ssh-workbench/docs/TODO.md

SSH Workbench — TODO

Updated: 2026-04-12 Status: Active development. Future ideas in FUTURE.md.

Recently Completed (2026-04-12)

• Full codebase audit 2026-04-12 — fifth audit (all modules). Fixed: C++ compiler hardening via cppFlags in lib-vault-crypto; removed dead Vt100Parser class and redundant XtermParser.sendPrimaryDA(); fixed SessionNotifier crash (first → firstOrNull); fixed keyboard modifiers not consumed on SwitchPage/ToggleNumBlock; removed dead fields (menuPopupActive, menuPopupItems, miniContainer, SETTINGS_OPENED); removed deprecated saveHostKeyFingerprint 3-arg overload; TAG → companion const val; Color(0xFF6E7979) → AppColors.Muted; version string from BuildConfig.VERSION_NAME; SubscriptionScreen back button a11y; KeyManagerViewModel error logging; TelnetSession.termType shadowing fix.
• Package name change — applicationId changed from com.roundingmobile.sshworkbench to com.roundingmobile.sshwb (Firebase auto-key conflict blocked Play Console registration). Namespace stays com.roundingmobile.sshworkbench. Registered in Google Play Console.
• Web platform scaffolding — www/ folder with Docker stack (nginx + Node.js/Express + MariaDB), landing page, login page (email/pw + OAuth), dashboard (vault + session logs). API routes for auth, vault CRUD, log management. MariaDB schema with users, vaults, logs, teams, permissions, snippets, audit_log.
• Vault settings export/import — optional "Include settings" checkbox (unchecked by default) in both Save Vault Locally and Export Vault. Exports 56 DataStore prefs (keyboard, display, QuickBar customization, HW actions). Import auto-restores settings. EXPORTABLE_*_KEYS lists in TerminalPrefsKeys define what's backed up.
• Jump chain pro message fix — upgrade dialog now says "Jump host chaining" instead of "Jump Host" so free users understand single jump hosts work, only chaining is pro-gated
• Free vault import gate — free users can only import local vault saves (MODE_LOCAL), not pro-exported vaults (MODE_PASSWORD/MODE_QR). Clear error message in 5 locales.
• Settings from terminal view — "Settings" item in tab bar + drawer bar kebab menus opens full SettingsScreen. Drawer content panel gets Settings row + compact about footer (app icon + version + developer).
• Scrollback truncation dialog — when user lowers scrollback value with active SSH/Telnet/Local sessions, confirmation dialog warns about history loss. ScreenBuffer.truncateHistory() trims oldest lines and clamps scroll offset.

Recently Completed (2026-04-11)

