Merge branch 'worktree-agent-a853fbe0'
This commit is contained in:
salvacybersec
@@ -218,8 +218,8 @@ Requirements for initial release. Each maps to roadmap phases.
|
||||
|
||||
### Web Dashboard
|
||||
|
||||
- [ ] **WEB-01**: Embedded HTTP server (chi + htmx + Tailwind CSS)
|
||||
- [ ] **WEB-02**: Dashboard overview page with summary statistics
|
||||
- [x] **WEB-01**: Embedded HTTP server (chi + htmx + Tailwind CSS)
|
||||
- [x] **WEB-02**: Dashboard overview page with summary statistics
|
||||
- [ ] **WEB-03**: Scan history and scan detail pages
|
||||
- [ ] **WEB-04**: Key listing page with filtering and "Reveal Key" toggle
|
||||
- [ ] **WEB-05**: OSINT/Recon launcher and results page
|
||||
@@ -227,7 +227,7 @@ Requirements for initial release. Each maps to roadmap phases.
|
||||
- [ ] **WEB-07**: Dork management page
|
||||
- [ ] **WEB-08**: Settings configuration page
|
||||
- [ ] **WEB-09**: REST API (/api/v1/*) for programmatic access
|
||||
- [ ] **WEB-10**: Optional basic auth / token auth
|
||||
- [x] **WEB-10**: Optional basic auth / token auth
|
||||
- [ ] **WEB-11**: Server-Sent Events for live scan progress
|
||||
|
||||
### Telegram Bot
|
||||
|
||||
@@ -29,7 +29,7 @@ Decimal phases appear between their surrounding integers in numeric order.
|
||||
- [x] **Phase 15: OSINT Forums, Collaboration & Log Aggregators** - StackOverflow/Reddit/HN, Notion/Trello, Elasticsearch/Grafana/Sentry (completed 2026-04-06)
|
||||
- [x] **Phase 16: OSINT Threat Intel, Mobile, DNS & API Marketplaces** - VirusTotal/IntelX, APK scanning, crt.sh, Postman/SwaggerHub (completed 2026-04-06)
|
||||
- [x] **Phase 17: Telegram Bot & Scheduled Scanning** - Remote control bot and cron-based recurring scans with auto-notify (completed 2026-04-06)
|
||||
- [ ] **Phase 18: Web Dashboard** - Embedded htmx + Tailwind dashboard aggregating all subsystems with SSE live updates
|
||||
- [x] **Phase 18: Web Dashboard** - Embedded htmx + Tailwind dashboard aggregating all subsystems with SSE live updates (completed 2026-04-06)
|
||||
|
||||
## Phase Details
|
||||
|
||||
@@ -391,4 +391,4 @@ Phases execute in numeric order: 1 → 2 → 3 → ... → 18
|
||||
| 15. OSINT Forums, Collaboration & Log Aggregators | 2/4 | Complete | 2026-04-06 |
|
||||
| 16. OSINT Threat Intel, Mobile, DNS & API Marketplaces | 0/? | Complete | 2026-04-06 |
|
||||
| 17. Telegram Bot & Scheduled Scanning | 3/5 | Complete | 2026-04-06 |
|
||||
| 18. Web Dashboard | 0/? | Not started | - |
|
||||
| 18. Web Dashboard | 1/1 | Complete | 2026-04-06 |
|
||||
|
||||
@@ -3,14 +3,14 @@ gsd_state_version: 1.0
|
||||
milestone: v1.0
|
||||
milestone_name: milestone
|
||||
status: executing
|
||||
stopped_at: Completed 17-04-PLAN.md
|
||||
last_updated: "2026-04-06T14:50:49.687Z"
|
||||
stopped_at: Completed 18-01-PLAN.md
|
||||
last_updated: "2026-04-06T15:03:51.830Z"
|
||||
last_activity: 2026-04-06
|
||||
progress:
|
||||
total_phases: 18
|
||||
completed_phases: 15
|
||||
total_plans: 90
|
||||
completed_plans: 88
|
||||
completed_phases: 16
|
||||
total_plans: 91
|
||||
completed_plans: 89
|
||||
percent: 20
|
||||
---
|
||||
|
||||
@@ -102,6 +102,7 @@ Progress: [██░░░░░░░░] 20%
|
||||
| Phase 16 P01 | 4min | 2 tasks | 6 files |
|
||||
| Phase 17 P01 | 3min | 2 tasks | 4 files |
|
||||
| Phase 17 P04 | 3min | 2 tasks | 4 files |
|
||||
| Phase 18 P01 | 3min | 2 tasks | 9 files |
|
||||
|
||||
## Accumulated Context
|
||||
|
||||
@@ -156,6 +157,7 @@ Recent decisions affecting current work:
|
||||
- [Phase 16]: URLhaus tag lookup with payload endpoint fallback
|
||||
- [Phase 17]: telego v1.8.0 promoted from indirect to direct; context cancellation for graceful shutdown; rate limit 60s scan/verify/recon, 5s others
|
||||
- [Phase 17]: Separated format from send for testable notifications without telego mock
|
||||
- [Phase 18]: html/template over templ for v1; Tailwind CDN; nil-safe handlers; constant-time auth comparison
|
||||
|
||||
### Pending Todos
|
||||
|
||||
@@ -170,6 +172,6 @@ None yet.
