docs(09-01): complete recon framework foundation plan

2026-04-06 00:44:04 +03:00
parent 4dbc38dcc5
commit fb1e7f8bf5
1 changed files with 135 additions and 0 deletions
--- a/.planning/phases/09-osint-infrastructure/09-01-SUMMARY.md
+++ b/.planning/phases/09-osint-infrastructure/09-01-SUMMARY.md
@@ -0,0 +1,135 @@
+---
+phase: 09-osint-infrastructure
+plan: 01
+subsystem: pkg/recon
+tags: [recon, osint, interface, engine, ants, fanout]
+dependency-graph:
+  requires:
+    - pkg/engine.Finding
+    - github.com/panjf2000/ants/v2
+    - golang.org/x/time/rate
+  provides:
+    - recon.ReconSource interface
+    - recon.Engine (Register/List/SweepAll)
+    - recon.Config
+    - recon.Finding (alias of engine.Finding)
+    - recon.ExampleSource (reference stub)
+  affects:
+    - Wave 1 siblings (limiter, stealth, robots) compose with Engine
+    - Wave 2 CLI plan (09-05) wires Engine into cmd/recon
+    - Phases 10-16 implement ReconSource for real sources
+tech-stack:
+  added: []
+  patterns:
+    - Ants pool for parallel source fanout
+    - Type alias (Finding = engine.Finding) for shared storage path
+    - Interface-per-source plugin model
+key-files:
+  created:
+    - pkg/recon/source.go
+    - pkg/recon/engine.go
+    - pkg/recon/example.go
+    - pkg/recon/engine_test.go
+  modified: []
+decisions:
+  - "Finding is a type alias of engine.Finding, not a new struct — keeps storage and verification paths unified; recon sources only need to set SourceType=recon:<name>"
+  - "Dedup is intentionally NOT done in SweepAll — plan 09-03 owns pkg/recon/dedup.go; SweepAll only aggregates"
+  - "Engine sizes the ants pool to len(active) sources — small N (tens, not thousands), so per-sweep pool allocation is cheap and avoids cross-sweep state"
+  - "Context cancellation in SweepAll drains the out channel in a detached goroutine to prevent source senders from blocking after cancel"
+  - "Register is idempotent by Name() — re-registering replaces; guards against double-init loops"
+metrics:
+  duration: "~3m"
+  completed: "2026-04-05"
+  tasks: 2
+  files: 4
+---
+
+# Phase 9 Plan 1: Recon Framework Foundation Summary
+
+ReconSource interface, Engine with ants-pool parallel fanout, and ExampleSource stub — the contract every OSINT source in Phases 10-16 will implement.
+
+## What Was Built
+
+**`pkg/recon/source.go`** defines the public contract:
+
+- `ReconSource` interface: `Name() / RateLimit() / Burst() / RespectsRobots() / Enabled(Config) / Sweep(ctx, query, out)`
+- `Config` struct: `Stealth`, `RespectRobots`, `EnabledSources`, `Query`
+- `Finding` as a Go type alias of `engine.Finding` — recon findings flow through the same storage path as file/git/stdin scanning; sources simply set `SourceType = "recon:<name>"`.
+
+**`pkg/recon/engine.go`** is the orchestrator:
+
+- `NewEngine()` / `Register(src)` / `List()` with an RWMutex-guarded map and sorted name listing.
+- `SweepAll(ctx, cfg)` collects enabled sources, allocates an `ants.Pool` sized to `len(active)`, submits one goroutine per source, aggregates findings via a buffered channel, and closes on WaitGroup completion. A context-cancel branch starts a detached drainer so senders never block post-cancel.
+- Deduplication is deliberately deferred to plan 09-03 (`dedup.go`).
+
+**`pkg/recon/example.go`** ships a deterministic `ExampleSource` that emits two fake findings (openai + anthropic, masked keys, `recon:example` SourceType). It lets Wave 2 CLI work and the dashboard verify the end-to-end pipeline without any network I/O.
+
+**`pkg/recon/engine_test.go`** covers:
+
+- `TestRegisterList` — empty engine, register, idempotent re-register, sorted output.
