feat(phase-16): wire all 9 Phase 16 sources + VT/IX/ST API keys

cmd/recon.go

@@ -168,6 +168,8 @@ func buildReconEngine() *recon.Engine {
 		NetlasAPIKey:      firstNonEmpty(os.Getenv("NETLAS_API_KEY"), viper.GetString("recon.netlas.api_key")),
 		BinaryEdgeAPIKey:  firstNonEmpty(os.Getenv("BINARYEDGE_API_KEY"), viper.GetString("recon.binaryedge.api_key")),
 		CircleCIToken:        firstNonEmpty(os.Getenv("CIRCLECI_TOKEN"), viper.GetString("recon.circleci.token")),
+		VirusTotalAPIKey:     firstNonEmpty(os.Getenv("VIRUSTOTAL_API_KEY"), viper.GetString("recon.virustotal.api_key")),
+		IntelligenceXAPIKey:  firstNonEmpty(os.Getenv("INTELLIGENCEX_API_KEY"), viper.GetString("recon.intelligencex.api_key")),
 		SecurityTrailsAPIKey: firstNonEmpty(os.Getenv("SECURITYTRAILS_API_KEY"), viper.GetString("recon.securitytrails.api_key")),
 	}
 	sources.RegisterAll(e, cfg)

pkg/recon/sources/register.go

@@ -52,7 +52,9 @@ type SourcesConfig struct {
 	// Phase 14: CI/CD source tokens.
 	CircleCIToken string
 
-	// Phase 16: DNS/threat intel source tokens.
+	// Phase 16: Threat intel + DNS API keys.
+	VirusTotalAPIKey     string
+	IntelligenceXAPIKey  string
 	SecurityTrailsAPIKey string
 
 	// Registry drives query generation for every source via BuildQueries.
@@ -294,4 +296,22 @@ func RegisterAll(engine *recon.Engine, cfg SourcesConfig) {
 		Registry: reg,
 		Limiters: lim,
 	})
+
+	// Phase 16: Threat intelligence sources.
+	engine.Register(&VirusTotalSource{
+		APIKey:   cfg.VirusTotalAPIKey,
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&IntelligenceXSource{
+		APIKey:   cfg.IntelligenceXAPIKey,
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&URLhausSource{Registry: reg, Limiters: lim})
+
+	// Phase 16: API marketplace sources (credentialless).
+	engine.Register(&PostmanSource{Registry: reg, Limiters: lim})
+	engine.Register(&SwaggerHubSource{Registry: reg, Limiters: lim})
+	engine.Register(&RapidAPISource{Registry: reg, Limiters: lim})
 }