|
||||
|
||||
## Session Continuity
|
||||
|
||||
Last session: 2026-04-06T14:34:18.710Z
|
||||
Stopped at: Completed 17-04-PLAN.md
|
||||
Last session: 2026-04-06T15:03:51.826Z
|
||||
Stopped at: Completed 18-01-PLAN.md
|
||||
Resume file: None
|
||||
|
||||
125
.planning/phases/18-web-dashboard/18-01-SUMMARY.md
Normal file
125
.planning/phases/18-web-dashboard/18-01-SUMMARY.md
Normal file
@@ -0,0 +1,125 @@
|
||||
---
|
||||
phase: 18-web-dashboard
|
||||
plan: 01
|
||||
subsystem: web
|
||||
tags: [chi, htmx, go-embed, html-template, auth-middleware, dashboard]
|
||||
|
||||
requires:
|
||||
- phase: 01-foundation
|
||||
provides: storage.DB, providers.Registry
|
||||
- phase: 09-osint-infrastructure
|
||||
provides: recon.Engine
|
||||
- phase: 08-dork-engine
|
||||
provides: dorks.Registry
|
||||
provides:
|
||||
- "pkg/web package with chi v5 router, embedded static assets, auth middleware"
|
||||
- "Overview dashboard page with stats from providers/recon/storage"
|
||||
- "Server struct with NewServer constructor, Config, Router(), ListenAndServe()"
|
||||
affects: [18-02, 18-03, 18-04, 18-05]
|
||||
|
||||
tech-stack:
|
||||
added: [chi v5.2.5, htmx v2.0.4]
|
||||
patterns: [go:embed for static assets and templates, html/template with layout pattern, nil-safe handler for optional dependencies]
|
||||
|
||||
key-files:
|
||||
created:
|
||||
- pkg/web/server.go
|
||||
- pkg/web/auth.go
|
||||
- pkg/web/handlers.go
|
||||
- pkg/web/embed.go
|
||||
- pkg/web/static/htmx.min.js
|
||||
- pkg/web/static/style.css
|
||||
- pkg/web/templates/layout.html
|
||||
- pkg/web/templates/overview.html
|
||||
- pkg/web/server_test.go
|
||||
modified:
|
||||
- go.mod
|
||||
- go.sum
|
||||
|
||||
key-decisions:
|
||||
- "html/template over templ for v1 per CONTEXT.md deferred decision"
|
||||
- "Tailwind via CDN for v1 rather than standalone CLI build step"
|
||||
- "Nil-safe handlers: overview works with zero Config (no DB, no providers)"
|
||||
- "AuthMiddleware uses crypto/subtle constant-time comparison for timing-attack resistance"
|
||||
|
||||
patterns-established:
|
||||
- "Web handler pattern: method on Server struct, nil-check dependencies before use"
|
||||
- "go:embed layout: static/ and templates/ subdirs under pkg/web/"
|
||||
- "Template composition: define layout + block content pattern"
|
||||
|
||||
requirements-completed: [WEB-01, WEB-02, WEB-10]
|
||||
|
||||
duration: 3min
|
||||
completed: 2026-04-06
|
||||
---
|
||||
|
||||
# Phase 18 Plan 01: Web Dashboard Foundation Summary
|
||||
|
||||
**chi v5 router with go:embed static assets (htmx, CSS), html/template layout, overview dashboard, and Basic/Bearer auth middleware**
|
||||
|
||||
## Performance
|
||||
|
||||
- **Duration:** 3 min
|
||||
- **Started:** 2026-04-06T14:59:54Z
|
||||
- **Completed:** 2026-04-06T15:02:56Z
|
||||
- **Tasks:** 2
|
||||
- **Files modified:** 9
|
||||
|
||||
## Accomplishments
|
||||
- chi v5.2.5 HTTP router with middleware stack (RealIP, Logger, Recoverer)
