Add open, save, lock, and unlock RPCs. - - Add current session status RPC. - - Add group listing and group mutation RPCs. - - Add history listing and history restore RPCs. - - Add attachment listing, upload, and download RPCs. - - Add template CRUD RPCs where missing. - - Keep authentication and error contracts consistent across all methods. - - Keep the API independent of UI state. +Exit criteria: +- All three master-key modes work through the product UI, not only storage helpers. +- Tests cover each mode for create, open, and unlock behavior. +- Validation and visible error states exist for missing or invalid key material. +- `go test ./...` passes. -- Resolve the desktop automation requirement. - - Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type, - - or document, in-repo, that the secure gRPC interface supersedes it and why. - - The decision must be explicit and committed. +### Segment 5: KDBX Security Settings Preservation -- Finish accessibility and keyboard-first behavior. - - Add keyboard navigation across: - - list - - detail - - search - - breadcrumbs - - dialogs - - Add keyboard shortcuts for: - - search - - save - - lock - - create entry - - copy username - - copy password - - copy URL - - Add visible focus states. - - Improve screen-reader-conscious labeling where the toolkit allows it. - - Verify high-DPI behavior. +Scope: +- Preserve supported cipher and KDF settings when reopening and saving. +- Surface relevant settings in product-facing docs or UI where appropriate. +- Document unsupported settings explicitly. -- Finish UI completion and polish. - - Replace remaining prototype-only behavior. - - Add empty states. - - Add loading states. - - Add error states. - - Add recycle-bin view. - - Add template view. - - Add lock screen. - - Add master-key prompt screens. - - Add save-conflict surfaces. - - Keep desktop information-dense. - - Keep phone layout optimized for low tap count. +Exit criteria: +- Reopen-and-save cycles preserve supported KDBX security settings. +- Compatibility notes are current in `docs/kdbx-compatibility.md`. +- Tests cover settings preservation across save cycles. +- `go test ./...` passes. -- Finish packaging and runnable-product shape. - - Keep the desktop app runnable from the repo. - - Add documented build and run instructions. - - Add packaging guidance for desktop release builds. - - Add Android packaging guidance with `gogio`. - - Add icon and application metadata placeholders. +### Segment 6: Entry CRUD UI -- Finish integration and regression coverage. - - Add controller and UI behavior tests for completed workflows. - - Add gRPC integration tests for lifecycle and mutation flows. - - Add WebDAV conflict and reload coverage. - - Add attachment workflow coverage. - - Add history and recycle-bin integration coverage. - - Add regression coverage for stable entry IDs across reopen and remote save cycles. +Scope: +- Create entry. +- Edit entry. +- Duplicate entry. +- Delete entry to recycle bin. +- Restore entry from recycle bin. +- Move entry between groups if needed for editing flow. -## Exit Criteria +Exit criteria: +- All core entry CRUD actions are available from the UI. +- Entry editor supports title, username, password, URL, notes, tags, and custom string fields. +- Deletion routes entries to recycle behavior rather than permanent loss. +- Tests cover create, edit, duplicate, delete, and restore flows. +- `go test ./...` passes. -Do not stop until all of the following are true: +### Segment 7: Entry History UI +Scope: +- Browse history for the selected entry. +- Select a historical version. +- Restore a historical version into the current entry. + +Exit criteria: +- Entry history is visible and restorable from the UI. +- History restore creates the expected new current state. +- Tests cover history listing and restore behavior. +- `go test ./...` passes. + +### Segment 8: Group And Path Management UI + +Scope: +- Create group. +- Rename group. +- Delete group. +- Breadcrumb-driven path navigation. +- Explicit navigation for templates and recycle bin. +- Move entries between groups. + +Exit criteria: +- Nested group management works from the UI. +- Breadcrumb navigation and group listing are controller-driven. +- Templates and recycle-bin locations are explicit and navigable. +- Tests cover create, rename, delete, navigate, and move behavior. +- `go test ./...` passes. + +### Segment 9: Search Completion + +Scope: +- Current-group listing. +- Global search. +- Visible path context in results. +- Explicit behavior for templates search. +- Explicit behavior for recycle-bin search. +- Clear and reset behavior. + +Exit criteria: +- Search behavior is consistent across desktop and phone layouts. +- Search results always retain visible path context. +- Template and recycle-bin search behavior is defined and tested. +- Tests cover clear/reset transitions. +- `go test ./...` passes. + +### Segment 10: Template CRUD UI + +Scope: +- Create template. +- Edit template. +- Delete template. +- Browse template list. +- Instantiate a template with overrides. + +Exit criteria: +- Templates are manageable from the UI. +- Template instantiation can create a real entry with overrides. +- Tests cover template CRUD and instantiation behavior. +- `go test ./...` passes. + +### Segment 11: Attachment Workflow UI + +Scope: +- Add attachment. +- List attachments. +- Export attachment. +- Replace attachment. +- Remove attachment. +- Error and size handling. + +Exit criteria: +- Attachments are manageable from the UI end to end. +- Attachment workflows are covered by tests. +- Replace and remove behavior preserve expected vault state. +- `go test ./...` passes. + +### Segment 12: Password Generation UX + +Scope: +- Expose password generation profiles in the UI. +- Allow generated passwords to populate the active entry form. +- Keep generator behavior aligned with gRPC. + +Exit criteria: +- Users can generate a password from the UI without leaving the entry workflow. +- Profile selection is visible and tested. +- Generated values flow into entry create and edit forms correctly. +- `go test ./...` passes. + +### Segment 13: Copy, Reveal, And Secret Transfer UX + +Scope: +- Copy username. +- Copy password. +- Copy URL. +- Reveal or hide password. +- Visible copy feedback. +- Secret-safe error and status behavior. +- Optional timed clipboard clearing if retained. + +Exit criteria: +- Copy and reveal flows work in the UI end to end. +- Clipboard feedback is visible and non-secret-bearing. +- If timed clearing exists, it is tested. +- `go test ./...