196 lines
7.9 KiB
Markdown
196 lines
7.9 KiB
Markdown
# TODO
|
|
|
|
## Single Completion Plan
|
|
|
|
KeePassGO is not complete until every required capability in [`AGENTS.md`](./AGENTS.md) is implemented, verified, and integrated into the product.
|
|
This plan is intentionally a single plan with a single exit gate. It is not divided into phases or milestone buckets.
|
|
|
|
## Remaining Work
|
|
|
|
- Finish real application-state ownership.
|
|
- Keep application state as the single source of truth for:
|
|
- current session
|
|
- vault open or locked status
|
|
- current group path
|
|
- selected entry or template
|
|
- search query
|
|
- dirty state
|
|
- error and loading state
|
|
- Remove remaining direct UI-owned mutation of product state.
|
|
- Ensure all list, detail, breadcrumb, group, and selection behavior derives from the controller and session layers.
|
|
|
|
- Finish local and remote database lifecycle UX.
|
|
- Add create new vault flow.
|
|
- Add open local vault flow.
|
|
- Add open remote WebDAV vault flow.
|
|
- Add save current vault.
|
|
- Add save-as local vault flow.
|
|
- Add lock and unlock flows.
|
|
- Add visible handling for:
|
|
- invalid master key
|
|
- unreadable file
|
|
- decode failure
|
|
- WebDAV conflict
|
|
- missing path or target
|
|
- Add dirty-state protection around destructive navigation.
|
|
|
|
- Finish master-key and security configuration behavior.
|
|
- Add password-only setup.
|
|
- Add key-file-only setup.
|
|
- Add composite password plus key-file setup.
|
|
- Add UI and controller behavior for selecting or changing master-key mode.
|
|
- Preserve supported KDBX security and KDF settings when loading and saving.
|
|
- Document any unsupported settings explicitly.
|
|
|
|
- Finish entry CRUD as a real product workflow.
|
|
- Add create entry.
|
|
- Add edit entry.
|
|
- Add duplicate entry.
|
|
- Add delete entry to recycle bin.
|
|
- Add restore entry from recycle bin.
|
|
- Add entry history browsing.
|
|
- Add restore historical version behavior.
|
|
- Add editing for:
|
|
- title
|
|
- username
|
|
- password
|
|
- URL
|
|
- notes
|
|
- tags
|
|
- custom fields
|
|
- Add reveal and hide password behavior in the actual product flow, not only the prototype view.
|
|
|
|
- Finish template workflows.
|
|
- Add create template.
|
|
- Add edit template.
|
|
- Add delete template.
|
|
- Add template browsing UI.
|
|
- Add instantiate-template workflow with override support.
|
|
- Ensure template behavior is available through both UI and gRPC surfaces.
|
|
|
|
- Finish group and path management.
|
|
- Add create group.
|
|
- Add rename group.
|
|
- Add delete group.
|
|
- Add move entry between groups.
|
|
- Add move template between groups if supported.
|
|
- Make breadcrumb and group navigation controller-driven throughout the product.
|
|
- Make templates and recycle-bin locations explicit and navigable.
|
|
|
|
- Finish search behavior.
|
|
- Support current-group listing.
|
|
- Support global search.
|
|
- Keep visible path context in results.
|
|
- Define and implement search behavior for:
|
|
- templates
|
|
- recycle bin
|
|
- Add clear and reset behavior.
|
|
- Ensure search works consistently in desktop and phone layouts.
|
|
|
|
- Finish data transfer behavior.
|
|
- Keep copy username, copy password, and copy URL available through the UI.
|
|
- Keep those behaviors available through gRPC.
|
|
- Add product behavior for clipboard feedback.
|
|
- Decide and implement timed clipboard clearing if used.
|
|
- Ensure errors and logs do not leak secret contents.
|
|
|
|
- Finish attachments UX.
|
|
- Add attach file to entry.
|
|
- Add list attachments.
|
|
- Add export or download attachment.
|
|
- Add replace attachment.
|
|
- Add remove attachment.
|
|
- Add size and error handling.
|
|
- Add file selection abstraction appropriate for desktop and future Android support.
|
|
|
|
- Finish password generation UX.
|
|
- Expose profile-based password generation in the UI.
|
|
- Allow generated passwords to flow directly into create and edit entry workflows.
|
|
- Keep generation behavior exposed through gRPC.
