Because KDBX is a gzipped and encrypted stream, this is actually fundamentally an issue with the spec itself. A client must re-encrypt and compress the file prior to writing because a mere append operation is not possible. SQLite solves this issue by allowing you to write with page level granularity rather than being forced to dump the whole file for a single tiny change!

It's a file in the 10-500kB and passwords are read way more often than added.

If it's even tracked as an implementation issue, it probably ranks very low and fixing this requires a lot of care not to screw up things with the safety and feature rollout.

That's probably a security feature.

i would say it’s the correct implementation as you can’t edit atomically. write and move is what you have to do

It's not an issue, write-new-and-swap is probably the best approach for this type of application.

You need format supporting append/edit first before you can implement it "right"