+- `TestSweepAll` — full fanout path via ExampleSource, asserts 2 findings tagged `recon:example` with populated provider/masked/source fields.
+- `TestSweepAll_NoSources` — empty registry returns `nil, nil`.
+- `TestSweepAll_FiltersDisabled` — sources whose `Enabled()` returns false are excluded.
+
+## Tasks Completed
+
+| Task | Name                                       | Commit   | Files                                                   |
+| ---- | ------------------------------------------ | -------- | ------------------------------------------------------- |
+| 1    | ReconSource interface + Config             | 10af12d  | pkg/recon/source.go                                     |
+| 2    | Engine + ExampleSource + tests             | 851b243  | pkg/recon/engine.go, example.go, engine_test.go         |
+
+## Verification
+
+- `go build ./pkg/recon/...` — clean
+- `go vet ./pkg/recon/...` — clean
+- `go test ./pkg/recon/ -count=1` — PASS (4/4 new tests; existing limiter/robots tests from sibling Wave 1 plans continue to pass)
+
+## Key Decisions
+
+1. **Type alias over new struct.** `type Finding = engine.Finding` means recon findings are byte-identical to scan findings. Storage, verification, and output paths already handle them; sources only tag `SourceType = "recon:<name>"`. Avoids a parallel Finding hierarchy.
+
+2. **Per-sweep pool.** `ants.NewPool(len(active))` is allocated inside `SweepAll` and released via `defer pool.Release()`. With tens of sources this is cheap and eliminates shared-state bugs across concurrent sweeps. A long-lived shared pool can be introduced later if profiling warrants it.
+
+3. **Dedup deferred.** Per 09-CONTEXT.md, `pkg/recon/dedup.go` is owned by plan 09-03. `SweepAll` returns the raw aggregate so the caller can choose when to dedup (batched persistence vs streaming).
+
+4. **Cancellation safety.** On `ctx.Done()` mid-collection, `SweepAll` spawns a detached `for range out {}` drainer before returning `ctx.Err()`. This prevents goroutines inside the ants pool from blocking on `out <- f` after the caller has left.
+
+5. **ExampleSource is a real implementation, not a mock.** It lives in the production package (no `_test.go` suffix) so the CLI (`keyhunter recon list` / `recon full`) and the dashboard can exercise the pipeline end-to-end before any Phase 10-16 source lands. It performs zero network I/O.
+
+## Deviations from Plan
+
+None — plan executed exactly as written. Tests were written RED before the engine/example implementation (TDD per `tdd="true"`), then driven to GREEN. Added two extra tests beyond the plan's stated minimum (`TestSweepAll_NoSources`, `TestSweepAll_FiltersDisabled`) to cover the empty-registry and disabled-source branches of `SweepAll` — pure additive coverage, no behavior change.
+
+## Known Stubs
+
+- `ExampleSource` is itself a stub by design (documented in 09-CONTEXT.md and in the source file doc comment). It will remain in the package as a reference implementation and CI smoke-test source; real sources replace it in Phases 10-16. This is an intentional stub, not an unfinished task.
+
+## Interfaces Provided to Downstream Plans
+
+```go
+// Wave 1 siblings (limiter, stealth, robots) compose orthogonally with Engine:
+type ReconSource interface {
+    Name() string
+    RateLimit() rate.Limit
+    Burst() int
+    RespectsRobots() bool
+    Enabled(cfg Config) bool
+    Sweep(ctx context.Context, query string, out chan<- Finding) error
+}
+
+// Wave 2 CLI (plan 09-05) will call:
+e := recon.NewEngine()
+e.Register(shodan.New(...))
+e.Register(github.New(...))
+findings, err := e.SweepAll(ctx, recon.Config{Stealth: true, Query: "..."})
+```
+
+## Self-Check: PASSED
+
+- pkg/recon/source.go — FOUND
+- pkg/recon/engine.go — FOUND
+- pkg/recon/example.go — FOUND
+- pkg/recon/engine_test.go — FOUND
+- Commit 10af12d — FOUND
+- Commit 851b243 — FOUND
+- `go test ./pkg/recon/ -count=1` — PASS