` passes. + +### Segment 14: gRPC Lifecycle API + +Scope: +- Session status RPC. +- Open local vault RPC. +- Open remote vault RPC. +- Save vault RPC. +- Lock vault RPC. +- Unlock vault RPC. + +Exit criteria: +- Trusted clients can manage vault lifecycle through gRPC. +- Authentication and error contracts are consistent across lifecycle methods. +- Lifecycle gRPC integration tests pass. +- `go test ./...` passes. + +### Segment 15: gRPC Mutation API + +Scope: +- Entry mutation RPCs. +- Group mutation RPCs. +- Template mutation RPCs. +- History restore RPCs. +- Attachment upload, download, list, and delete RPCs. +- Copy-field RPCs. +- Password generation RPC. + +Exit criteria: +- Trusted clients can perform all major mutation workflows through gRPC. +- The API does not depend on UI-local state. +- Integration tests cover the mutation surfaces. +- `go test ./...` passes. + +### Segment 16: Accessibility And Keyboard-First Behavior + +Scope: +- Keyboard navigation for search, list, detail, dialogs, and breadcrumbs. +- Shortcuts for save, lock, new entry, search focus, and field copy actions. +- Visible focus states. +- High-DPI sanity coverage. +- Screen-reader-conscious labels where Gio permits. + +Exit criteria: +- Core workflows are operable without a pointing device on desktop. +- Keyboard shortcuts exist for major actions and are tested. +- Focus and accessibility states are visible and intentional. +- `go test ./...` passes. + +### Segment 17: UI Completion And Error Surfaces + +Scope: +- Empty states. +- Loading states. +- Error states. +- Lock screen. +- Master-key prompts. +- Save conflict surfaces. +- Remove remaining prototype-only affordances. + +Exit criteria: +- Core product workflows no longer rely on prototype-style hidden assumptions. +- Lock, error, loading, and empty states are visible and intentional. +- UI tests or controller-integrated tests cover these states. +- `go test ./...` passes. + +### Segment 18: Desktop Automation Resolution + +Scope: +- Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type, +- or explicitly finalize the design that secure gRPC supersedes auto-type. +- Keep the decision documented in-repo. + +Exit criteria: +- The desktop automation requirement is explicitly resolved in code or docs. +- The chosen approach is documented in `docs/desktop-automation.md`. +- Any implemented behavior is tested. +- `go test ./...` passes. + +### Segment 19: Packaging And Runbook + +Scope: +- Keep the app runnable from source. +- Document desktop build and run steps. +- Document Android packaging with `gogio`. +- Add icon and metadata placeholders if missing. + +Exit criteria: +- `README.md` is accurate for local build, run, and Android packaging guidance. +- Placeholder metadata exists where needed for packaging. +- The app still builds from the repo. +- `go test ./...` passes. + +### Segment 20: Regression And Integration Coverage + +Scope: +- Add integration coverage for reopen/save cycles. +- Add regression coverage for stable entry IDs. +- Add regression coverage for remote save and reopen. +- Add regression coverage for history, recycle bin, templates, groups, and attachments together. + +Exit criteria: +- Cross-feature regressions have dedicated tests. +- Stable identity and persistence guarantees are covered by tests. +- `go test ./...` passes. + +## Global Exit Criteria + +Do not treat the product as complete until all of the following are true: + +- Segment 1 through Segment 20 are all complete. - KeePassGO can create, open, edit, save, save-as, lock, and unlock local KDBX databases through the UI. -- KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible handling of conflict and error states. -- KeePassGO supports master password, key file, and composite key workflows in the product, not just in storage helpers. -- KeePassGO preserves supported KDBX security and KDF settings and documents any unsupported settings. -- KeePassGO supports nested groups, path-aware navigation, and explicit template and recycle-bin navigation. +- KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible conflict and error handling. +- KeePassGO supports master password, key file, and composite key workflows in the product. +- KeePassGO preserves supported KDBX security and KDF settings and documents unsupported settings. +- KeePassGO supports nested groups, path-aware navigation, explicit template navigation, and explicit recycle-bin navigation. - KeePassGO supports entry create, edit, duplicate, delete, restore, history browse, and history restore through the UI. - KeePassGO supports title, username, password, URL, notes, tags, and custom string fields through the UI. -- KeePassGO supports attachment add, remove, replace, list, and export through the UI. +- KeePassGO supports attachment add, replace, remove, list, and export through the UI. - KeePassGO supports reusable templates through the UI and through the gRPC API. - KeePassGO supports current-group listing, global search, and visible path context consistently across desktop and phone layouts. - KeePassGO supports copy username, copy password, copy URL, and reveal or hide password behavior end to end. -- KeePassGO exposes password generation profiles through both UI and gRPC workflows. -- The secure gRPC API is broad enough for trusted automation and browser-extension style integration, including lifecycle and mutation operations. -- The desktop automation requirement is explicitly resolved, either by implementation or committed justification that gRPC supersedes it. -- Keyboard-first navigation and common shortcuts exist for the major product workflows. +- KeePassGO exposes password generation profiles through both UI and gRPC. +- The secure gRPC API is broad enough for trusted automation and browser-extension-style integration. +- The desktop automation requirement is explicitly resolved. +- Keyboard-first navigation and common shortcuts exist for major product workflows. - The UI no longer depends on prototype-only mock behavior for any core workflow. - Build and run instructions exist for desktop, and packaging guidance exists for Android. - `go test ./...` passes.