# Task List

Prioritized, actionable tasks. Each task is small and completable in one session.

---

## Priority 1: Ecosystem

| Status | Task
|--------|--------------------------------------------------------------
| ☐      | Create Ansible deployment role
| ☐      | Add Kubernetes manifests (Deployment, Service, ConfigMap)
| ☐      | Add systemd service unit example

## Priority 2: Features

| Status | Task
|--------|--------------------------------------------------------------
| ☐      | Add rate limit headers (X-RateLimit-*)

## Priority 3: Quality

| Status | Task
|--------|--------------------------------------------------------------
| ☐      | Fix mypy type errors (currently ignored)
| ☐      | Add test for concurrent identical submissions
| ☐      | Add integration tests for container deployment

## Priority 4: Documentation

| Status | Task
|--------|--------------------------------------------------------------
| ☐      | Create CONTRIBUTING.md with development setup
| ☐      | Add PKI usage examples to documentation

## Completed

| Date       | Task
|------------|--------------------------------------------------------------
| 2024-12    | Add tiered auto-expiry (anon/untrusted/trusted)
| 2024-12    | Add admin list all pastes (`--all` flag)
| 2024-12    | Add batch delete with confirmation (`--confirm N`)
| 2024-12    | Add admin rights for first PKI user
| 2024-12    | Add public certificate registration endpoint
| 2024-12    | Add CLI register command
| 2024-12    | Implement anti-flood (dynamic PoW difficulty)
| 2024-12    | Implement IP-based rate limiting
| 2024-12    | Add scheduled cleanup (pastes, hashes, rate limits)
| 2024-12    | Add CLI list/search/update/export commands
| 2024-12    | Add CLI PoW retry (max 5 attempts)
| 2024-12    | Add paste listing for authenticated users
| 2024-12    | Implement minimal PKI (CA, issuance, revocation)
| 2024-12    | Add security tooling (ruff, bandit, mypy, pip-audit)
| 2024-12    | Create Makefile with dev workflow targets
| 2024-12    | Setup CI/CD pipeline (Gitea Actions)
| 2024-12    | Fix all ruff lint issues
| 2024-12    | Optimize CI workflow (concurrency, job deps)
| 2024-12    | Add PKI commands to CLI (status, issue, revoke)
| 2024-12    | Implement burn-after-read option
| 2024-12    | Implement custom expiry per paste
| 2024-12    | Optimize Containerfile with multi-stage build
| 2024-12    | Implement E2E encryption in CLI (AES-256-GCM)
| 2024-12    | Implement entropy enforcement
| 2024-12    | Add /client endpoint for CLI download
| 2024-12    | Add URL prefix support
| 2024-12    | Implement proof-of-work spam prevention
| 2024-12    | Update documentation for v1.1.0
| 2024-12    | Add HEAD method for paste endpoints
| 2024-12    | Add SQLite WAL mode for better concurrency
| 2024-12    | Implement content-hash deduplication
| 2024-12    | Add X-Proxy-Secret validation
| 2024-12    | Add X-Request-ID tracing
| 2024-11    | Implement security headers
| 2024-11    | Add client certificate authentication
| 2024-11    | Create test suite

---

## Task Guidelines

- Tasks should be completable in < 2 hours
- Each task results in one atomic commit
- Mark ☑ when complete, move to Completed section
- Remove tasks that become irrelevant
- Pull new tasks from TODO.md as capacity allows