# TODO ## Single Completion Plan KeePassGO is not complete until every required capability in [`AGENTS.md`](./AGENTS.md) is implemented, verified, and integrated into the product. This plan is intentionally a single plan with a single exit gate. It is not divided into phases or milestone buckets. ## Remaining Work - Finish real application-state ownership. - Keep application state as the single source of truth for: - current session - vault open or locked status - current group path - selected entry or template - search query - dirty state - error and loading state - Remove remaining direct UI-owned mutation of product state. - Ensure all list, detail, breadcrumb, group, and selection behavior derives from the controller and session layers. - Finish local and remote database lifecycle UX. - Add create new vault flow. - Add open local vault flow. - Add open remote WebDAV vault flow. - Add save current vault. - Add save-as local vault flow. - Add lock and unlock flows. - Add visible handling for: - invalid master key - unreadable file - decode failure - WebDAV conflict - missing path or target - Add dirty-state protection around destructive navigation. - Finish master-key and security configuration behavior. - Add password-only setup. - Add key-file-only setup. - Add composite password plus key-file setup. - Add UI and controller behavior for selecting or changing master-key mode. - Preserve supported KDBX security and KDF settings when loading and saving. - Document any unsupported settings explicitly. - Finish entry CRUD as a real product workflow. - Add create entry. - Add edit entry. - Add duplicate entry. - Add delete entry to recycle bin. - Add restore entry from recycle bin. - Add entry history browsing. - Add restore historical version behavior. - Add editing for: - title - username - password - URL - notes - tags - custom fields - Add reveal and hide password behavior in the actual product flow, not only the prototype view. - Finish template workflows. - Add create template. - Add edit template. - Add delete template. - Add template browsing UI. - Add instantiate-template workflow with override support. - Ensure template behavior is available through both UI and gRPC surfaces. - Finish group and path management. - Add create group. - Add rename group. - Add delete group. - Add move entry between groups. - Add move template between groups if supported. - Make breadcrumb and group navigation controller-driven throughout the product. - Make templates and recycle-bin locations explicit and navigable. - Finish search behavior. - Support current-group listing. - Support global search. - Keep visible path context in results. - Define and implement search behavior for: - templates - recycle bin - Add clear and reset behavior. - Ensure search works consistently in desktop and phone layouts. - Finish data transfer behavior. - Keep copy username, copy password, and copy URL available through the UI. - Keep those behaviors available through gRPC. - Add product behavior for clipboard feedback. - Decide and implement timed clipboard clearing if used. - Ensure errors and logs do not leak secret contents. - Finish attachments UX. - Add attach file to entry. - Add list attachments. - Add export or download attachment. - Add replace attachment. - Add remove attachment. - Add size and error handling. - Add file selection abstraction appropriate for desktop and future Android support. - Finish password generation UX. - Expose profile-based password generation in the UI. - Allow generated passwords to flow directly into create and edit entry workflows. - Keep generation behavior exposed through gRPC. - Finish gRPC as the first-class trusted integration surface. - Add open, save, lock, and unlock RPCs. - Add current session status RPC. - Add group listing and group mutation RPCs. - Add history listing and history restore RPCs. - Add attachment listing, upload, and download RPCs. - Add template CRUD RPCs where missing. - Keep authentication and error contracts consistent across all methods. - Keep the API independent of UI state. - Resolve the desktop automation requirement. - Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type, - or document, in-repo, that the secure gRPC interface supersedes it and why. - The decision must be explicit and committed. - Finish accessibility and keyboard-first behavior. - Add keyboard navigation across: - list - detail - search - breadcrumbs - dialogs - Add keyboard shortcuts for: - search - save - lock - create entry - copy username - copy password - copy URL - Add visible focus states. - Improve screen-reader-conscious labeling where the toolkit allows it. - Verify high-DPI behavior. - Finish UI completion and polish. - Replace remaining prototype-only behavior. - Add empty states. - Add loading states. - Add error states. - Add recycle-bin view. - Add template view. - Add lock screen. - Add master-key prompt screens. - Add save-conflict surfaces. - Keep desktop information-dense. - Keep phone layout optimized for low tap count. - Finish packaging and runnable-product shape. - Keep the desktop app runnable from the repo. - Add documented build and run instructions. - Add packaging guidance for desktop release builds. - Add Android packaging guidance with `gogio`. - Add icon and application metadata placeholders. - Finish integration and regression coverage. - Add controller and UI behavior tests for completed workflows. - Add gRPC integration tests for lifecycle and mutation flows. - Add WebDAV conflict and reload coverage. - Add attachment workflow coverage. - Add history and recycle-bin integration coverage. - Add regression coverage for stable entry IDs across reopen and remote save cycles. ## Exit Criteria Do not stop until all of the following are true: - KeePassGO can create, open, edit, save, save-as, lock, and unlock local KDBX databases through the UI. - KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible handling of conflict and error states. - KeePassGO supports master password, key file, and composite key workflows in the product, not just in storage helpers. - KeePassGO preserves supported KDBX security and KDF settings and documents any unsupported settings. - KeePassGO supports nested groups, path-aware navigation, and explicit template and recycle-bin navigation. - KeePassGO supports entry create, edit, duplicate, delete, restore, history browse, and history restore through the UI. - KeePassGO supports title, username, password, URL, notes, tags, and custom string fields through the UI. - KeePassGO supports attachment add, remove, replace, list, and export through the UI. - KeePassGO supports reusable templates through the UI and through the gRPC API. - KeePassGO supports current-group listing, global search, and visible path context consistently across desktop and phone layouts. - KeePassGO supports copy username, copy password, copy URL, and reveal or hide password behavior end to end. - KeePassGO exposes password generation profiles through both UI and gRPC workflows. - The secure gRPC API is broad enough for trusted automation and browser-extension style integration, including lifecycle and mutation operations. - The desktop automation requirement is explicitly resolved, either by implementation or committed justification that gRPC supersedes it. - Keyboard-first navigation and common shortcuts exist for the major product workflows. - The UI no longer depends on prototype-only mock behavior for any core workflow. - Build and run instructions exist for desktop, and packaging guidance exists for Android. - `go test ./...` passes. - `go tool golangci-lint run ./...` passes.