docs(13-04): complete RegisterAll wiring + integration test plan

- SUMMARY.md with 2 tasks, 3 files modified
- STATE.md advanced to plan 4/4, Phase 13 complete
- ROADMAP.md updated with Phase 13 completion
- REQUIREMENTS.md marked RECON-PKG/INFRA requirements complete

.planning/REQUIREMENTS.md

@@ -125,7 +125,7 @@ Requirements for initial release. Each maps to roadmap phases.
 
 ### OSINT/Recon — Package Registries
 
-- [ ] **RECON-PKG-01**: npm registry package scanning (download + extract + grep)
+- [x] **RECON-PKG-01**: npm registry package scanning (download + extract + grep)
 - [x] **RECON-PKG-02**: PyPI package scanning
 - [x] **RECON-PKG-03**: RubyGems, crates.io, Maven, NuGet, Packagist, Go proxy scanning
 

.planning/ROADMAP.md

@@ -24,7 +24,7 @@ Decimal phases appear between their surrounding integers in numeric order.
 - [x] **Phase 10: OSINT Code Hosting** - GitHub, GitLab, Bitbucket, HuggingFace and 6 more code hosting sources (completed 2026-04-05)
 - [x] **Phase 11: OSINT Search & Paste** - Search engine dorking and paste site aggregation (completed 2026-04-06)
 - [x] **Phase 12: OSINT IoT & Cloud Storage** - Shodan/Censys/ZoomEye/FOFA and S3/GCS/Azure cloud storage scanning (completed 2026-04-06)
-- [ ] **Phase 13: OSINT Package Registries & Container/IaC** - npm/PyPI/crates.io and Docker Hub/K8s/Terraform scanning
+- [x] **Phase 13: OSINT Package Registries & Container/IaC** - npm/PyPI/crates.io and Docker Hub/K8s/Terraform scanning (completed 2026-04-06)
 - [ ] **Phase 14: OSINT CI/CD Logs, Web Archives & Frontend Leaks** - Build logs, Wayback Machine, and JS bundle/env scanning
 - [ ] **Phase 15: OSINT Forums, Collaboration & Log Aggregators** - StackOverflow/Reddit/HN, Notion/Trello, Elasticsearch/Grafana/Sentry
 - [ ] **Phase 16: OSINT Threat Intel, Mobile, DNS & API Marketplaces** - VirusTotal/IntelX, APK scanning, crt.sh, Postman/SwaggerHub
@@ -272,10 +272,10 @@ Plans:
   5. `keyhunter recon --sources=terraform,helm,ansible` scans Terraform registry modules, Helm chart repositories, and Ansible Galaxy roles
 **Plans**: 4 plans
 Plans:
-- [ ] 13-01-PLAN.md — NpmSource + PyPISource + CratesIOSource + RubyGemsSource (RECON-PKG-01, RECON-PKG-02)
+- [x] 13-01-PLAN.md — NpmSource + PyPISource + CratesIOSource + RubyGemsSource (RECON-PKG-01, RECON-PKG-02)
 - [x] 13-02-PLAN.md — MavenSource + NuGetSource + GoProxySource + PackagistSource (RECON-PKG-02, RECON-PKG-03)
 - [x] 13-03-PLAN.md — DockerHubSource + KubernetesSource + TerraformSource + HelmSource (RECON-INFRA-01..04)
-- [ ] 13-04-PLAN.md — RegisterAll wiring + integration test (all Phase 13 reqs)
+- [x] 13-04-PLAN.md — RegisterAll wiring + integration test (all Phase 13 reqs)
 
