docs(README): add features & roadmap section

README.md

@@ -4,33 +4,43 @@
 
 ## Overview
 
-- TODO
+A free & open source alternative project management tool.
 
 ## Features
 
-TODO
+Currently citadel only offers basic task tracking through a Kanban board.
 
-## Browser support
+Currently you can do the following to tasks:
+
+- Add colors & named labels
+- Add due dates
+- Descriptions written in Markdown
+- Assign members
+- Checklists
+- Mark tasks as complete
 
 ## Installation
 
+
+## Roadmap
+
+This is a list of features that will eventually be added to Citadel in no particular order:
+
+- Add a calender tab overview of task due dates
+- Add lists tab overview of tasks (alternative view to Kanban )
+- Add gantt timeline view (with swimlanes)
+- Implemention list actions (copy, mass delete, etc)
+- Task sorting, filtering, and search
+- Custom fields
+- Automation rules
+- Wiki tab
+- Progress tab
+- Archive tasks, then option to delete instead of only being able to delete tasks
+- Keyboard shortcuts
+- Custom project backgrounds
+- Custom project colors
+- Portfolio view
+
 ## License
 
-## Authentication
 
-Uses a refresh_token and access_token system.
-
-The refresh_token is an opaque UUID based token. The access_token is a JWT
-token containing several claims such as `sub` & `roles`
-
-The refresh_token is stored in a database and is long lived (24 hours). It is sent to the client
-as a cookie set to be `HttpOnly`.
-
-The access_token is not stored in the database & is only stored in memory on the client side.
-It is short lived (5 minutes).
-
-The access_token is used to authenticate all endpoints except endpoints under /auth
-
-The access_token is refreshed using the refresh_token through the /auth/refresh_token endpoint.
-This endpoint takes in the refresh_token set VIA a cookie header & returns a new refresh_token & access_token
-if the refresh_token is still valid. The old refresh_token is invalidated.