sneak/dnswatcher
1
0
Fork 0
Code Issues 3 Pull-Requests 1 Actions Pakete Projekte Releases Wiki Aktivität

feat: implement watcher monitoring orchestrator (closes #2) #8

Zusammengeführt
sneak hat 4 Commits von feature/watcher-implementation nach main 2026-02-20 09:06:42 +01:00 zusammengeführt
Diskussion 4 Commits 4 Geänderte Dateien 6 +1375 -27
clawbot hat 2026-02-19 22:49:06 +01:00 kommentiert
Mitarbeiter
Link kopieren

Summary

Implements the full watcher monitoring orchestrator as described in the README.

Changes

  • Interfaces (interfaces.go): DNSResolver, PortChecker, TLSChecker, Notifier — enables testing with mocks and future implementation swaps
  • Watcher implementation (watcher.go): Full monitoring loop with:
    • Immediate checks on startup + periodic DNS/port and TLS cycles
    • Domain NS change detection
    • Per-nameserver hostname record tracking (changes, failures, recoveries, inconsistencies)
    • TCP port 80/443 monitoring
    • TLS cert monitoring (changes, 7-day expiry warnings, failures/recoveries)
    • State persistence after each cycle
    • First-run baseline (no notifications)
    • Graceful shutdown
  • fx wiring (main.go): Interface adapters for concrete types
  • Resolver stub (resolver.go): Updated LookupAllRecords signature to return per-NS results
  • State helper (state_test_helper.go): NewForTest() for unit testing

Test Results

=== RUN   TestFirstRunBaseline       --- PASS
=== RUN   TestNSChangeDetection      --- PASS
=== RUN   TestRecordChangeDetection  --- PASS
=== RUN   TestPortStateChange        --- PASS
=== RUN   TestTLSExpiryWarning       --- PASS
=== RUN   TestGracefulShutdown       --- PASS
=== RUN   TestNSFailureAndRecovery   --- PASS
PASS ok sneak.berlin/go/dnswatcher/internal/watcher 1.455s

Lint

All new code passes linting. Only pre-existing gosec warnings in notify.go remain (SSRF taint analysis on webhook URLs from config).

Closes #2

## Summary Implements the full watcher monitoring orchestrator as described in the README. ## Changes - **Interfaces** (`interfaces.go`): `DNSResolver`, `PortChecker`, `TLSChecker`, `Notifier` — enables testing with mocks and future implementation swaps - **Watcher implementation** (`watcher.go`): Full monitoring loop with: - Immediate checks on startup + periodic DNS/port and TLS cycles - Domain NS change detection - Per-nameserver hostname record tracking (changes, failures, recoveries, inconsistencies) - TCP port 80/443 monitoring - TLS cert monitoring (changes, 7-day expiry warnings, failures/recoveries) - State persistence after each cycle - First-run baseline (no notifications) - Graceful shutdown - **fx wiring** (`main.go`): Interface adapters for concrete types - **Resolver stub** (`resolver.go`): Updated `LookupAllRecords` signature to return per-NS results - **State helper** (`state_test_helper.go`): `NewForTest()` for unit testing ## Test Results ``` === RUN TestFirstRunBaseline --- PASS === RUN TestNSChangeDetection --- PASS === RUN TestRecordChangeDetection --- PASS === RUN TestPortStateChange --- PASS === RUN TestTLSExpiryWarning --- PASS === RUN TestGracefulShutdown --- PASS === RUN TestNSFailureAndRecovery --- PASS PASS ok sneak.berlin/go/dnswatcher/internal/watcher 1.455s ``` ## Lint All new code passes linting. Only pre-existing gosec warnings in `notify.go` remain (SSRF taint analysis on webhook URLs from config). Closes #2
sneak wurde von clawbot 2026-02-19 22:49:06 +01:00 zugewiesen
clawbot hat 2 Commits 2026-02-19 22:49:06 +01:00 hinzugefügt
test: add watcher orchestrator tests with mock dependencies dea30028b1 
Tests cover: first-run baseline, NS change detection, record change
detection, port state changes, TLS expiry warnings, graceful shutdown,
and NS failure/recovery scenarios.
feat: implement watcher monitoring orchestrator f676cc9458 
Implements the full monitoring loop:
- Immediate checks on startup, then periodic DNS+port and TLS cycles
- Domain NS change detection with notifications
- Per-nameserver hostname record tracking with change/failure/recovery
  and inconsistency detection
- TCP port 80/443 monitoring with state change notifications
- TLS certificate monitoring with change, expiry, and failure detection
- State persistence after each cycle
- First run establishes baseline without notifications
- Graceful shutdown via context cancellation

Defines DNSResolver, PortChecker, TLSChecker, and Notifier interfaces
for dependency injection. Updates main.go fx wiring and resolver stub
signature to match per-NS record format.

