salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
49 Commits 1 Branch 0 Tags
617199ba44fd29aac426080dd8cf57a955873339
Commit Graph

49 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
salvacybersec
617199ba44 docs(02-05): complete tier1/tier2 guardrail test plan 
Adds guardrail summary and advances phase 02 state. Notes pre-existing
Tier 2 regex over-match regression in pkg/engine as a phase-2 blocker
to be handled in a follow-up plan.
 2026-04-05 14:16:28 +03:00
salvacybersec
58f302b67d test(02-05): add tier1/tier2 provider guardrail test 
- TestTier1Count asserts exactly 12 Tier 1 providers loaded
- TestTier2Count asserts exactly 14 Tier 2 providers loaded
- TestAllPatternsCompile verifies every regex compiles under RE2
- TestAllProvidersHaveKeywords guards Aho-Corasick pre-filter
- TestTier1/Tier2ProviderNames lock in expected provider names

Locks Phase 2 coverage against silent regressions in Phase 3+.
Addresses PROV-01, PROV-02.
 2026-04-05 14:15:00 +03:00
salvacybersec
33b2a6e5ad docs(02-04): complete tier-2 inference platforms plan 
Adds 02-04-SUMMARY.md; updates STATE.md and ROADMAP.md with execution metrics.
Completes PROV-02 (all 14 Tier 2 providers defined).
 2026-04-05 14:13:10 +03:00
salvacybersec
2d7ccfa2d1 docs(02-01): complete tier 1 high-confidence providers plan 2026-04-05 14:13:00 +03:00
salvacybersec
895c3360c9 docs(02-03): complete tier-2 inference platforms plan (first half) 
- 7 Tier 2 providers created (Groq, Replicate, Anyscale, Together, Fireworks, Baseten, DeepInfra)
- PROV-02 marked complete
 2026-04-05 14:12:50 +03:00
salvacybersec
a8c0a6db62 docs(02-02): complete tier 1 medium/low-confidence providers plan 2026-04-05 14:12:49 +03:00
salvacybersec
d74200b5ef feat(02-01): add Google AI, Vertex AI, AWS Bedrock, xAI providers 
- google-ai: AIzaSy pattern for Gemini
- vertex-ai: AIzaSy + Bearer verify on aiplatform endpoint
- aws-bedrock: ABSK long-token and AKIA medium patterns
- xai: xai- 80-char token pattern
- All dual-located in providers/ and pkg/providers/definitions/
 2026-04-05 14:12:03 +03:00
salvacybersec
5b5a47d3cc feat(02-04): add SambaNova, OctoAI, Friendli provider YAMLs 
- SambaNova with live verify endpoint (api.sambanova.ai/v1/models)
- OctoAI generic-format with keyword anchors
- Friendli with flp_ prefix pattern (medium confidence)
- Dual-located in providers/ and pkg/providers/definitions/
- Completes PROV-02: all 14 Tier 2 providers defined
 2026-04-05 14:12:02 +03:00
salvacybersec
5e36f24a4f feat(02-03): add Together, Fireworks, Baseten, DeepInfra provider YAMLs 
- Together AI: keyword-anchored, 64-hex generic pattern
- Fireworks AI: fw_ prefix (medium) + generic (low)
- Baseten: keyword + Api-Key header auth
- DeepInfra: keyword-anchored generic pattern
- Dual-located in providers/ and pkg/providers/definitions/
 2026-04-05 14:11:59 +03:00
salvacybersec
adad602ec9 feat(02-02): add Mistral, Inflection, AI21 provider YAMLs 
- 3 Tier 1 low-confidence providers with keyword anchoring
- Dual-located in providers/ and pkg/providers/definitions/
- Tier 1 total now at 12/12 providers
 2026-04-05 14:11:51 +03:00
salvacybersec
622eabed74 feat(02-04): add Lepton, Modal, Cerebrium, Novita provider YAMLs 
- Lepton AI generic-format with keyword anchors
- Modal dual token (token_id ak-, token_secret as-) medium confidence
