Files
keepassgo/TODO.md
T
2026-03-29 11:04:38 -07:00

7.9 KiB

TODO

Single Completion Plan

KeePassGO is not complete until every required capability in AGENTS.md is implemented, verified, and integrated into the product. This plan is intentionally a single plan with a single exit gate. It is not divided into phases or milestone buckets.

Remaining Work

  • Finish real application-state ownership.

    • Keep application state as the single source of truth for:
      • current session
      • vault open or locked status
      • current group path
      • selected entry or template
      • search query
      • dirty state
      • error and loading state
    • Remove remaining direct UI-owned mutation of product state.
    • Ensure all list, detail, breadcrumb, group, and selection behavior derives from the controller and session layers.
  • Finish local and remote database lifecycle UX.

    • Add create new vault flow.
    • Add open local vault flow.
    • Add open remote WebDAV vault flow.
    • Add save current vault.
    • Add save-as local vault flow.
    • Add lock and unlock flows.
    • Add visible handling for:
      • invalid master key
      • unreadable file
      • decode failure
      • WebDAV conflict
      • missing path or target
    • Add dirty-state protection around destructive navigation.
  • Finish master-key and security configuration behavior.

    • Add password-only setup.
    • Add key-file-only setup.
    • Add composite password plus key-file setup.
    • Add UI and controller behavior for selecting or changing master-key mode.
    • Preserve supported KDBX security and KDF settings when loading and saving.
    • Document any unsupported settings explicitly.
  • Finish entry CRUD as a real product workflow.

    • Add create entry.
    • Add edit entry.
    • Add duplicate entry.
    • Add delete entry to recycle bin.
    • Add restore entry from recycle bin.
    • Add entry history browsing.
    • Add restore historical version behavior.
    • Add editing for:
      • title
      • username
      • password
      • URL
      • notes
      • tags
      • custom fields
    • Add reveal and hide password behavior in the actual product flow, not only the prototype view.
  • Finish template workflows.

    • Add create template.
    • Add edit template.
    • Add delete template.
    • Add template browsing UI.
    • Add instantiate-template workflow with override support.
    • Ensure template behavior is available through both UI and gRPC surfaces.
  • Finish group and path management.

    • Add create group.
    • Add rename group.
    • Add delete group.
    • Add move entry between groups.
    • Add move template between groups if supported.
    • Make breadcrumb and group navigation controller-driven throughout the product.
    • Make templates and recycle-bin locations explicit and navigable.
  • Finish search behavior.

    • Support current-group listing.
    • Support global search.
    • Keep visible path context in results.
    • Define and implement search behavior for:
      • templates
      • recycle bin
    • Add clear and reset behavior.
    • Ensure search works consistently in desktop and phone layouts.
  • Finish data transfer behavior.

    • Keep copy username, copy password, and copy URL available through the UI.
    • Keep those behaviors available through gRPC.
    • Add product behavior for clipboard feedback.
    • Decide and implement timed clipboard clearing if used.
    • Ensure errors and logs do not leak secret contents.
  • Finish attachments UX.

    • Add attach file to entry.
    • Add list attachments.
    • Add export or download attachment.
    • Add replace attachment.
    • Add remove attachment.
    • Add size and error handling.
    • Add file selection abstraction appropriate for desktop and future Android support.
  • Finish password generation UX.

    • Expose profile-based password generation in the UI.
    • Allow generated passwords to flow directly into create and edit entry workflows.
    • Keep generation behavior exposed through gRPC.
  • Finish gRPC as the first-class trusted integration surface.

    • Add open, save, lock, and unlock RPCs.
    • Add current session status RPC.
    • Add group listing and group mutation RPCs.
    • Add history listing and history restore RPCs.
    • Add attachment listing, upload, and download RPCs.
    • Add template CRUD RPCs where missing.
    • Keep authentication and error contracts consistent across all methods.
    • Keep the API independent of UI state.
  • Resolve the desktop automation requirement.

    • Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type,
    • or document, in-repo, that the secure gRPC interface supersedes it and why.
    • The decision must be explicit and committed.
  • Finish accessibility and keyboard-first behavior.

    • Add keyboard navigation across:
      • list
      • detail
      • search
      • breadcrumbs
      • dialogs
    • Add keyboard shortcuts for:
      • search
      • save
      • lock
      • create entry
      • copy username
      • copy password
      • copy URL
    • Add visible focus states.
    • Improve screen-reader-conscious labeling where the toolkit allows it.
    • Verify high-DPI behavior.
  • Finish UI completion and polish.

    • Replace remaining prototype-only behavior.
    • Add empty states.
    • Add loading states.
    • Add error states.
    • Add recycle-bin view.
    • Add template view.
    • Add lock screen.
    • Add master-key prompt screens.
    • Add save-conflict surfaces.
    • Keep desktop information-dense.
    • Keep phone layout optimized for low tap count.
  • Finish packaging and runnable-product shape.

    • Keep the desktop app runnable from the repo.
    • Add documented build and run instructions.
    • Add packaging guidance for desktop release builds.
    • Add Android packaging guidance with gogio.
    • Add icon and application metadata placeholders.
  • Finish integration and regression coverage.

    • Add controller and UI behavior tests for completed workflows.
    • Add gRPC integration tests for lifecycle and mutation flows.
    • Add WebDAV conflict and reload coverage.
    • Add attachment workflow coverage.
    • Add history and recycle-bin integration coverage.
    • Add regression coverage for stable entry IDs across reopen and remote save cycles.

Exit Criteria

Do not stop until all of the following are true:

  • KeePassGO can create, open, edit, save, save-as, lock, and unlock local KDBX databases through the UI.
  • KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible handling of conflict and error states.
  • KeePassGO supports master password, key file, and composite key workflows in the product, not just in storage helpers.
  • KeePassGO preserves supported KDBX security and KDF settings and documents any unsupported settings.
  • KeePassGO supports nested groups, path-aware navigation, and explicit template and recycle-bin navigation.
  • KeePassGO supports entry create, edit, duplicate, delete, restore, history browse, and history restore through the UI.
  • KeePassGO supports title, username, password, URL, notes, tags, and custom string fields through the UI.
  • KeePassGO supports attachment add, remove, replace, list, and export through the UI.
  • KeePassGO supports reusable templates through the UI and through the gRPC API.
  • KeePassGO supports current-group listing, global search, and visible path context consistently across desktop and phone layouts.
  • KeePassGO supports copy username, copy password, copy URL, and reveal or hide password behavior end to end.
  • KeePassGO exposes password generation profiles through both UI and gRPC workflows.
  • The secure gRPC API is broad enough for trusted automation and browser-extension style integration, including lifecycle and mutation operations.
  • The desktop automation requirement is explicitly resolved, either by implementation or committed justification that gRPC supersedes it.
  • Keyboard-first navigation and common shortcuts exist for the major product workflows.
  • The UI no longer depends on prototype-only mock behavior for any core workflow.
  • Build and run instructions exist for desktop, and packaging guidance exists for Android.
  • go test ./... passes.
  • go tool golangci-lint run ./... passes.