Entry point for coding agents working on KeeForge. This file is intentionally brief; most useful guidance now lives in folder-local README.md files next to the code.
- Native iOS KeePass manager for KDBX 4.x databases
- Swift 6, SwiftUI, iOS 17+,
@Observable, strict concurrency - XcodeGen build graph: edit
project.yml, then regenerateKeeForge.xcodeproj - Main targets:
KeeForge,KeeForgeAutoFill,KeeForgeTests,KeeForgeUITests - Current product areas: multi-database list, local and cloud-backed vaults, local edit/save groundwork, AutoFill, TOTP, passkeys, tip jar, screen protection
KeeForge/README.md— app-target map and cross-cutting flowsKeeForge/App/README.md— app lifecycle, root navigation, scene handlingKeeForge/Models/README.md— parser, writer, edit-draft, and core data-model guidanceKeeForge/Services/README.md— storage, local save, cloud sync, keychain, bookmarks, device integrationsKeeForge/ViewModels/README.md— list, unlock, save, search, sort, and TOTP state ownershipKeeForge/Views/README.md— screen ownership and UI/testing conventionsAutoFillExtension/README.md— extension constraints and shared-source notesKeeForgeTests/README.md— unit-test map and selection rulesKeeForgeUITests/README.md— XCUITest workflow and flake-avoidance guidanceTestFixtures/README.md— bundled databases, passwords, and key filesci_scripts/README.md— Xcode Cloud bootstrap behaviordocs/README.md— long-form specs, audits, and implementation notes
- Use
@Observable, notObservableObject/@Published. - Use
NavigationStack+NavigationPath, notNavigationView. - Keep crypto, parsing, and secret handling off the main thread.
- Treat
KeeForge/Models/KDBXParser.swift,KeeForge/Models/KDBXWriter.swift,KeeForge/Models/KDBXCrypto.swift,KeeForge/Models/DatabaseDraft.swift,KeeForge/Models/Entry.swift,KeeForge/Models/Group.swift,KeeForge/Models/EncryptedValue.swift, andKeeForge/Models/TOTPGenerator.swiftas stable core. Change them only for real bugs or intentional format/security work, and add focused tests. - No force unwraps outside tests.
- If you add, remove, or retarget source files, update
project.ymland runxcodegen generate. - When changing code shared with
AutoFillExtension, keep extension-safe imports/APIs and target membership in sync. - Preserve accessibility identifiers or update the relevant UI tests in the same change.
- Do not use MCP tools to run Xcode tests. Start a fresh
bashsession and run the test command there instead. - Update
CHANGELOG.mdfor feature or bug-fix commits. Add entries only under## Unreleased. It's okay to skip if the bug fix is for an unreleased feature.
- When asked for reference implementations, consult
https://github.com/keepassium/keepassiumandhttps://github.com/strongbox-password-safe/Strongbox.
- Prefer committing on the current branch, or on
mainif already there. Avoid creating new branches when possible, and push directly instead of waiting for a separate branch workflow.
xcodegen generate
xcodebuild build -project KeeForge.xcodeproj -scheme KeeForge \
-destination 'platform=iOS Simulator,name=iPhone 17 Pro'
xcodebuild test -project KeeForge.xcodeproj -scheme KeeForge \
-destination 'platform=iOS Simulator,name=iPhone 17 Pro' \
-only-testing:KeeForgeTests/DatabaseViewModelTests -quiet- Always prefer the smallest relevant test slice.
- Always use
-only-testing:. - Do not run the full UI suite unless explicitly asked.
- If Xcode reports stale project references after file moves, regenerate with
xcodegen generate.
- Secrets are re-encrypted in memory with a per-session
SymmetricKey; lock clears the session key and invalidatesEncryptedValueaccess. - Composite keys live in Keychain, not raw master passwords.
- Local saves compare the open-time SHA-512 before overwrite, create timestamped backups, and refresh the shared cached copy for AutoFill.
- App Group and security-scoped bookmark behavior affect both the app and AutoFill extension.
- Network access should stay limited to explicit product features such as cloud sync and opt-in favicon fetching.