From 160b4e629232939834daae84c2f2a5ce8f050ee1 Mon Sep 17 00:00:00 2001
From: Space-Banane <paulwaehner923@gmail.com>
Date: Wed, 27 May 2026 21:49:09 +0200
Subject: [PATCH] feat: add initial TODO list with prioritized tasks and ideas
 for future development

---
 todo.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 todo.md

diff --git a/todo.md b/todo.md
new file mode 100644
index 0000000..9d8d8ec
--- /dev/null
+++ b/todo.md
@@ -0,0 +1,24 @@
+# TODO
+
+## P0
+- [Bug] Enforce single active desktop-control run (or a strict queue) so concurrent jobs cannot fight over the same mouse/keyboard/screen session.
+- [Bug] Fix run artifact collisions in `setup_artifacts()` (`run_id` is second-granularity, so two jobs in the same second can share/overwrite the same directory).
+- [Bug] Remove global logger handler clobbering in `setup_logger()` (`logging.getLogger("screenjob").handlers.clear()` breaks concurrent runs and can redirect logs to the wrong file).
+- [Bug] More consistent clicks and more uses of enhance images.
+
+## P1
+- [Bug] Validate `disabled_tools` against an allowlist and disallow disabling critical completion flow (`task_complete`) to avoid guaranteed step-limit failures.
+- [Bug] Improve `execute_command` cancellation/timeout handling to terminate full process trees, not only the parent shell process.
+- [Bug] Reduce API/UI token leakage risk by moving away from query-string token usage for websocket/artifact access where possible.
+- [Idea] Add per-token rate limiting and request size limits (objective length + payload bounds) for API hardening.
+
+## P2
+- [Bug] Fix UI event style mapping mismatch (`tool_called` events are emitted, but UI color map expects `tool_call`).
+- [Idea] Reduce monitoring UI backend load by throttling websocket-triggered refreshes and avoiding full job/event re-fetch on every event.
+- [Idea] Add cursor-based pagination for jobs/events instead of large fixed limits.
+- [Idea] Support offline/self-hosted UI assets (bundle Tailwind instead of CDN dependency).
+- [Idea] Add retention controls/pruning for old runs, screenshots, and DB rows.
+
+## P3
+- [Idea] Add Replay Mode; Ability to replay a session by reconstructing the screen from screenshots and overlaying tool calls and click and type events.
+- [Idea] Add lightweight analytics dashboards (success rate by objective category, avg steps/cost over time).