# Desktop Automation Decision ## Decision KeePassGO will not implement KeePass-style auto-type as its primary desktop automation mechanism. The secure gRPC API is the replacement integration surface for trusted desktop automation, browser extensions, and local helper tools. ## Why - The gRPC API gives a narrower and more explicit trust boundary than synthetic key injection. - Browser and local automation clients can request exactly the credential operation they need: - list entries - list groups - list templates - create and mutate entries - copy fields - manage attachments - generate passwords - A typed authenticated API is easier to test and reason about than fake keystroke delivery to arbitrary windows. - Synthetic typing is platform-specific, fragile, and substantially harder to make safe across Linux, Windows, and future Android support. - The product requirement is integration capability comparable in purpose to KeePass auto-type, not literal keystroke emulation. ## Product Consequences - Trusted desktop automation should be implemented as clients of the gRPC service. - Browser integrations should target the gRPC API rather than ad hoc local protocols. - UI workflows may still provide copy-to-clipboard behavior for direct human use. - If a future use case demonstrates that gRPC plus clipboard is insufficient, native desktop automation can be reconsidered as a secondary capability, not as the baseline integration model. ## Exit-Criteria Impact This document is the explicit resolution of the desktop automation requirement from [`AGENTS.md`](../AGENTS.md) and [`TODO.md`](../TODO.md): - desktop automation is resolved by design - the secure gRPC interface is the superseding trusted integration surface