d-bis/smoa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f97e23592c69324903be04f409f2c758cb757d47
smoa/TODO.md

131 lines
7.4 KiB
Markdown
Raw Normal View History

Backend, sync, infra, docs: ETag, API versioning, k8s, web scaffold, Android 16, domain stubs - Backend: ShallowEtagHeaderFilter for /api/v1/*, API-VERSIONING.md, README (tenant, CORS, Flyway, ETag) - k8s: backend-deployment.yaml (Deployment, Service, Secret/ConfigMap) - Web: scaffold with directory pull, 304 handling, touch-friendly UI - Android 16: ANDROID-16-TARGET.md; BuildConfig STUN/signaling, SMOAApplication configures InfrastructureManager - Domain: CertificateManager revocation stub, ReportService signReports, ZeroTrust/ThreatDetection minimal docs - TODO.md and IMPLEMENTATION_STATUS.md updated; communications README for endpoint config Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-10 20:37:01 -08:00
# SMOA Remaining and Optional Tasks
Single list of **remaining** and **optional** work. References: [BACKEND-GAPS-AND-ROADMAP.md](backend/docs/BACKEND-GAPS-AND-ROADMAP.md), [REQUIREMENTS-ALIGNMENT.md](docs/reference/REQUIREMENTS-ALIGNMENT.md), [PLATFORM-REQUIREMENTS.md](docs/reference/PLATFORM-REQUIREMENTS.md), [IMPLEMENTATION_STATUS.md](docs/status/IMPLEMENTATION_STATUS.md).
---
## Backend
### Remaining
- [x] **Prod profile and DB** Done: application-prod.yml, ddl-auto: validate, Flyway; document PostgreSQL in README.
- [x] **Unit/tenant scoping** Done: TenantFilter when smoa.tenant.require-unit=true; X-Unit required for /api/v1.
- [x] **Migrations** Done: Flyway, V1__baseline.sql, baseline-on-migrate.
### Optional
- [x] **Pagination** Done: @Parameter on PullController for since/limit.
- [x] **ETag / If-None-Match** Done: ShallowEtagHeaderFilter for /api/v1/*; GET list supports ETag and 304.
- [x] **Request ID** Done: RequestIdFilter (X-Request-Id, MDC).
- [x] **API versioning** Doc: backend/docs/API-VERSIONING.md (when to add v2, deprecation).
- [x] **Fix Gradle/Kotlin plugin** Resolve “plugin already on classpath with unknown version” so `./gradlew :backend:test` runs (root vs backend plugin alignment).
---
## Android app
### Remaining
- [x] **SyncService serialization** Done: Gson in core:common; serialize* produce JSON bytes.
- [x] **Pull on connect** Done: PullAPI + BackendPullAPI; startSync() runs pull when online and emits to pullResults (merge by observing modules).
- [x] **API key in app** Done: BuildConfig.SMOA_API_KEY, passed to BackendSyncAPI (build with -Psmoa.api.key=…).
- [x] **Android 16 doc** Done: [docs/reference/ANDROID-16-TARGET.md](docs/reference/ANDROID-16-TARGET.md). Actual SDK bump when AGP 8.5+ is adopted.
### Optional
- [ ] **Knox integration** If required, integrate Knox SDK (e.g. secure storage, VPN) for target devices; Knox API level 39 is supported on primary device.
- [ ] **WebRTC full integration** Replace WebRTCManager TODOs with actual PeerConnection, audio/video capture, and track setup when library is fully integrated.
- [ ] **Connection quality from WebRTC** Replace StubConnectionQualityMonitor with implementation that uses WebRTC `getStats()` (bandwidth, RTT, loss) and calls SmartRoutingService/AdaptiveCodecSelector.
- [x] **InfrastructureManager endpoints** Done: BuildConfig SMOA_STUN_URLS, SMOA_SIGNALING_URLS; SMOAApplication configures STUN and signaling at startup; TURN set programmatically (see modules/communications/README.md).
- [ ] **Screen sharing / file transfer** Implement TODOs in VideoTransport for screen sharing and file transfer in meetings.
- [ ] **SmartCardReader** Implement actual card detection, connection, disconnection (or remove if not required).
---
## iOS (last 3 generations)
### Remaining
- [ ] **iOS app project** Scaffold: [docs/ios/README.md](docs/ios/README.md). Create full app (Swift/SwiftUI) targeting iOS 15, 16, 17.
- [ ] **Keychain for API key** To implement in iOS app.
- [ ] **Offline queue** To implement in iOS app (queue sync when offline; retry when online).
