Roadmap - Githubissues

Documentation

General
- [ ] Add list of goals and non-goals for the project
- [ ] Identify use-cases and non-use cases
- [ ] Identify threat models (based on who they apply to: end-users, application developers, e2esdk developers)
Cryptography
- [x] Encodings
- [x] Signatures
- [x] Identity
- [x] Public key authentication
- [ ] Cipher suite
- [ ] Keychain items
- [ ] Sharing
- [x] Form data handling
Components
- [ ] Server
- [x] Swagger/OpenAPI docs (#12)
- [ ] How to deploy the Docker image
- [x] Client (#20)
- [ ] Devtools

[ ] Password derivation (Argon2id) for authentication (#19)
[ ] Secret splitting (Shamir Secret Sharing) for recovery
[x] PAKE for online authentication (OPAQUE)
[x] Form data handling
[x] ~Separate~ Consolidate cryptographic layer:
- ~@e2esdk/crypto-core for common code (codecs, utils)~
- ~@e2esdk/crypto-lite for TweetNaCl-based ingestion operations (sealed box, secret box)~
- ~@e2esdk/crypto-sodium for complete Sodium-based operations~
- ~@e2esdk/crypto-forms for higher-level form data encryption~ Note: it is preferable to focus on a single ciphersuite to avoid rolling out missing algorithms on a "lite" version that will only save a few KiB. So everything should be part of a single cryptographic library.

[x] Real-time notifications via WebSocket ~+ SharedWorker, gracefully degraded to polling where SW aren't available.~ (#8)
[ ] Configure persistance ("remember me for N days")

[x] Investigate passing a live Client as "props" rather than creating a dedicated one
[x] Fix usage in SSR frameworks (Next.js)
[ ] Allow configuring position & size, for static panel vs drawer behaviour

[x] Add CI
[x] ~Investigate Changesets for versioning packages~ -> Using semantic release instead
[x] Investigate Verdaccio for local NPM deployment testing (#11)
[x] Deploy to ~SocialGouv's internal NPM registry~ for testing -> deployed to public NPM registry, under the @socialgouv organisation
[x] Deploy Docker image to SocialGouv's container registry
[x] Add CD