 ### Phase 14: OSINT CI/CD Logs, Web Archives & Frontend Leaks
 **Goal**: Users can scan public CI/CD build logs, historical web snapshots from the Wayback Machine and CommonCrawl, and frontend JavaScript artifacts (source maps, webpack bundles, exposed .env files) for leaked API keys
@@ -355,7 +355,7 @@ Phases execute in numeric order: 1 → 2 → 3 → ... → 18
 | 10. OSINT Code Hosting | 9/9 | Complete    | 2026-04-06 |
 | 11. OSINT Search & Paste | 3/3 | Complete    | 2026-04-06 |
 | 12. OSINT IoT & Cloud Storage | 4/4 | Complete    | 2026-04-06 |
-| 13. OSINT Package Registries & Container/IaC | 2/4 | In Progress|  |
+| 13. OSINT Package Registries & Container/IaC | 4/4 | Complete   | 2026-04-06 |
 | 14. OSINT CI/CD Logs, Web Archives & Frontend Leaks | 0/? | Not started | - |
 | 15. OSINT Forums, Collaboration & Log Aggregators | 0/? | Not started | - |
 | 16. OSINT Threat Intel, Mobile, DNS & API Marketplaces | 0/? | Not started | - |

.planning/STATE.md

@@ -3,14 +3,14 @@ gsd_state_version: 1.0
 milestone: v1.0
 milestone_name: milestone
 status: executing
-stopped_at: Completed 13-03-PLAN.md
+stopped_at: Completed 13-04-PLAN.md
-last_updated: "2026-04-06T09:57:07.056Z"
+last_updated: "2026-04-06T10:04:38.664Z"
 last_activity: 2026-04-06
 progress:
   total_phases: 18
-  completed_phases: 12
+  completed_phases: 13
   total_plans: 73
-  completed_plans: 72
+  completed_plans: 74
   percent: 20
 ---
 
@@ -26,7 +26,7 @@ See: .planning/PROJECT.md (updated 2026-04-04)
 ## Current Position
 
 Phase: 13 (osint-package-registries) — EXECUTING
-Plan: 3 of 4
+Plan: 4 of 4
 Status: Ready to execute
 Last activity: 2026-04-06
 
@@ -95,6 +95,7 @@ Progress: [██░░░░░░░░] 20%
 | Phase 12 P04 | 14min | 2 tasks | 4 files |
 | Phase 13 P02 | 3min | 2 tasks | 8 files |
 | Phase 13 P03 | 5min | 2 tasks | 11 files |
+| Phase 13 P04 | 5min | 2 tasks | 3 files |
 
 ## Accumulated Context
 
@@ -140,6 +141,7 @@ Recent decisions affecting current work:
 - [Phase 13]: GoProxy regex requires domain dot to filter non-module paths; NuGet projectUrl fallback to nuget.org canonical
 - [Phase 13]: KubernetesSource uses Artifact Hub rather than Censys/Shodan dorking to avoid duplicating Phase 12 sources
 - [Phase 13]: RegisterAll extended to 32 sources (28 Phase 10-12 + 4 Phase 13 container/IaC)
+- [Phase 13]: RegisterAll extended to 40 sources (28 Phase 10-12 + 12 Phase 13); package registry sources credentialless, no new SourcesConfig fields
 
 ### Pending Todos
 
@@ -154,6 +156,6 @@ None yet.
 
 ## Session Continuity
 
-Last session: 2026-04-06T09:57:07.053Z
+Last session: 2026-04-06T10:04:38.660Z
-Stopped at: Completed 13-03-PLAN.md
+Stopped at: Completed 13-04-PLAN.md
 Resume file: None

