flaskpaste/TASKLIST.md

# Task List

Prioritized, actionable tasks. Each task is small and completable in one session.

---

## Priority 1: Ecosystem

| Status | Task
|--------|--------------------------------------------------------------
| ☐      | Create Ansible deployment role
| ☐      | Add Kubernetes manifests (Deployment, Service, ConfigMap)

## Priority 3: Quality

| Status | Task
|--------|--------------------------------------------------------------
| ☐      | Fix mypy type errors (currently ignored)

## Priority 4: Documentation

| Status | Task
|--------|--------------------------------------------------------------
| ☐      | Create CONTRIBUTING.md with development setup
| ☐      | Add PKI usage examples to documentation

## Completed

| Date       | Task
|------------|--------------------------------------------------------------
| 2024-12    | Enhance CI with security-tests job, SBOM generation, memory checks
| 2024-12    | Complete pentest remediation (CRYPTO-001, TIMING-001)
| 2024-12    | Complete pentest remediation (HASH-001, ENUM-001)
| 2024-12    | Complete pentest remediation (FLOOD-001, CLI-002, CLI-003, AUDIT-001)
| 2024-12    | Complete pentest remediation (RATE-001, RATE-002, CLI-001)
| 2024-12    | Complete pentest remediation (PROXY-001, BURN-001)
| 2024-12    | Create comprehensive penetration testing plan
| 2024-12    | Add systemd service unit example
| 2024-12    | Add rate limit headers (X-RateLimit-*)
| 2024-12    | Integrate PKI audit logging (CERT_ISSUED, CERT_REVOKED, AUTH_FAILURE)
| 2024-12    | Integrate request duration metrics (Prometheus histogram)
| 2024-12    | Add memory leak detection tests (tracemalloc)
| 2024-12    | Add concurrent paste creation tests
| 2024-12    | Add container deployment integration tests
| 2024-12    | Add tiered auto-expiry (anon/untrusted/trusted)
| 2024-12    | Add admin list all pastes (`--all` flag)
| 2024-12    | Add batch delete with confirmation (`--confirm N`)
| 2024-12    | Add admin rights for first PKI user
| 2024-12    | Add public certificate registration endpoint
| 2024-12    | Add CLI register command
| 2024-12    | Implement anti-flood (dynamic PoW difficulty)
| 2024-12    | Implement IP-based rate limiting
| 2024-12    | Add scheduled cleanup (pastes, hashes, rate limits)
| 2024-12    | Add CLI list/search/update/export commands
| 2024-12    | Add CLI PoW retry (max 5 attempts)
| 2024-12    | Add paste listing for authenticated users
| 2024-12    | Implement minimal PKI (CA, issuance, revocation)
| 2024-12    | Add security tooling (ruff, bandit, mypy, pip-audit)
| 2024-12    | Create Makefile with dev workflow targets
| 2024-12    | Setup CI/CD pipeline (Gitea Actions)
| 2024-12    | Fix all ruff lint issues
| 2024-12    | Optimize CI workflow (concurrency, job deps)
| 2024-12    | Add PKI commands to CLI (status, issue, revoke)
| 2024-12    | Implement burn-after-read option
| 2024-12    | Implement custom expiry per paste
| 2024-12    | Optimize Containerfile with multi-stage build
| 2024-12    | Implement E2E encryption in CLI (AES-256-GCM)
| 2024-12    | Implement entropy enforcement
| 2024-12    | Add /client endpoint for CLI download
| 2024-12    | Add URL prefix support
| 2024-12    | Implement proof-of-work spam prevention
| 2024-12    | Update documentation for v1.1.0
| 2024-12    | Add HEAD method for paste endpoints
| 2024-12    | Add SQLite WAL mode for better concurrency
| 2024-12    | Implement content-hash deduplication
| 2024-12    | Add X-Proxy-Secret validation
| 2024-12    | Add X-Request-ID tracing
| 2024-11    | Implement security headers
| 2024-11    | Add client certificate authentication
| 2024-11    | Create test suite

---

## Task Guidelines

- Tasks should be completable in < 2 hours
- Each task results in one atomic commit
- Mark ☑ when complete, move to Completed section
- Remove tasks that become irrelevant
- Pull new tasks from TODO.md as capacity allows