- Cerebrium generic-format with keyword anchors
- NovitaAI with live verify endpoint (api.novita.ai/v3/openai/models)
- Dual-located in providers/ and pkg/providers/definitions/
 2026-04-05 14:11:36 +03:00
salvacybersec
a1f0b2dd3e feat(02-03): add Groq, Replicate, Anyscale provider YAMLs 
- Groq: gsk_ prefix, 52 chars (high confidence)
- Replicate: r8_ prefix, 37 chars (high confidence)
- Anyscale: esecret_ prefix (high confidence)
- Dual-located in providers/ and pkg/providers/definitions/
 2026-04-05 14:11:27 +03:00
salvacybersec
bca842271e feat(02-02): add Azure OpenAI, Meta AI, Cohere provider YAMLs 
- 3 Tier 1 medium/low-confidence providers with keyword anchoring
- Dual-located in providers/ and pkg/providers/definitions/
- Registry test passes
 2026-04-05 14:11:19 +03:00
salvacybersec
c0d3add7e1 feat(02-01): upgrade OpenAI and Anthropic provider YAMLs 
- OpenAI: add sk-svcacct- and legacy T3BlbkFJ patterns
- Anthropic: add api03 AA suffix and sk-ant-admin01- pattern
- Sync both to pkg/providers/definitions/ for go:embed
 2026-04-05 14:11:12 +03:00
salvacybersec
5079c65161 docs(02): create phase 2 tier 1-2 provider plans 2026-04-05 14:08:04 +03:00
salvacybersec
d0f9535852 docs(phase-02): add validation strategy 2026-04-05 13:06:43 +03:00
salvacybersec
b8c69cba7e docs(02): research phase domain - provider key formats and regex patterns 2026-04-05 13:06:03 +03:00
salvacybersec
fea691f27b docs(02): auto-generated context (discuss skipped) 2026-04-05 12:50:34 +03:00
salvacybersec
fb2def18a3 docs: mark Phase 1 complete in ROADMAP.md 2026-04-05 12:49:51 +03:00
salvacybersec
dcb33ec880 docs(phase-01): evolve PROJECT.md after phase completion 2026-04-05 12:33:26 +03:00
salvacybersec
d1b65ab10a docs(phase-01): complete phase execution 2026-04-05 12:33:00 +03:00
salvacybersec
d98513bf55 docs(01-05): complete CLI integration plan 
- SUMMARY.md with all task commits and self-check
- STATE.md updated with progress, decisions, metrics
- ROADMAP.md updated with phase 01 plan progress
- Requirements CLI-01 through CLI-05 marked complete
 2026-04-05 12:28:56 +03:00
salvacybersec
9da0b68129 feat(01-05): add CLI root command, config package, output table, and settings helpers 
- cmd/root.go: Cobra root with all 11 subcommands, viper config loading
- cmd/stubs.go: 8 stub commands for future phases (verify, import, recon, keys, serve, dorks, hook, schedule)
- cmd/scan.go: scan command wiring engine + storage + output with per-installation salt
- cmd/providers.go: providers list/info/stats subcommands
- cmd/config.go: config init/set/get subcommands
- pkg/config/config.go: Config struct with Load() and defaults
- pkg/output/table.go: lipgloss terminal table for PrintFindings
- pkg/storage/settings.go: GetSetting/SetSetting for settings table CRUD
 2026-04-05 12:26:36 +03:00
salvacybersec
d0396bb384 docs(01-04): complete scan engine plan 
- SUMMARY.md with pipeline implementation details
- STATE.md updated with progress and decisions
- ROADMAP.md and REQUIREMENTS.md updated
 2026-04-05 12:22:49 +03:00
salvacybersec
cea2e371cc feat(01-04): implement three-stage scanning pipeline with ants worker pool 
- pkg/engine/sources/source.go: Source interface using pkg/types.Chunk
- pkg/engine/sources/file.go: FileSource with overlapping chunk reads