|
|
|
|
- Finish gRPC as the first-class trusted integration surface.
|
|
- Add open, save, lock, and unlock RPCs.
|
|
- Add current session status RPC.
|
|
- Add group listing and group mutation RPCs.
|
|
- Add history listing and history restore RPCs.
|
|
- Add attachment listing, upload, and download RPCs.
|
|
- Add template CRUD RPCs where missing.
|
|
- Keep authentication and error contracts consistent across all methods.
|
|
- Keep the API independent of UI state.
|
|
|
|
- Resolve the desktop automation requirement.
|
|
- Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type,
|
|
- or document, in-repo, that the secure gRPC interface supersedes it and why.
|
|
- The decision must be explicit and committed.
|
|
|
|
- Finish accessibility and keyboard-first behavior.
|
|
- Add keyboard navigation across:
|
|
- list
|
|
- detail
|
|
- search
|
|
- breadcrumbs
|
|
- dialogs
|
|
- Add keyboard shortcuts for:
|
|
- search
|
|
- save
|
|
- lock
|
|
- create entry
|
|
- copy username
|
|
- copy password
|
|
- copy URL
|
|
- Add visible focus states.
|
|
- Improve screen-reader-conscious labeling where the toolkit allows it.
|
|
- Verify high-DPI behavior.
|
|
|
|
- Finish UI completion and polish.
|
|
- Replace remaining prototype-only behavior.
|
|
- Add empty states.
|
|
- Add loading states.
|
|
- Add error states.
|
|
- Add recycle-bin view.
|
|
- Add template view.
|
|
- Add lock screen.
|
|
- Add master-key prompt screens.
|
|
- Add save-conflict surfaces.
|
|
- Keep desktop information-dense.
|
|
- Keep phone layout optimized for low tap count.
|
|
|
|
- Finish packaging and runnable-product shape.
|
|
- Keep the desktop app runnable from the repo.
|
|
- Add documented build and run instructions.
|
|
- Add packaging guidance for desktop release builds.
|
|
- Add Android packaging guidance with `gogio`.
|
|
- Add icon and application metadata placeholders.
|
|
|
|
- Finish integration and regression coverage.
|
|
- Add controller and UI behavior tests for completed workflows.
|
|
- Add gRPC integration tests for lifecycle and mutation flows.
|
|
- Add WebDAV conflict and reload coverage.
|
|
- Add attachment workflow coverage.
|
|
- Add history and recycle-bin integration coverage.
|
|
- Add regression coverage for stable entry IDs across reopen and remote save cycles.
|
|
|
|
## Exit Criteria
|
|
|
|
Do not stop until all of the following are true:
|
|
|
|
- KeePassGO can create, open, edit, save, save-as, lock, and unlock local KDBX databases through the UI.
|
|
- KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible handling of conflict and error states.
|
|
- KeePassGO supports master password, key file, and composite key workflows in the product, not just in storage helpers.
|
|
- KeePassGO preserves supported KDBX security and KDF settings and documents any unsupported settings.
|
|
- KeePassGO supports nested groups, path-aware navigation, and explicit template and recycle-bin navigation.
|
|
- KeePassGO supports entry create, edit, duplicate, delete, restore, history browse, and history restore through the UI.
|
|
- KeePassGO supports title, username, password, URL, notes, tags, and custom string fields through the UI.
|
|
- KeePassGO supports attachment add, remove, replace, list, and export through the UI.
|
|
- KeePassGO supports reusable templates through the UI and through the gRPC API.
|
|
- KeePassGO supports current-group listing, global search, and visible path context consistently across desktop and phone layouts.
|
|
- KeePassGO supports copy username, copy password, copy URL, and reveal or hide password behavior end to end.
|
|
- KeePassGO exposes password generation profiles through both UI and gRPC workflows.
|
|
- The secure gRPC API is broad enough for trusted automation and browser-extension style integration, including lifecycle and mutation operations.
|
|
- The desktop automation requirement is explicitly resolved, either by implementation or committed justification that gRPC supersedes it.
|
|
- Keyboard-first navigation and common shortcuts exist for the major product workflows.
|
|
- The UI no longer depends on prototype-only mock behavior for any core workflow.
|
|
- Build and run instructions exist for desktop, and packaging guidance exists for Android.
|
|
- `go test ./...` passes.
|
|
- `go tool golangci-lint run ./...` passes.
|