TODO_LIST

Items that I want/need to work on:

MVP is complete as of 2026-03-05. All 191 tests pass. Zero stdlib dependencies.
See MVP_ROADMAP.md for the full historical task list with completion status.

Post-MVP items remaining:
* None.

Completed post-MVP items:

* [DONE] Verify RFC 8259 compliance via JSONTestSuite (2026-03-17).
  Ran the full JSONTestSuite against the parser. All 283/283 tests pass with
  result "SUCCESS: Fully RFC 8259 Compliant!". The i_ (implementation-defined)
  files that were rejected (invalid UTF-8, UTF-16, lone continuation bytes,
  overlong sequences, BOM, 500-level nesting) reflect deliberate strict
  behaviour consistent with the library's design. Report saved to
  json_compliance_report.txt in the repository root.

* [DONE] Add libFuzzer fuzz target and CI job (2026-03-17).
  test/fuzz_target.c feeds arbitrary byte arrays into okj_parse() via the
  LLVMFuzzerTestOneInput entry point, compiled with clang -fsanitize=fuzzer,
  address,undefined. A dedicated 'fuzz' job in .github/workflows/ci.yml runs
  the fuzzer for 10 seconds (-max_total_time=10 -max_len=4096). The job passes
  with no crashes, ASan violations, or UBSan errors.

* [DONE] Remove OKJ_VALID_CHARS from ok_json.h or put it to use.
  The 96-element static const array is defined in the header but referenced
  nowhere in ok_json.c or the tests. As a static in a header it gets
  duplicated into every translation unit that includes the header, wasting
  ROM. Intended to be used for string character validation in the future.

* [DONE] Refactor all getter functions to output-parameter pattern (2026-03-17).
  All getters (okj_get_string, okj_get_number, okj_get_boolean, okj_get_array,
  okj_get_object, okj_get_token, okj_get_array_raw, okj_get_object_raw) now
  write results into caller-supplied output structs rather than returning them
  by value. This eliminates all stack-allocated struct returns and aligns with
  MISRA C:2012 output-parameter conventions.

* [DONE] Require explicit length params for all string/key inputs (2026-03-17).
  All getters that accept a key name now take an explicit uint16_t key_len
  parameter alongside the key pointer. Callers must pass the exact byte count;
  no implicit strlen() calls are made inside the library.

* [DONE] Apply MISRA C2012 single-return to okj_parse_value() (Rule 15.5).
  The function was refactored so all error paths set a single result variable
  and fall through to one return at the end, matching the pattern used in
  okj_parse(). Rule 15.5 suppression removed.

* [DONE] Apply MISRA C2012 final-else to all if...else if chains (Rule 15.4).
  All if...else if chains in okj_parse_value() and okj_validate_utf8_sequence()
  now end with a terminating else clause. Rule 15.4 suppression removed.

* [DONE] Resolve MISRA Rule 8.9 (block scope for objects with single-function scope).
  All constants previously defined at file scope with single-function use were
  moved to block scope. Rule 8.9 suppression removed.

* [DONE] Resolve MISRA Rule 19.1 (overlapping storage in copy/assignment).
  All copy and assignment operations were reviewed and refactored to eliminate
  any potential overlapping-object issues. Rule 19.1 suppression removed.

* [DONE] Resolve MISRA Rule 19.2 (union keyword should not be used).
  Any use of union was eliminated or replaced with an alternative representation.
  Rule 19.2 suppression removed.

* [DONE] Add OkjParseContext grammar context tracking (2026-03-15).
  New enum OkjParseContext tracks what the parser expects next (value, key,
  colon, separator/close) so structural errors such as trailing commas, missing
  colons, and non-string object keys are detected immediately during parsing.
  OkJsonParser carries a context field; depth_stack entries now encode both
  depth and expected next token.

* [DONE] Achieve 100% branch coverage (2026-03-15).
  gcov/gcovr analysis confirmed 100% branch coverage across ok_json.c. The
  okj_debug_print() function is excluded from coverage measurement.

* [DONE] Remove test/ok_json_test_runner.c (2026-03-15).
  The placeholder file (containing only "/* placeholder */") was deleted.
  The compiled binary is still named ok_json_test_runner but is produced from
  ok_json_tests.c, which contains main().