- pkg/engine/filter.go: KeywordFilter using Aho-Corasick pre-filter
- pkg/engine/detector.go: Detect with regex matching + Shannon entropy check
- pkg/engine/engine.go: Engine.Scan orchestrating 3-stage pipeline with ants pool
- pkg/engine/scanner_test.go: filled test stubs with pipeline integration tests
- testdata/samples: fixed anthropic key lengths to match {93,} regex pattern
 2026-04-05 12:21:17 +03:00
salvacybersec
45cc676f55 feat(01-04): add shared Chunk type, Finding struct, Shannon entropy, and MaskKey 
- pkg/types/chunk.go: shared Chunk struct breaking engine<->sources circular import
- pkg/engine/finding.go: Finding struct with MaskKey for pipeline output
- pkg/engine/entropy.go: Shannon entropy function using math.Log2
- pkg/engine/entropy_test.go: TDD tests for Shannon and MaskKey
 2026-04-05 12:18:26 +03:00
salvacybersec
ef8717b9ab chore: fix go.mod after wave 1 merge 2026-04-05 00:14:32 +03:00
salvacybersec
1e3f112d79 merge: plan 01-02 provider registry 2026-04-05 00:14:05 +03:00
salvacybersec
de8bb5560f merge: plan 01-03 storage layer 2026-04-05 00:13:45 +03:00
salvacybersec
62fdb14162 docs(01-02): complete provider registry plan 
- SUMMARY.md: schema validation + embed loader + Aho-Corasick registry
- STATE.md: updated progress (20%), decisions, metrics
- ROADMAP.md: phase 01 in-progress (1/5 summaries)
- REQUIREMENTS.md: marked CORE-02, CORE-03, CORE-06, PROV-10 complete
 2026-04-05 00:13:03 +03:00
salvacybersec
a9859b3384 feat(01-02): embed loader, registry with Aho-Corasick, and filled test stubs 
- loader.go with go:embed definitions/*.yaml for compile-time embedding
- registry.go with List(), Get(), Stats(), AC() methods
- Aho-Corasick automaton built from all provider keywords at NewRegistry()
- pkg/providers/definitions/ with 3 YAML files for embed
- All 5 provider tests pass: load, get, stats, AC, schema validation
 2026-04-05 00:10:56 +03:00
salvacybersec
43aeb8985d docs(01-foundation-03): complete storage layer plan — SUMMARY, STATE, ROADMAP, REQUIREMENTS updated 
- 01-03-SUMMARY.md: AES-256-GCM + Argon2id + SQLite CRUD layer complete
- STATE.md: progress 20%, decisions logged, session updated
- ROADMAP.md: Phase 1 In Progress (1/5 summaries)
- REQUIREMENTS.md: STOR-01, STOR-02, STOR-03 marked complete
 2026-04-05 00:07:24 +03:00
salvacybersec
f62a17ad1c docs(01-01): complete Go module bootstrap plan 
- SUMMARY.md: module initialized, 10 deps pinned, test scaffolding created
- STATE.md: advanced to plan 2/5, recorded decisions and session
- ROADMAP.md: Phase 01 progress updated (1/5 summaries)
- REQUIREMENTS.md: marked CORE-01..07, STOR-01..03, CLI-01 complete
 2026-04-05 00:06:20 +03:00
salvacybersec
3334633867 feat(01-foundation-03): implement SQLite storage with Finding CRUD and encryption 
- schema.sql: CREATE TABLE for findings, scans, settings with indexes
- db.go: Open() with WAL mode, foreign keys, embedded schema migration
- findings.go: SaveFinding encrypts key_value before INSERT, ListFindings decrypts after SELECT
- MaskKey: first8...last4 masking helper
- Fix: NULL scan_id handling for findings without parent scan
 2026-04-05 00:05:54 +03:00
salvacybersec
58259cb9d3 feat(01-01): create main.go, test scaffolding, and testdata fixtures 
- main.go entry point (7 lines) delegates to cmd.Execute()
- cmd/root.go stub so go build ./... compiles (Plan 05 replaces)
