Update todo's

Author: luukverhoeven

README.md

@@ -109,9 +109,18 @@ pentestagent/
 **License:** MIT
 
 ## TODO
-- Verify RAG end-to-end with a real LLM connection (not just mocks) to ensure retrieval is correctly injected during autonomous runs.
 
+### Feature Requests
+- **CIDR/Domain input** - Support for CIDR notation (e.g., 192.168.1.0/24) and domain-based target specification for bulk scanning
+- **XMap integration** - Integrate [XMap](https://github.com/idealeer/xmap) for high-speed IPv4 and IPv6 network scanning
+- **Application scanner (GRep2)** - Add application-level scanning capabilities
+- **Full JSON report export** - Generate comprehensive JSON reports suitable for storage in vector databases
+- **Gemini OAuth/user login support** - Add Google Gemini authentication via OAuth token similar to Claude Max account support (may require [Gemini CLI](https://github.com/google-gemini/gemini-cli) integration)
+
+### Testing & Validation
+- Verify RAG end-to-end with a real LLM connection (not just mocks) to ensure retrieval is correctly injected during autonomous runs.
 - Add an advanced pentest E2E test that exercises real LLM decision-making to validate smart tool selection and replanning under realistic conditions.
+- Add Metasploit E2E testing to validate exploit execution and post-exploitation workflows.
 - Add testing with LM Studio and a variety of local/hosted models to validate compatibility and performance.
 - Add advanced SQL injection pentest coverage against e2e targets to ensure the LLM is actively interacting and driving the workflow.
 - Add an e2e test against a Windows target with a known CVE exploit to verify discovery and interaction.