diff --git a/TODO.md b/TODO.md
index b7c2acf..e2751d5 100644
--- a/TODO.md
+++ b/TODO.md
@@ -9,4 +9,14 @@
 [x] Using a Rouille router, create `GET /main.css` and `GET /project-card.js` endpoints that returns the relevant files. Use the include_bytes! macro.
 [x] Create a `GET /projects` endpoint. Using Maud for markup generation, have this endpoint return an HTML page that shows all projects. Each project should be a `project-card` web component. Keep the page simple: no title or any buttons currently.
 [x] Create a `POST /projects` endpoint that accepts URL encoded data and creates a new project.
-[x] Create a `GET /new-project` endpoint that returns a HTML page with a project creation form. Keep it simple.
\ No newline at end of file
+[x] Create a `GET /new-project` endpoint that returns a HTML page with a project creation form. Keep it simple.
+[ ] Add .env file support using the dotenv crate. Load environment variables on server startup.
+[ ] Create a `GET /login` endpoint that returns a simple HTML login form (username and password fields).
+[ ] Create a `POST /login` endpoint that validates credentials against USERNAME and PASSWORD environment variables. On success, set a session cookie.
+[ ] Implement session management. Create a simple in-memory session store that tracks authenticated sessions by cookie token.
+[ ] Add authentication middleware or helper function to check if a request has a valid session cookie.
+[ ] Protect write endpoints (POST /projects, and any future write operations) with authentication. Redirect to /login if not authenticated.
+[ ] Add a login button to the front page (GET /projects) that links to /login.
+[ ] When logged in, show a "Create Project" button on the front page that links to /new-project.
+[ ] When logged in, add an edit icon to each project-card web component. Clicking the icon opens a dialog with a form to update the progress percentage and archive/unarchive the project.
+[ ] Create POST endpoints for updating project progress and archiving/unarchiving projects (these will be called from the edit dialog).
\ No newline at end of file