- pkg/providers, pkg/storage, pkg/engine package stubs
- Test stubs with t.Skip() for providers, storage, engine packages
- testdata/samples: openai_key.txt, anthropic_key.txt, multiple_keys.txt, no_keys.txt
- go build ./... and go test ./... -short both exit 0
 2026-04-05 00:04:42 +03:00
salvacybersec
239e2c214c feat(01-foundation-03): implement AES-256-GCM encryption and Argon2id key derivation 
- Encrypt/Decrypt using AES-256-GCM with random nonce prepended to ciphertext
- ErrCiphertextTooShort sentinel error for malformed ciphertext
- DeriveKey using Argon2id RFC 9106 params (time=1, mem=64MB, threads=4, keyLen=32)
- NewSalt generates cryptographically random 16-byte salt
 2026-04-05 00:04:33 +03:00
salvacybersec
4fcdc42c70 feat(01-02): provider YAML schema structs with validation and reference YAML files 
- Provider, Pattern, VerifySpec, RegistryStats structs in schema.go
- UnmarshalYAML validates format_version >= 1 and last_verified non-empty
- Three reference YAML files: openai, anthropic, huggingface
 2026-04-05 00:04:29 +03:00
salvacybersec
7994220fbe chore(01-01): initialize Go module with Phase 1 dependencies 
- go mod init github.com/salvacybersec/keyhunter
- Pin cobra v1.10.2, viper v1.21.0, ants v2.12.0 to exact versions
- Add modernc.org/sqlite v1.48.1 (CGO-free, pure Go)
- Add petar-dambovaliev/aho-corasick, x/crypto, x/time, lipgloss, testify
- tools.go with build tag to pin dependencies not yet imported in production code
 2026-04-05 00:04:06 +03:00
salvacybersec
2ef54f7196 test(01-foundation-03): add failing tests for storage layer 
- Tests for AES-256-GCM encrypt/decrypt roundtrip
- Tests for Argon2id key derivation determinism
- Tests for SQLite open with schema tables
- Tests for SaveFinding/ListFindings with encryption contract
- Tests verify raw BLOB does not contain plaintext key
 2026-04-05 00:04:06 +03:00
salvacybersec
ebaf7d7c2d test(01-02): add failing tests for provider schema validation and registry 2026-04-05 00:03:55 +03:00
salvacybersec
fb8a1f002b fix(01-foundation): address all checker blockers and warnings in phase plans 2026-04-04 23:57:01 +03:00
salvacybersec
684b67cb73 docs(01-foundation): create phase 1 plan — 5 plans across 3 execution waves 
Wave 0: module init + test scaffolding (01-01)
Wave 1: provider registry (01-02) + storage layer (01-03) in parallel
Wave 2: scan engine pipeline (01-04, depends on 01-02)
Wave 3: CLI wiring + integration checkpoint (01-05, depends on all)

Covers all 16 Phase 1 requirements: CORE-01 through CORE-07, STOR-01 through STOR-03,
CLI-01 through CLI-05, PROV-10.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 23:44:09 +03:00
salvacybersec
c573b97a68 docs(phase-1): add validation strategy 2026-04-04 23:33:07 +03:00
salvacybersec
fa3916a417 docs(phase-1): research foundation phase 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 23:32:10 +03:00
salvacybersec
ee92aad4cf docs: create roadmap (18 phases) 2026-04-04 19:12:41 +03:00
salvacybersec
6803863833 docs: define v1 requirements 2026-04-04 19:05:33 +03:00
salvacybersec
6c3a84b1ff docs: complete project research 2026-04-04 19:03:12 +03:00
salvacybersec
c8e744cb48 docs: initialize project 2026-04-04 18:54:39 +03:00
salvacybersec
f3773d2895 chore: add project config 2026-04-04 18:53:45 +03:00