• Security audit 2026-04-11 — fourth full security audit (prod scope only). Fixed: FileLogger redacts PEM/Bearer; telnet cleartext warning card in EditConnectionScreen; migrateFromProApk() made internal + idempotent; host key fingerprints stored with <keyType>:<fingerprint> prefix (backward-compatible); URL scheme allowlist in MainActivity.onUrlTapped. Deferred: password String→CharArray refactor (HIGH, multi-file API change); purchase signature verification (already in TODO, needs Play Console RSA key); clipboard auto-clear timer (HIGH, needs UX). Full report in SecurityAudit.md.
• Hardware Key Actions — Settings → Terminal → Hardware Key Actions: full-screen ActionsScreen mapping Volume Up/Down + Shake to terminal actions (close session, font up/down, next/prev session, scroll up/down, custom key sequence). Single + double press support with configurable 200-500ms delay. Collapsible accordion cards. HardwareActionHandler.kt extracted from MainActivity. SessionEntry.onFontSizeRequest/onScrollRequest callback pattern.
• AppColors centralized palette — single source of truth in ui/theme/Theme.kt, all 15 screen files migrated from hardcoded Color(0xFFxxxxxx) to AppColors.X references
• Settings TopAppBar terminal style — all 13 TopAppBars across the app use the same dark terminal style (containerColor #10141A, teal Space Grotesk uppercase title, divider line)
• Settings restyle — section headers in teal Space Grotesk uppercase letter-spaced 13sp, About section with cropped pro launcher icon + centered branding, value vs description font distinction (mono for values, bodySmall for hints), Language moved from General to Display section
• Language Selection screen — LanguageScreen.kt full-screen with flag emojis, accent bar on selected, locale code in mono, fixed info card. EN/ES/FR/DE/SV translations (~590 strings each). Spanish marked as "Español (España)"
• Time format setting — Display → Time Format: Device default / 12-hour / 24-hour. resolveIs24h() helper in TimeFormatUtils, threaded through ConnectionListScreen → ConnectionItemCard
• Protocol-aware accent colors — connection cards use type-specific colors: green (SSH), amber (SFTP-only), violet (Telnet), sky blue (Local) for accent bar, dot, border, timer
• Local shell proper session IDs — startLocalShell now uses generated sessionId + savedConnectionId (was hardcoded 0L). Survives back-button, shows active on connection cards, supports multiple local shells
• Local shell startup commands — startup command execution + lastOutputTimeNs tracking added to local shell (was missing, caused 10s timeout)
• SFTP updates lastConnected — opening SFTP tab now updates lastConnected so connection sorts to top
• SFTP option SSH-only — "New SFTP Session" hidden for telnet and local connections
• Quick connect bar colors — $ icon, placeholder text, trailing icon now use #7A8888 (matching lock/key icon color)
• #3E4949 purged — replaced all uses with #7A8888, too dark on terminal palette
• Pulse animation tuned — green dot breathes 100%→60% over 2s (was 100%→30% over 1.2s)
• Connection list terminal redesign — Space Grotesk font, dark terminal palette (#10141A/#181C22), accent bars via drawWithContent, session badges (pill-style), no circle avatars, outline FAB, "$" quick-connect prefix, SSH_WORKBENCH branded title bar
• Auth cancel stops retries — pressing Cancel on password dialog immediately stops auth (no more 3x retry loop), session closes cleanly
• SFTP back button cd .. removed — system back no longer navigates up folders in SFTP browser, uses breadcrumb/".." entry instead

Recently Completed (2026-04-05 — 2026-04-06)

