feat(14-03): wire 5 frontend leak sources in RegisterAll (40 -> 45 sources)

- Register SourceMapSource, WebpackSource, EnvLeakSource, SwaggerSource, DeployPreviewSource
- Update test expectations from 40 to 45 sources

pkg/recon/sources/integration_test.go

@@ -641,8 +641,8 @@ func TestRegisterAll_Phase12(t *testing.T) {
 	})
 
 	names := eng.List()
-	if n := len(names); n != 40 {
-		t.Fatalf("expected 40 sources from RegisterAll, got %d: %v", n, names)
+	if n := len(names); n != 45 {
+		t.Fatalf("expected 45 sources from RegisterAll, got %d: %v", n, names)
 	}
 
 	// Build lookup for source access.

pkg/recon/sources/register.go

@@ -56,8 +56,9 @@ type SourcesConfig struct {
 }
 
 // RegisterAll registers every Phase 10 code-hosting, Phase 11 search engine /
-// paste site, Phase 12 IoT scanner / cloud storage, and Phase 13 package
-// registry / container / IaC source on engine (40 sources total).
+// paste site, Phase 12 IoT scanner / cloud storage, Phase 13 package
+// registry / container / IaC, and Phase 14 frontend leak source on engine
+// (45 sources total).
 //
 // All sources are registered unconditionally so that cmd/recon.go can surface
 // the full catalog via `keyhunter recon list` regardless of which credentials
@@ -228,4 +229,11 @@ func RegisterAll(engine *recon.Engine, cfg SourcesConfig) {
 	engine.Register(&KubernetesSource{Registry: reg, Limiters: lim})
 	engine.Register(&TerraformSource{Registry: reg, Limiters: lim})
 	engine.Register(&HelmSource{Registry: reg, Limiters: lim})
+
+	// Phase 14: Frontend leak sources (credentialless).
+	engine.Register(&SourceMapSource{Registry: reg, Limiters: lim})
+	engine.Register(&WebpackSource{Registry: reg, Limiters: lim})
+	engine.Register(&EnvLeakSource{Registry: reg, Limiters: lim})
+	engine.Register(&SwaggerSource{Registry: reg, Limiters: lim})
+	engine.Register(&DeployPreviewSource{Registry: reg, Limiters: lim})
 }

pkg/recon/sources/register_test.go

@@ -16,9 +16,9 @@ func registerTestRegistry() *providers.Registry {
 	})
 }
 
-// TestRegisterAll_WiresAllFortySources asserts that RegisterAll registers
-// every Phase 10 + Phase 11 + Phase 12 + Phase 13 source by its stable name on a fresh engine.
-func TestRegisterAll_WiresAllFortySources(t *testing.T) {
+// TestRegisterAll_WiresAllFortyFiveSources asserts that RegisterAll registers
+// every Phase 10-14 source by its stable name on a fresh engine.
+func TestRegisterAll_WiresAllFortyFiveSources(t *testing.T) {
 	eng := recon.NewEngine()
 	cfg := SourcesConfig{
 		Registry: registerTestRegistry(),
@@ -37,7 +37,9 @@ func TestRegisterAll_WiresAllFortySources(t *testing.T) {
 		"codeberg",
 		"codesandbox",
 		"crates",
+		"deploypreview",
 		"dockerhub",
+		"dotenv",
 		"duckduckgo",
 		"fofa",
 		"gcs",
@@ -64,8 +66,11 @@ func TestRegisterAll_WiresAllFortySources(t *testing.T) {
 		"s3",
 		"sandboxes",
 		"shodan",
+		"sourcemaps",
 		"spaces",
+		"swagger",
 		"terraform",
+		"webpack",
 		"yandex",
 		"zoomeye",
 	}
@@ -85,8 +90,8 @@ func TestRegisterAll_MissingCredsStillRegistered(t *testing.T) {
 		Limiters: recon.NewLimiterRegistry(),
 	})
 
-	if n := len(eng.List()); n != 40 {
-		t.Fatalf("expected 40 sources registered, got %d: %v", n, eng.List())
+	if n := len(eng.List()); n != 45 {
+		t.Fatalf("expected 45 sources registered, got %d: %v", n, eng.List())
 	}
 
 	// SweepAll with an empty config should filter out cred-gated sources