d-bis/smoa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
smoa/TODO.md
defiQUG 5a8c26cf5d Backend, sync, infra, docs: ETag, API versioning, k8s, web scaffold, Android 16, domain stubs 
- Backend: ShallowEtagHeaderFilter for /api/v1/*, API-VERSIONING.md, README (tenant, CORS, Flyway, ETag)
- k8s: backend-deployment.yaml (Deployment, Service, Secret/ConfigMap)
- Web: scaffold with directory pull, 304 handling, touch-friendly UI
- Android 16: ANDROID-16-TARGET.md; BuildConfig STUN/signaling, SMOAApplication configures InfrastructureManager
- Domain: CertificateManager revocation stub, ReportService signReports, ZeroTrust/ThreatDetection minimal docs
- TODO.md and IMPLEMENTATION_STATUS.md updated; communications README for endpoint config

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-10 20:37:01 -08:00

131 lines
7.4 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# SMOA Remaining and Optional Tasks
Single list of **remaining** and **optional** work. References: [BACKEND-GAPS-AND-ROADMAP.md](backend/docs/BACKEND-GAPS-AND-ROADMAP.md), [REQUIREMENTS-ALIGNMENT.md](docs/reference/REQUIREMENTS-ALIGNMENT.md), [PLATFORM-REQUIREMENTS.md](docs/reference/PLATFORM-REQUIREMENTS.md), [IMPLEMENTATION_STATUS.md](docs/status/IMPLEMENTATION_STATUS.md).
---
## Backend
### Remaining
- [x] **Prod profile and DB** Done: application-prod.yml, ddl-auto: validate, Flyway; document PostgreSQL in README.
- [x] **Unit/tenant scoping** Done: TenantFilter when smoa.tenant.require-unit=true; X-Unit required for /api/v1.
- [x] **Migrations** Done: Flyway, V1__baseline.sql, baseline-on-migrate.
### Optional
- [x] **Pagination** Done: @Parameter on PullController for since/limit.
- [x] **ETag / If-None-Match** Done: ShallowEtagHeaderFilter for /api/v1/*; GET list supports ETag and 304.
- [x] **Request ID** Done: RequestIdFilter (X-Request-Id, MDC).
- [x] **API versioning** Doc: backend/docs/API-VERSIONING.md (when to add v2, deprecation).
- [x] **Fix Gradle/Kotlin plugin** Resolve “plugin already on classpath with unknown version” so `./gradlew :backend:test` runs (root vs backend plugin alignment).
---
## Android app
### Remaining
- [x] **SyncService serialization** Done: Gson in core:common; serialize* produce JSON bytes.
- [x] **Pull on connect** Done: PullAPI + BackendPullAPI; startSync() runs pull when online and emits to pullResults (merge by observing modules).
- [x] **API key in app** Done: BuildConfig.SMOA_API_KEY, passed to BackendSyncAPI (build with -Psmoa.api.key=…).
- [x] **Android 16 doc** Done: [docs/reference/ANDROID-16-TARGET.md](docs/reference/ANDROID-16-TARGET.md). Actual SDK bump when AGP 8.5+ is adopted.
### Optional
- [ ] **Knox integration** If required, integrate Knox SDK (e.g. secure storage, VPN) for target devices; Knox API level 39 is supported on primary device.
- [ ] **WebRTC full integration** Replace WebRTCManager TODOs with actual PeerConnection, audio/video capture, and track setup when library is fully integrated.
- [ ] **Connection quality from WebRTC** Replace StubConnectionQualityMonitor with implementation that uses WebRTC `getStats()` (bandwidth, RTT, loss) and calls SmartRoutingService/AdaptiveCodecSelector.
- [x] **InfrastructureManager endpoints** Done: BuildConfig SMOA_STUN_URLS, SMOA_SIGNALING_URLS; SMOAApplication configures STUN and signaling at startup; TURN set programmatically (see modules/communications/README.md).
- [ ] **Screen sharing / file transfer** Implement TODOs in VideoTransport for screen sharing and file transfer in meetings.
- [ ] **SmartCardReader** Implement actual card detection, connection, disconnection (or remove if not required).
---
## iOS (last 3 generations)
### Remaining
- [ ] **iOS app project** Scaffold: [docs/ios/README.md](docs/ios/README.md). Create full app (Swift/SwiftUI) targeting iOS 15, 16, 17.
- [ ] **Keychain for API key** To implement in iOS app.
- [ ] **Offline queue** To implement in iOS app (queue sync when offline; retry when online).
### Optional
- [ ] **Face ID / Touch ID** Optional app unlock or sensitive-action auth.