• Subscription model migration — replaced free/pro build flavors with single APK + Google Play Billing (monthly/yearly/lifetime)
• Dev/prod flavor split — dev flavor has ADB receiver + test infrastructure, prod has empty no-ops
• Dev .dev applicationId suffix — dev and prod can coexist on same device; yellow dev icon
• Dev all-pro features — dev ProFeaturesModule provides all features unlocked via flavor source set (no runtime checks)
• FLAG_SECURE settings — three granular options (Full App / Vault / Terminal) under Security, biometric-gated
• Keys & Vault screen — new nav screen combining SSH Keys, Save Vault Locally, Export/Import Vault
• Local vault save — device-bound encrypted backup (mode 0x03), password-only, device fingerprint verified on import
• Connection list toolbar — kebab menu replaced with direct Settings gear icon
• singleTask launch mode — fixes Home→icon returning to connection list instead of terminal
• QR scanner orientation — locked to portrait via setOrientationLocked(true)
• Vault import password bug — deserializeHosts set id=0, breaking credential/key/jumpHost re-linking
• DB reset to v1 — new package, no existing users, removed all 10 migrations
• Icon consolidation — removed Android robot foreground, using real W foreground PNG, teal/gold adaptive icons
• Active session timer — live timer on connection cards no longer gated behind sessionTracking (pro); always visible
• Log icons dev-only — copy/clear log buttons hidden in prod via DevConfig.DEV_DEFAULTS
• Deploy script cleanup — deployDuero.sh cleans all ssh-workbench*.apk, CopyApks filters stale APKs by mtime
• Key import validation — SSHKeyLoader validates imported keys, extracts real pubkey/fingerprint, ZIP support (zip4j)
• Settings card layout — Material 3 grouped cards, 7 sections, muted headers
• 20 color themes — added Ayu Dark, Catppuccin Mocha, Everforest Dark, Kanagawa, Material Dark, Nightfox, One Dark, Palenight, Rosé Pine, Tokyo Night + Nord Warm, Solarized Soft variants
• 10 terminal fonts — bundled JetBrains Mono, Fira Mono, Source Code Pro, Hack, Inconsolata, Cascadia Mono, PT Mono, Ubuntu Mono, DejaVu Sans Mono + System Mono
• Combined theme picker — ThemePickerSheet with color scheme combo, font combo, font size slider, live preview
• Cursor speed — Slow/Normal/Fast/Rapid with acceleration (2x at 5 repeats, 4x at 15)
• Cursor blink — 530ms blink with 15s idle auto-stop, resumes on input/output
• Terminal type per connection — TERM env var (xterm-256color/xterm/vt220/vt100/linux) in Edit Connection, DB v2
• Keep screen on wired — FLAG_KEEP_SCREEN_ON applied from preference (default OFF)
• Vault import in-place — VaultImportSheet hosted in KeysVaultScreen, no popBackStack
• Clickable radio/checkbox rows — VaultExportSheet, VaultImportSheet rows tappable on text
• configChanges — orientation|screenSize|smallestScreenSize|screenLayout prevents activity recreation on rotation
• Theme picker default label — EditConnection + tab bar dialogs now show actual global theme in Default (…) label; tab bar dialog uses all 20 themes with scrollable Default option
• Drawer back button — Back in terminal pane closes drawer first if drawer is open
• Mini numpad 15% width — widthPercent 10 → 15 in all three layout_qwerty*.json
• VP2 rotation phantom fix — KeyboardView.onSizeChanged rebuilds VP2 on any width transition including initial 0→actual layout; lastModifierStates cached for re-apply (Google Issue 175796502 workaround)
• Number row dropdown in portrait — KeyboardSettingsDialog now shows all 4 options (top/left/right/hidden) regardless of orientation
• NumBlok toggle on mini numpad — KeyDefinition.numLabel/numAction fields, KeyAction.ToggleNumBlock; mini last row has Num 0 \ which becomes PC-keypad nav when toggled
• Hardware keyboard auto-hide — Configuration.keyboard detection; CKB + QB hidden by default when BT/USB keyboard connects; kebab Show/Hide toggles both as a pair in HW kb mode
• Audit 2026-04-06 — KeyboardPageView smart-cast !! removal, SSHKeyLoader Ed25519 seed length require, vault_crypto.cpp plaintext secure_zero before ReleaseByteArrayElements in nativeEncrypt
• Server-driven auth — removed pre-connect password dialog; auth prompts only after TCP+KEX+host key; AuthPromptResult(responses, remember) in lib-ssh API; prompted-password fallback for servers that reject keyboard-interactive; 3-attempt retry (matching OpenSSH NumberOfPasswordPrompts); "Remember password" saves only on successful connect via pendingRememberPassword
• Legacy test lab documentation — docs/LEGACY_TEST_LAB.md (2165 lines): 56-system matrix, Dockerfiles, compose.yml, SIMH configs, systemd units, scripts, LAB_ROOT configurability, self-extracting doc

Open

• Configure subscription products in Google Play Console (ssh_workbench_monthly, ssh_workbench_yearly, ssh_workbench_lifetime)
• Test billing flow with Play Console test accounts
• Update TECHNICAL.md with billing architecture details
• Implement purchase signature verification (needs Play Console RSA key) — HIGH security finding from audit 2026-04-11
• Refactor SSHAuth.Password from String to CharArray — HIGH security finding from audit 2026-04-11, multi-file API change crossing lib-ssh and app
• Add clipboard auto-clear timer for sensitive copies — HIGH security finding from audit 2026-04-11, needs UX decisions
• Implement session logging — per-session toggle (tab 3-dot menu), global default OFF, ANSI-stripped text to ZIP, SAF folder picker, organized by connection alias. Solves tmux/screen buffer limitation. Design agreed 2026-04-12, see project_session_logging_design.md.
• Register dev app in Firebase Console for analytics/crashlytics on dev builds
• Create new Firebase project for com.roundingmobile.sshwb (old ssh-workbench project deleted, 30-day wait). Add SHA-1 and SHA-256 fingerprints. Download new google-services.json.
• Create Google Cloud project for web OAuth (Google + GitHub). Configure OAuth consent screen + credentials for sshworkbench.app.
• Wire up OAuth callback routes in Node.js API (Google + GitHub passport flow)
• Set up Docker on duero for full web stack deployment
• Web: documentation section with search (convert existing docs to web pages)
• Web: Stripe integration for Pro tier billing
• Web: team management UI (roles: Owner/Admin/Member/Viewer)
• Update CLAUDE.md and docs with new package name com.roundingmobile.sshwb