.planning/phases/13-osint_package_registries_container_iac/13-04-SUMMARY.md

@@ -0,0 +1,104 @@
+---
+phase: 13-osint_package_registries_container_iac
+plan: 04
+subsystem: recon
+tags: [recon, osint, npm, pypi, crates, rubygems, maven, nuget, goproxy, packagist, dockerhub, k8s, terraform, helm, integration-test]
+
+requires:
+  - phase: 13-osint_package_registries_container_iac
+    provides: "All 12 individual Phase 13 source implementations (plans 01-03)"
+  - phase: 12-osint_iot_cloud_storage
+    provides: "RegisterAll with 28 sources, integration test framework"
+provides:
+  - "RegisterAll wiring all 40 sources (28 existing + 12 Phase 13)"
+  - "Integration test exercising all 40 sources via httptest SweepAll"
+affects: [14-osint-devops-ci, recon-engine, cmd-recon]
+
+tech-stack:
+  added: []
+  patterns: [prefix-based httptest mux routing for sources sharing API paths]
+
+key-files:
+  created: []
+  modified:
+    - pkg/recon/sources/register.go
+    - pkg/recon/sources/register_test.go
+    - pkg/recon/sources/integration_test.go
+
+key-decisions:
+  - "RegisterAll extended to 40 sources (28 Phase 10-12 + 12 Phase 13); package registry sources credentialless, no new SourcesConfig fields"
+
+patterns-established:
+  - "Phase 13 prefix routing: k8s and helm both use /api/v1/packages/search on Artifact Hub, integration test distinguishes via /k8s/ and /helm/ URL prefixes"
+
+requirements-completed: [RECON-PKG-01, RECON-PKG-02, RECON-PKG-03, RECON-INFRA-01, RECON-INFRA-02, RECON-INFRA-03, RECON-INFRA-04]
+
+duration: 5min
+completed: 2026-04-06
+---
+
+# Phase 13 Plan 04: RegisterAll Wiring + Integration Test Summary
+
+**Wire all 12 Phase 13 sources into RegisterAll (40 total) with full SweepAll integration test across httptest fixtures**
+
+## Performance
+
+- **Duration:** 5 min
+- **Started:** 2026-04-06T09:58:19Z
+- **Completed:** 2026-04-06T10:03:46Z
+- **Tasks:** 2
+- **Files modified:** 3
+
+## Accomplishments
+- RegisterAll now wires all 40 sources (28 existing + 8 package registries + 4 container/IaC)
+- register_test.go asserts exact 40-name alphabetically sorted list
+- Integration test exercises all 40 sources via single multiplexed httptest server with prefix routing
+
+## Task Commits
+
+Each task was committed atomically:
+
+1. **Task 1: Wire Phase 13 sources into RegisterAll and update register_test** - `c16f5fe` (feat)
+2. **Task 2: Extend integration test with Phase 13 httptest handlers** - `9b005e7` (test)
+
+## Files Created/Modified
+- `pkg/recon/sources/register.go` - Added 8 package registry + updated 4 container/IaC registrations (40 total)
+- `pkg/recon/sources/register_test.go` - Updated to assert 40 sources with complete sorted name list
+- `pkg/recon/sources/integration_test.go` - Added 12 httptest handlers and source registrations for Phase 13
+
+## Decisions Made
+- All Phase 13 sources are credentialless -- no new SourcesConfig fields needed
+- Used URL prefix routing (/npm/, /pypi/, /k8s/, /helm/, etc.) in integration test to multiplex all sources through single httptest server
+- k8s and helm share same Artifact Hub API path but distinguished by /k8s/ and /helm/ prefixes in test
+
+## Deviations from Plan
+
+### Auto-fixed Issues
+
+**1. [Rule 1 - Bug] Updated TestRegisterAll_Phase12 count from 32 to 40**
+- **Found during:** Task 1
+- **Issue:** TestRegisterAll_Phase12 in integration_test.go also asserted source count (32), which broke when RegisterAll grew to 40
+- **Fix:** Updated assertion from 32 to 40
+- **Files modified:** pkg/recon/sources/integration_test.go
+- **Verification:** All RegisterAll tests pass
+- **Committed in:** c16f5fe (part of Task 1 commit)
+
+---
+
+**Total deviations:** 1 auto-fixed (1 bug)
+**Impact on plan:** Necessary correction to keep existing tests green. No scope creep.
+
+## Issues Encountered
+None
+
+## User Setup Required
+None - no external service configuration required.
+
+## Next Phase Readiness
+- All 40 OSINT sources wired and tested through Phase 13
+- Ready for Phase 14 (DevOps/CI sources) to extend RegisterAll further
+- cmd/recon.go compiles cleanly with updated register.go
+
+---
+*Phase: 13-osint_package_registries_container_iac*
+*Completed: 2026-04-06*