|
||||
- Vendored htmx v2.0.4, embedded via go:embed alongside CSS and HTML templates
|
||||
- Overview page with 4 stat cards (Total Keys, Providers, Recon Sources, Last Scan) and recent findings table
|
||||
- Auth middleware supporting Basic and Bearer token with constant-time comparison, no-op when unconfigured
|
||||
- 7 tests covering overview rendering, static serving, auth enforcement, and passthrough
|
||||
|
||||
## Task Commits
|
||||
|
||||
Each task was committed atomically:
|
||||
|
||||
1. **Task 1: chi v5 dependency + go:embed static assets + layout template** - `dd2c8c5` (feat)
|
||||
2. **Task 2 RED: failing tests for server/auth/overview** - `3541c82` (test)
|
||||
3. **Task 2 GREEN: implement server, auth, handlers** - `268a769` (feat)
|
||||
|
||||
## Files Created/Modified
|
||||
- `pkg/web/server.go` - chi router setup, NewServer constructor, ListenAndServe
|
||||
- `pkg/web/auth.go` - Basic auth and bearer token middleware with constant-time compare
|
||||
- `pkg/web/handlers.go` - Overview handler with OverviewData struct, nil-safe DB/provider access
|
||||
- `pkg/web/embed.go` - go:embed directives for static/ and templates/
|
||||
- `pkg/web/static/htmx.min.js` - Vendored htmx v2.0.4 (50KB)
|
||||
- `pkg/web/static/style.css` - Custom overrides for stat cards, findings table, nav
|
||||
- `pkg/web/templates/layout.html` - Base layout with nav bar, Tailwind CDN, htmx script
|
||||
- `pkg/web/templates/overview.html` - Dashboard with stat cards grid and findings table
|
||||
- `pkg/web/server_test.go` - 7 integration tests for server, auth, overview
|
||||
- `go.mod` / `go.sum` - Added chi v5.2.5
|
||||
|
||||
## Decisions Made
|
||||
- Used html/template (not templ) per CONTEXT.md deferred decision for v1
|
||||
- Tailwind via CDN rather than standalone build step for v1 simplicity
|
||||
- Nil-safe handlers allow server to start with zero config (no DB required)
|
||||
- Auth uses crypto/subtle.ConstantTimeCompare to prevent timing attacks
|
||||
|
||||
## Deviations from Plan
|
||||
|
||||
None - plan executed exactly as written.
|
||||
|
||||
## Issues Encountered
|
||||
None
|
||||
|
||||
## User Setup Required
|
||||
None - no external service configuration required.
|
||||
|
||||
## Known Stubs
|
||||
None - all data paths are wired to real sources (providers.Registry, recon.Engine, storage.DB) or gracefully show zeroes when dependencies are nil.
|
||||
|
||||
## Self-Check: PASSED
|
||||
|
||||
All 9 files verified present. All 3 commit hashes verified in git log.
|
||||
|
||||
## Next Phase Readiness
|
||||
- Server skeleton ready for Plans 02-05 to add keys page, providers page, API endpoints, SSE
|
||||
- Router exposed via Router() for easy route additions
|
||||
- Template parsing supports adding new .html files to templates/
|
||||
|
||||
---
|
||||
*Phase: 18-web-dashboard*
|
||||
*Completed: 2026-04-06*
|
||||
Reference in New Issue
Block a user