Closes 2 verification gaps:
1. --sources=github,gitlab flag filters registered sources before sweep
2. Findings persisted to SQLite via storage.SaveFinding after dedup
Also adds Engine.Get() method for source lookup by name.
- Add run subcommand dispatching via dorks.Runner (github live,
other sources wrapped into friendly ErrSourceNotImplemented)
- Add add subcommand with source/category validation and embedded
ID collision guard
- Add delete subcommand that refuses embedded dork ids
- Expose newGitHubExecutor as package var for test injection
- cmd/dorks_test.go covers list filtering, add persistence + list
merge marker, invalid source rejection, embedded collision,
embedded delete refusal, custom delete, shodan not-implemented
path, GitHub missing-token auth hint, fake executor run, yaml
export merge, and info for both origins
Completes DORK-03 (list/run/add/export/info/delete) and DORK-04
(--source/--category filtering).
- Replace cmd/stubs.go dorksCmd stub with full command tree
- Add cmd/dorks.go with list, info, export subcommands
- Wire Registry + custom_dorks merge for list/export
- Bind GITHUB_TOKEN env var via viper for downstream run
Satisfies part of DORK-03 (list/info/export) and DORK-04 (source/category
filtering). run/add/delete land in Task 2.
- Replace inline jsonFinding switch with output.Get() dispatch
- Add renderScanOutput helper used by RunE and tests
- Introduce version var + versionString() for SARIF tool metadata
- Update --output help to list table, json, sarif, csv
- Change root Execute to os.Exit(2) on RunE errors per OUT-06
(exit 0=clean, 1=findings, 2=tool error)
- Add cmd/keys.go with six subcommands backed by the Plan 04 query layer
- keys list prints masked findings with id/provider/confidence/source columns
and supports --provider/--verified/--limit/--unmask filters
- keys show <id> renders a finding fully unmasked with verify metadata
- keys export --format=json|csv reuses the formatter registry, atomic
file writes when --output is set
- keys copy <id> uses atotto/clipboard for clipboard handoff
- keys delete <id> prompts via cmd.InOrStdin unless --yes is passed
- keys verify <id> gates on verify.EnsureConsent, then updates the stored
row inline via UPDATE findings SET verify_* using db.SQL()
- Remove the keysCmd stub from cmd/stubs.go (single declaration)
- All subcommands read config via openDBWithKey() mirroring scan.go
- main.go entry point (7 lines) delegates to cmd.Execute()
- cmd/root.go stub so go build ./... compiles (Plan 05 replaces)
- pkg/providers, pkg/storage, pkg/engine package stubs
- Test stubs with t.Skip() for providers, storage, engine packages
- testdata/samples: openai_key.txt, anthropic_key.txt, multiple_keys.txt, no_keys.txt
- go build ./... and go test ./... -short both exit 0
