feat(10-09): wire all ten Phase 10 sources in RegisterAll

pkg/recon/sources/register.go

@@ -6,27 +6,93 @@ import (
 )
 
 // SourcesConfig carries per-source credentials and shared dependencies read
-// from viper/env by cmd/recon.go. Plan 10-09 fleshes this out; for now it is a
-// placeholder struct so Wave 2 plans can depend on its shape.
+// from viper/env by cmd/recon.go and handed to RegisterAll.
+//
+// Fields are populated from environment variables (GITHUB_TOKEN, GITLAB_TOKEN,
+// ...) or viper config keys (recon.github.token, ...). Empty values are
+// permitted: the corresponding source is still registered on the engine, but
+// its Enabled() reports false so SweepAll skips it cleanly.
 type SourcesConfig struct {
-	GitHubToken      string
-	GitLabToken      string
-	BitbucketToken   string
+	// GitHub / Gist share the same token.
+	GitHubToken string
+	// GitLab personal access token.
+	GitLabToken string
+	// Bitbucket Cloud app password or OAuth token + required workspace slug.
+	BitbucketToken     string
+	BitbucketWorkspace string
+	// Codeberg (Gitea) token — optional, raises rate limit when present.
+	CodebergToken string
+	// HuggingFace Hub token — optional, raises rate limit when present.
 	HuggingFaceToken string
-	KaggleUser       string
-	KaggleKey        string
+	// Kaggle Basic-auth username + API key.
+	KaggleUser string
+	KaggleKey  string
 
+	// Registry drives query generation for every source via BuildQueries.
 	Registry *providers.Registry
+	// Limiters is the shared per-source rate-limiter registry.
 	Limiters *recon.LimiterRegistry
 }
 
 // RegisterAll registers every Phase 10 code-hosting source on engine.
-// Wave 2 plans append their source constructors here via additional
-// registerXxx helpers in this file. Plan 10-09 writes the final list.
+//
+// All ten sources are registered unconditionally so that cmd/recon.go can
+// surface the full catalog via `keyhunter recon list` regardless of which
+// credentials are configured. Sources without required credentials return
+// Enabled()==false so SweepAll skips them without erroring.
+//
+// A nil engine is treated as a no-op (not an error) — callers in broken init
+// paths shouldn't panic.
 func RegisterAll(engine *recon.Engine, cfg SourcesConfig) {
 	if engine == nil {
 		return
 	}
-	_ = cfg // wired up in Wave 2 + Plan 10-09
-	// Populated by Plan 10-09 (after Wave 2 lands individual source files).
+	reg := cfg.Registry
+	lim := cfg.Limiters
+
+	// API sources with constructors.
+	engine.Register(NewGitHubSource(cfg.GitHubToken, reg, lim))
+	engine.Register(NewKaggleSource(cfg.KaggleUser, cfg.KaggleKey, reg, lim))
+	engine.Register(NewHuggingFaceSource(HuggingFaceConfig{
+		Token:    cfg.HuggingFaceToken,
+		Registry: reg,
+		Limiters: lim,
+	}))
+
+	// API sources exposed as struct literals (no New* constructor in Wave 2).
+	engine.Register(&GitLabSource{
+		Token:    cfg.GitLabToken,
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&BitbucketSource{
+		Token:     cfg.BitbucketToken,
+		Workspace: cfg.BitbucketWorkspace,
+		Registry:  reg,
+		Limiters:  lim,
+	})
+	engine.Register(&GistSource{
+		Token:    cfg.GitHubToken,
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&CodebergSource{
+		Token:    cfg.CodebergToken,
+		Registry: reg,
+		Limiters: lim,
+	})
+
+	// Scraping sources (credentialless).
+	engine.Register(&ReplitSource{
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&CodeSandboxSource{
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&SandboxesSource{
+		Registry: reg,
+		Limiters: lim,
+	})
 }