- Test extractArg parsing for all command formats
- Test isPrivateChat detection (private vs group vs supergroup)
- Test commandHelp contains all 8 commands with descriptions
- Test storageToEngine conversion fidelity
- Test New constructor wires startedAt correctly
- NotifyNewFindings sends to all subscribers on scan completion with findings
- NotifyFinding sends real-time individual finding notifications (always masked)
- formatNotification/formatErrorNotification/formatFindingNotification helpers
- Zero findings = no notification; errors get separate error format
- Per-subscriber error handling: log and continue on individual send failures
- 6 tests pass: subscribe DB round-trip, no-subscriber no-op, zero-finding skip,
message format validation, error format, masked key enforcement
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- TestSubscribeUnsubscribe: DB round-trip for add/remove subscriber
- TestNotifyNewFindings_NoSubscribers: zero messages with empty table
- TestNotifyNewFindings_ZeroFindings: no notification for 0 findings
- TestFormatNotification: message contains job name, count, duration
- TestFormatFindingNotification: masked key, never full key
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- handleSubscribe checks IsSubscribed, calls AddSubscriber with chat ID and username
- handleUnsubscribe calls RemoveSubscriber, reports rows affected
- Both use storage layer from Plan 17-02
- Removed stub implementations from bot.go
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add telego v1.8.0 as direct dependency for Telegram bot
- Create pkg/bot/bot.go with Bot struct, Config, New, Start, Stop
- Implement isAllowed chat authorization and per-user rate limiting
- Add command dispatch with handler stubs for all 10 commands
- Long polling lifecycle with context cancellation for graceful shutdown
- Scheduler wraps gocron with Start/Stop lifecycle
- Start loads enabled jobs from DB and registers cron schedules
- AddJob/RemoveJob persist to DB and sync with gocron
- RunJob for manual trigger with OnComplete callback
- JobResult struct for notification bridge
- Promote gocron/v2 v2.19.1 to direct dependency
- Storage round-trip test for SaveScheduledJob/ListScheduledJobs
- Subscriber round-trip test for Add/Remove/List/IsSubscribed
- Scheduler Start loads enabled jobs from DB
- Scheduler AddJob/RemoveJob persists and registers
- Scheduler RunJob manual trigger with callback
- Add gocron/v2 v2.19.1 as direct dependency
- Append subscribers and scheduled_jobs CREATE TABLE to schema.sql
- Implement full subscriber CRUD (Add/Remove/List/IsSubscribed)
- Implement full scheduled job CRUD (Save/List/Get/Delete/UpdateLastRun/SetEnabled)
- SUMMARY.md with implementation details and verification results
- STATE.md updated with progress and decisions
- REQUIREMENTS.md marks RECON-MOBILE-01, RECON-DNS-01, RECON-DNS-02 complete
- URLhausSource searches abuse.ch URLhaus API for malicious URLs with API keys
- Credentialless source (Enabled always true, no API key needed)
- Tag lookup with payload endpoint fallback
- ciLogKeyPattern used for content matching
- Tests with httptest mocks for happy path and empty results
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- RapidAPISource searches public API listings for leaked keys
- Scrapes HTML search pages with ciLogKeyPattern matching
- Credentialless, httptest-based tests
- PostmanSource searches public collections via internal search proxy
- SwaggerHubSource searches published API specs for embedded keys
- Both credentialless, use BuildQueries + ciLogKeyPattern
- httptest-based tests for both sources
- VirusTotalSource searches VT Intelligence API for files containing API keys
- IntelligenceXSource searches IX archive with 3-step flow (search/results/read)
- Both credential-gated (Enabled returns false without API key)
- ciLogKeyPattern used for content matching
- Tests with httptest mocks for happy path and empty results
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- APKMirrorSource searches APK metadata pages for key patterns
- CrtShSource discovers subdomains via CT logs and probes config endpoints
- Both credentialless, emit findings on ciLogKeyPattern match
- GrafanaSource: search dashboards via /api/search, fetch detail via /api/dashboards/uid
- SentrySource: search issues via /api/0/issues, fetch events for key detection
- Register all 5 log aggregator sources in RegisterAll (67 sources total)
- Tests use httptest mocks for each API endpoint
- ElasticsearchSource: POST _search API with query_string, parse hits._source
- KibanaSource: GET saved_objects/_find API with kbn-xsrf header
- SplunkSource: GET search/jobs/export API with newline-delimited JSON parsing
- All sources use ciLogKeyPattern for key detection
- Tests use httptest mocks for each API endpoint
- DiscordSource uses dorking approach against configurable search endpoint
- SlackSource uses dorking against slack-archive indexers
- DevToSource searches dev.to API articles list + detail for body_markdown
- RegisterAll extended to include all 6 Phase 15 forum sources
- All credentialless, use ciLogKeyPattern for key detection
- StackOverflowSource searches SE API v2.3 search/excerpts endpoint
- RedditSource searches Reddit JSON API with custom User-Agent
- HackerNewsSource searches Algolia HN API for comments
- All credentialless, use ciLogKeyPattern for key detection
- Tests use httptest mock servers with API key patterns
- ConfluenceSource searches exposed instances via /rest/api/content/search CQL
- GoogleDocsSource uses dorking + /export?format=txt for plain-text scanning
- HTML tag stripping for Confluence storage format
- Both credentialless, tests with httptest mocks confirm findings