### Optional
- [ ] **Face ID / Touch ID** Optional app unlock or sensitive-action auth.
- [ ] **Certificate pinning** Optional for API calls.
---
## Web Dapp (Desktop / Laptop + touch)
### Remaining
- [x] **Web scaffold expand** Done: [docs/web-scaffold/index.html](docs/web-scaffold/index.html) API info, health, **Pull directory** (GET /api/v1/directory, list display, 304 handling); vanilla JS, no build step. Full SPA (React/Vue/Svelte) remains optional.
- [ ] **Build and host** Build pipeline and HTTPS hosting when SPA is ready.
- [ ] **CORS** Configure backend `smoa.cors.allowed-origins` for web app origin(s) in production.
### Optional
- [ ] **Offline** Service Worker + Cache API; queue sync in IndexedDB/localStorage and flush when online.
- [ ] **PWA** Installable; optional offline shell.
---
## Infrastructure
### Optional
- [x] **Reverse proxy** Done: [nginx-smoa.conf.example](docs/infrastructure/nginx-smoa.conf.example), [docker-compose.yml](docker-compose.yml).
- [ ] **TURN / signaling** Host TURN and/or signaling for WebRTC if not using external services.
- [x] **k8s manifests** Done: [docs/infrastructure/k8s/backend-deployment.yaml](docs/infrastructure/k8s/backend-deployment.yaml) (Deployment, Service, optional Secret/ConfigMap).
---
## Domain / compliance (optional, by priority)
### High (requires approvals / provider selection)
- [ ] **NCIC/III integration** NCIC API (CJIS approval required).
- [ ] **ATF eTrace** ATF eTrace API (federal approval required).
- [ ] **eIDAS QTSP** Integrate with Qualified Trust Service Provider; qualified signatures, timestamps, EU Trust Lists.
### Medium
- [ ] **Digital signatures** Full BouncyCastle (or similar) signature generation/verification; certificate chain validation.
- [ ] **XML security** Apache Santuario; XMLDSig/XMLEnc for AS4 and compliance.
- [x] **CertificateManager.checkRevocationStatus** Stub clarified: returns UNKNOWN; extend with OCSP/CRL for production.
- [ ] **AS4 full implementation** Full AS4 message envelope, ebMS 3.0, WS-RM, receipts, CPA (see AS4Service TODOs).
- [x] **Report digital signature** Done: ReportService.signReports + minimal SHA-256 content-hash signature; full signing via dedicated service when needed.
- [ ] **Electronic seal** Actual seal verification (ElectronicSealService TODO).
### Lower / future
- [x] **ZeroTrustFramework** Replaced TODO with “Minimal implementation; extend for production”.
- [x] **ThreatDetection** Replaced TODOs with “Minimal implementation; extend for production”.
- [ ] **ATF form storage** Add entities and storage for ATF forms (ATFFormDatabase TODO).
- [ ] **NCIC query storage** Add entities for NCIC query storage (NCICQueryDatabase TODO).
- [ ] **Compliance gaps** Address domain-specific gaps in [COMPLIANCE_EVALUATION.md](docs/reference/COMPLIANCE_EVALUATION.md) (eIDAS QES, credential formats, barcode, NIBRS/UCR, etc.) per deployment priorities.
---
## Testing
### Optional
- [ ] **Backend tests** Fix Gradle plugin so `:backend:test` runs; add more integration tests as needed.
- [ ] **Android unit/integration** More unit tests for remaining modules; integration tests; UI tests; target 80%+ coverage where practical.
- [ ] **E2E** End-to-end tests for critical flows (sync, auth, meetings).
---
## Documentation
### Optional
- [x] **README/back-end** Done: Backend README lists DELETE/GET, rate limit, audit, Docker, tenant (smoa.tenant.require-unit), Request ID, Flyway, PostgreSQL prod, CORS (smoa.cors.allowed-origins), ETag.
- [x] **Timeline** Done: IMPLEMENTATION_STATUS.md “Next steps (short-term)” section added.
---
## Summary
| Area | Remaining | Optional |
|------------|-----------|----------|
| Backend | 0 | 2 |
| Android | 0 | 6 |
| iOS | 3 | 2 |
| Web Dapp | 2 | 2 |
| Infra | 0 | 2 |
| Domain | 0 | 12+ |
| Testing | 0 | 3 |
| Docs | 0 | 0 |
Use this file as the single checklist for remaining and optional work; link to it from [docs/README.md](docs/README.md) or [IMPLEMENTATION_STATUS.md](docs/status/IMPLEMENTATION_STATUS.md) as needed.
Reference in New Issue Copy Permalink