flaskpaste/TODO.md

TODO

Unstructured intake buffer for ideas, issues, and observations. Items here are raw and unrefined. Actionable items should be promoted to TASKLIST.md.

---

Ideas

• Prometheus metrics endpoint (/metrics) for monitoring integration
• Structured JSON logging for log aggregation compatibility
• Burn-after-read paste option
• Custom expiry header for per-paste TTL
• Rate limit headers in responses (X-RateLimit-*)
• Paste compression for large text content
• ETag support for conditional requests
• Paste listing for authenticated users (their own pastes only)
• Neovim/Vim plugin for editor integration
• Webhook notifications for paste events

Observations

• Abuse prevention uses content-hash dedup + PoW + entropy enforcement
• SQLite WAL mode could improve concurrent read performance
• Container image size could be reduced with multi-stage build
• E2E encryption in CLI uses cryptography package (optional dependency)
• Entropy check has size threshold to avoid false positives on small data

Questions

• Should expired paste cleanup run in-process or via external cron?
• Is SQLite sufficient for anticipated load, or plan for PostgreSQL?
• Should burn-after-read pastes show in metadata before burn?
• Password-protected pastes: derive key from password or store hash?

Debt

• No integration tests for container deployment
• Missing test for concurrent paste creation
• Could add more deployment examples (Kubernetes, systemd)

External Dependencies

• Consider adding python-magic for better MIME detection (currently magic bytes only)
• Evaluate structlog for structured logging when implemented
• Look into prometheus-flask-exporter for metrics

---

Review weekly. Promote actionable items to TASKLIST.md. Archive or delete stale items.