* [DONE] Add okj_validate_utf8_sequence() for full RFC 3629 UTF-8 validation
  (2026-03-15). Handles 2-, 3-, and 4-byte sequences; rejects overlong
  encodings (including the modified UTF-8 NUL 0xC0 0x80), surrogate code
  points (U+D800-U+DFFF), and truncated sequences. Integrated into the string
  scanner in okj_parse_value(). Supporting helpers: okj_is_utf8_continuation(),
  okj_is_hex_digit().

* [DONE] Create MISRA_C2012_COMPLIANCE.md (2026-03-15).
  Formal compliance tracking document based on cppcheck MISRA analysis results.
  All checked rules now pass; no suppressed rule exceptions remain. Project
  passes all current cppcheck MISRA C:2012 analysis checks.

* [DONE] Change test compilation to include src/ok_json.c directly (2026-03-15).
  test/ok_json_tests.c now has #include "../src/ok_json.c" at the top, giving
  the test binary full visibility into static helpers (okj_is_whitespace,
  okj_is_digit, okj_match, okj_skip_string, okj_count_array_elements, etc.)
  without any indirection. Enables accurate branch coverage with gcov/gcovr.

* [DONE] Implement fixed-size depth/state stack with bracket matching, depth
  ceiling, and container-type tracking (2026-03-10).
  OkJsonParser now carries a depth_stack[OKJ_MAX_DEPTH] array (OKJ_MAX_DEPTH=16)
  and a depth counter.  Opening '{' or '[' pushes the container type (OKJ_OBJECT
  or OKJ_ARRAY) and increments depth; exceeding the ceiling returns
  OKJ_ERROR_MAX_DEPTH_EXCEEDED (error code 18).  Closing '}' or ']' pops and
  validates the type, returning OKJ_ERROR_BRACKET_MISMATCH (error code 19) on
  any mismatch or underflow.  After the parse loop, depth != 0 returns
  OKJ_ERROR_UNEXPECTED_END to catch truncated input.  test_deeply_nested_at_limit
  was updated to test the depth ceiling; seven new tests were added covering
  bracket mismatch, extra close delimiters, unclosed containers, and correct
  mixed-nesting tracking.

* [DONE] Add test for deeply nested JSON input.
  test_deeply_nested_at_limit now exercises the depth-stack ceiling: N=16 levels
  (all 16 slots filled exactly) returns OKJ_SUCCESS; N=17 (overflow) returns
  OKJ_ERROR_MAX_DEPTH_EXCEEDED.

* [DONE] Add exponent notation support for numbers.
  The number scanner handles 'e'/'E' with optional sign and 1+ digits, per
  RFC 8259 §6.  Tests: test_number_exponent, test_number_invalid_exponent_no_digits.

* [DONE] Add more tests for boundary and error conditions.
  All originally listed additions are now covered:
    - Nested object inside object: test_nested_object
    - Nested array inside object: test_nested_array_in_object
    - Number with exponent: test_number_exponent
    - Empty object {} and empty array []: test_empty_object, test_empty_array
    - Key length at and above OKJ_MAX_STRING_LEN: test_key_exactly_64_chars,
      test_key_65_chars_error

* [DONE] Populate the count field in okj_get_array() and okj_get_object().
  Both functions now walk the raw JSON text to count array elements (by
  commas at depth 1) and object members (by colons at depth 1), with proper
  string skipping so structural characters inside quoted values are ignored.

* [DONE] Enforce OKJ_MAX_STRING_LEN during string parsing.
  The string scanner now breaks out of its scan loop when the running raw
  byte length reaches OKJ_MAX_STRING_LEN and returns
  OKJ_ERROR_MAX_STR_LEN_EXCEEDED.

* [DONE] Add string escape sequence handling.
  Both the main string scan loop in okj_parse_value() and the okj_skip_string()
  helper used by the count functions now recognise backslash escapes.  When a
  '\' is encountered, the scanner advances past it and the following character
  unconditionally, so that \" does not prematurely terminate a string and \\
  is counted as one escape unit rather than two separate characters.  Token
  start and length report raw bytes (escape sequences included), consistent
  with the rest of the API.