Files
keepassgo/TODO.md
T
2026-03-29 11:04:38 -07:00

196 lines
7.9 KiB
Markdown

# TODO
## Single Completion Plan
KeePassGO is not complete until every required capability in [`AGENTS.md`](./AGENTS.md) is implemented, verified, and integrated into the product.
This plan is intentionally a single plan with a single exit gate. It is not divided into phases or milestone buckets.
## Remaining Work
- Finish real application-state ownership.
- Keep application state as the single source of truth for:
- current session
- vault open or locked status
- current group path
- selected entry or template
- search query
- dirty state
- error and loading state
- Remove remaining direct UI-owned mutation of product state.
- Ensure all list, detail, breadcrumb, group, and selection behavior derives from the controller and session layers.
- Finish local and remote database lifecycle UX.
- Add create new vault flow.
- Add open local vault flow.
- Add open remote WebDAV vault flow.
- Add save current vault.
- Add save-as local vault flow.
- Add lock and unlock flows.
- Add visible handling for:
- invalid master key
- unreadable file
- decode failure
- WebDAV conflict
- missing path or target
- Add dirty-state protection around destructive navigation.
- Finish master-key and security configuration behavior.
- Add password-only setup.
- Add key-file-only setup.
- Add composite password plus key-file setup.
- Add UI and controller behavior for selecting or changing master-key mode.
- Preserve supported KDBX security and KDF settings when loading and saving.
- Document any unsupported settings explicitly.
- Finish entry CRUD as a real product workflow.
- Add create entry.
- Add edit entry.
- Add duplicate entry.
- Add delete entry to recycle bin.
- Add restore entry from recycle bin.
- Add entry history browsing.
- Add restore historical version behavior.
- Add editing for:
- title
- username
- password
- URL
- notes
- tags
- custom fields
- Add reveal and hide password behavior in the actual product flow, not only the prototype view.
- Finish template workflows.
- Add create template.
- Add edit template.
- Add delete template.
- Add template browsing UI.
- Add instantiate-template workflow with override support.
- Ensure template behavior is available through both UI and gRPC surfaces.
- Finish group and path management.
- Add create group.
- Add rename group.
- Add delete group.
- Add move entry between groups.
- Add move template between groups if supported.
- Make breadcrumb and group navigation controller-driven throughout the product.
- Make templates and recycle-bin locations explicit and navigable.
- Finish search behavior.
- Support current-group listing.
- Support global search.
- Keep visible path context in results.
- Define and implement search behavior for:
- templates
- recycle bin
- Add clear and reset behavior.
- Ensure search works consistently in desktop and phone layouts.
- Finish data transfer behavior.
- Keep copy username, copy password, and copy URL available through the UI.
- Keep those behaviors available through gRPC.
- Add product behavior for clipboard feedback.
- Decide and implement timed clipboard clearing if used.
- Ensure errors and logs do not leak secret contents.
- Finish attachments UX.
- Add attach file to entry.
- Add list attachments.
- Add export or download attachment.
- Add replace attachment.
- Add remove attachment.
- Add size and error handling.
- Add file selection abstraction appropriate for desktop and future Android support.
- Finish password generation UX.
- Expose profile-based password generation in the UI.
- Allow generated passwords to flow directly into create and edit entry workflows.
- Keep generation behavior exposed through gRPC.
- Finish gRPC as the first-class trusted integration surface.
- Add open, save, lock, and unlock RPCs.
- Add current session status RPC.
- Add group listing and group mutation RPCs.
- Add history listing and history restore RPCs.
- Add attachment listing, upload, and download RPCs.
- Add template CRUD RPCs where missing.
- Keep authentication and error contracts consistent across all methods.
- Keep the API independent of UI state.
- Resolve the desktop automation requirement.
- Either implement a desktop login automation mechanism comparable in purpose to KeePass auto-type,
- or document, in-repo, that the secure gRPC interface supersedes it and why.
- The decision must be explicit and committed.
- Finish accessibility and keyboard-first behavior.
- Add keyboard navigation across:
- list
- detail
- search
- breadcrumbs
- dialogs
- Add keyboard shortcuts for:
- search
- save
- lock
- create entry
- copy username
- copy password
- copy URL
- Add visible focus states.
- Improve screen-reader-conscious labeling where the toolkit allows it.
- Verify high-DPI behavior.
- Finish UI completion and polish.
- Replace remaining prototype-only behavior.
- Add empty states.
- Add loading states.
- Add error states.
- Add recycle-bin view.
- Add template view.
- Add lock screen.
- Add master-key prompt screens.
- Add save-conflict surfaces.
- Keep desktop information-dense.
- Keep phone layout optimized for low tap count.
- Finish packaging and runnable-product shape.
- Keep the desktop app runnable from the repo.
- Add documented build and run instructions.
- Add packaging guidance for desktop release builds.
- Add Android packaging guidance with `gogio`.
- Add icon and application metadata placeholders.
- Finish integration and regression coverage.
- Add controller and UI behavior tests for completed workflows.
- Add gRPC integration tests for lifecycle and mutation flows.
- Add WebDAV conflict and reload coverage.
- Add attachment workflow coverage.
- Add history and recycle-bin integration coverage.
- Add regression coverage for stable entry IDs across reopen and remote save cycles.
## Exit Criteria
Do not stop until all of the following are true:
- KeePassGO can create, open, edit, save, save-as, lock, and unlock local KDBX databases through the UI.
- KeePassGO can open and save remote WebDAV-backed KDBX databases through the UI, including visible handling of conflict and error states.
- KeePassGO supports master password, key file, and composite key workflows in the product, not just in storage helpers.
- KeePassGO preserves supported KDBX security and KDF settings and documents any unsupported settings.
- KeePassGO supports nested groups, path-aware navigation, and explicit template and recycle-bin navigation.
- KeePassGO supports entry create, edit, duplicate, delete, restore, history browse, and history restore through the UI.
- KeePassGO supports title, username, password, URL, notes, tags, and custom string fields through the UI.
- KeePassGO supports attachment add, remove, replace, list, and export through the UI.
- KeePassGO supports reusable templates through the UI and through the gRPC API.
- KeePassGO supports current-group listing, global search, and visible path context consistently across desktop and phone layouts.
- KeePassGO supports copy username, copy password, copy URL, and reveal or hide password behavior end to end.
- KeePassGO exposes password generation profiles through both UI and gRPC workflows.
- The secure gRPC API is broad enough for trusted automation and browser-extension style integration, including lifecycle and mutation operations.
- The desktop automation requirement is explicitly resolved, either by implementation or committed justification that gRPC supersedes it.
- Keyboard-first navigation and common shortcuts exist for the major product workflows.
- The UI no longer depends on prototype-only mock behavior for any core workflow.
- Build and run instructions exist for desktop, and packaging guidance exists for Android.
- `go test ./...` passes.
- `go tool golangci-lint run ./...` passes.