- [ ] **Certificate pinning** Optional for API calls.
---
## Web Dapp (Desktop / Laptop + touch)
### Remaining
- [x] **Web scaffold expand** Done: [docs/web-scaffold/index.html](docs/web-scaffold/index.html) API info, health, **Pull directory** (GET /api/v1/directory, list display, 304 handling); vanilla JS, no build step. Full SPA (React/Vue/Svelte) remains optional.
- [ ] **Build and host** Build pipeline and HTTPS hosting when SPA is ready.
- [ ] **CORS** Configure backend `smoa.cors.allowed-origins` for web app origin(s) in production.
### Optional
- [ ] **Offline** Service Worker + Cache API; queue sync in IndexedDB/localStorage and flush when online.
- [ ] **PWA** Installable; optional offline shell.
---
## Infrastructure
### Optional
- [x] **Reverse proxy** Done: [nginx-smoa.conf.example](docs/infrastructure/nginx-smoa.conf.example), [docker-compose.yml](docker-compose.yml).
- [ ] **TURN / signaling** Host TURN and/or signaling for WebRTC if not using external services.
- [x] **k8s manifests** Done: [docs/infrastructure/k8s/backend-deployment.yaml](docs/infrastructure/k8s/backend-deployment.yaml) (Deployment, Service, optional Secret/ConfigMap).
---
## Domain / compliance (optional, by priority)
### High (requires approvals / provider selection)
- [ ] **NCIC/III integration** NCIC API (CJIS approval required).
- [ ] **ATF eTrace** ATF eTrace API (federal approval required).
- [ ] **eIDAS QTSP** Integrate with Qualified Trust Service Provider; qualified signatures, timestamps, EU Trust Lists.
### Medium
- [ ] **Digital signatures** Full BouncyCastle (or similar) signature generation/verification; certificate chain validation.
- [ ] **XML security** Apache Santuario; XMLDSig/XMLEnc for AS4 and compliance.
- [x] **CertificateManager.checkRevocationStatus** Stub clarified: returns UNKNOWN; extend with OCSP/CRL for production.
- [ ] **AS4 full implementation** Full AS4 message envelope, ebMS 3.0, WS-RM, receipts, CPA (see AS4Service TODOs).
- [x] **Report digital signature** Done: ReportService.signReports + minimal SHA-256 content-hash signature; full signing via dedicated service when needed.
- [ ] **Electronic seal** Actual seal verification (ElectronicSealService TODO).
### Lower / future
- [x] **ZeroTrustFramework** Replaced TODO with “Minimal implementation; extend for production”.
- [x] **ThreatDetection** Replaced TODOs with “Minimal implementation; extend for production”.
- [ ] **ATF form storage** Add entities and storage for ATF forms (ATFFormDatabase TODO).
- [ ] **NCIC query storage** Add entities for NCIC query storage (NCICQueryDatabase TODO).
- [ ] **Compliance gaps** Address domain-specific gaps in [COMPLIANCE_EVALUATION.md](docs/reference/COMPLIANCE_EVALUATION.md) (eIDAS QES, credential formats, barcode, NIBRS/UCR, etc.) per deployment priorities.
---
## Testing
### Optional
- [ ] **Backend tests** Fix Gradle plugin so `:backend:test` runs; add more integration tests as needed.
- [ ] **Android unit/integration** More unit tests for remaining modules; integration tests; UI tests; target 80%+ coverage where practical.
- [ ] **E2E** End-to-end tests for critical flows (sync, auth, meetings).
---
## Documentation
### Optional
- [x] **README/back-end** Done: Backend README lists DELETE/GET, rate limit, audit, Docker, tenant (smoa.tenant.require-unit), Request ID, Flyway, PostgreSQL prod, CORS (smoa.cors.allowed-origins), ETag.
- [x] **Timeline** Done: IMPLEMENTATION_STATUS.md “Next steps (short-term)” section added.
---
## Summary
| Area | Remaining | Optional |
|------------|-----------|----------|
| Backend | 0 | 2 |
| Android | 0 | 6 |
| iOS | 3 | 2 |
| Web Dapp | 2 | 2 |
| Infra | 0 | 2 |
| Domain | 0 | 12+ |
| Testing | 0 | 3 |
| Docs | 0 | 0 |
Use this file as the single checklist for remaining and optional work; link to it from [docs/README.md](docs/README.md) or [IMPLEMENTATION_STATUS.md](docs/status/IMPLEMENTATION_STATUS.md) as needed.
Reference in New Issue View Git Blame Copy Permalink