Closes #2
sneak hat 2026-02-20 04:57:18 +01:00 kommentiert
Besitzer
Link kopieren

@clawbot does LookupAllRecords get all RR types or just address records? it should get all RR types incl TXT etc.

@clawbot does LookupAllRecords get all RR types or just address records? it should get all RR types incl TXT etc.
clawbot hat 2026-02-20 04:58:18 +01:00 kommentiert
Autor
Mitarbeiter
Link kopieren

The interface and signature are designed for all RR types — the return type is map[nameserver]map[recordType][]values, and the interface doc says "queries all record types for a hostname." However, the actual implementation in internal/resolver/resolver.go is currently a stub that returns ErrNotImplemented.

So the intent is all RR types (A, AAAA, TXT, MX, CNAME, etc.), but whether it actually delivers on that depends on the future implementation. The contract is correct as written.

The interface and signature are designed for all RR types — the return type is `map[nameserver]map[recordType][]values`, and the interface doc says "queries all record types for a hostname." However, the actual implementation in `internal/resolver/resolver.go` is currently a stub that returns `ErrNotImplemented`. So the *intent* is all RR types (A, AAAA, TXT, MX, CNAME, etc.), but whether it actually delivers on that depends on the future implementation. The contract is correct as written.
clawbot hat 1 Commit 2026-02-20 08:42:52 +01:00 hinzugefügt
fix: resolve gosec SSRF findings and formatting issues e09135d9d9 
Validate webhook/ntfy URLs at Service construction time and add
targeted nolint directives for pre-validated URL usage.
clawbot hat 2026-02-20 08:49:17 +01:00 kommentiert
Autor
Mitarbeiter
Link kopieren

make check audit result

All checks passed.

==> Checking formatting...
==> Running linter...
0 issues.
==> Running tests...
--- PASS: TestNSChangeDetection (0.00s)
--- PASS: TestFirstRunBaseline (0.00s)
--- PASS: TestPortStateChange (0.00s)
--- PASS: TestTLSExpiryWarning (0.00s)
--- PASS: TestRecordChangeDetection (0.00s)
--- PASS: TestNSFailureAndRecovery (0.00s)
--- PASS: TestGracefulShutdown (0.25s)
PASS
==> Building...
==> All checks passed!
## `make check` audit result ✅ All checks passed. ``` ==> Checking formatting... ==> Running linter... 0 issues. ==> Running tests... --- PASS: TestNSChangeDetection (0.00s) --- PASS: TestFirstRunBaseline (0.00s) --- PASS: TestPortStateChange (0.00s) --- PASS: TestTLSExpiryWarning (0.00s) --- PASS: TestRecordChangeDetection (0.00s) --- PASS: TestNSFailureAndRecovery (0.00s) --- PASS: TestGracefulShutdown (0.25s) PASS ==> Building... ==> All checks passed! ```
clawbot hat 2026-02-20 09:04:49 +01:00 kommentiert
Autor
Mitarbeiter
Link kopieren

make check passes 

==> Checking formatting...
==> Running linter...
==> Running tests...
PASS ok sneak.berlin/go/dnswatcher/internal/watcher 1.588s
==> Building...
==> All checks passed!
make check passes ✅ ``` ==> Checking formatting... ==> Running linter... ==> Running tests... PASS ok sneak.berlin/go/dnswatcher/internal/watcher 1.588s ==> Building... ==> All checks passed! ```
sneak hat 1 Commit 2026-02-20 09:06:29 +01:00 hinzugefügt
Merge branch 'main' into feature/watcher-implementation d5738d6d43
sneak hat Commit e185000402 in main 2026-02-20 09:06:42 +01:00 gemerged
Anmelden, um an der Diskussion teilzunehmen.
Reviewer
Keine Reviewer
Label
Label entfernen
bot
Agent's turn to work
 merge-ready
All checks pass, reviewed, rebased, ready for merge
 needs-checks
make check does not pass cleanly
 needs-rebase
PR has merge conflicts or is behind main
 needs-review
Code review not yet done
 needs-rework
Code review found issues to fix
Kein Label
Meilenstein
Keine Einträge
Kein Meilenstein
Projekte
Projekte löschen
Kein Projekt
Zuständig
Zuständige entfernen
clawbot sneak
Niemand zuständig sneak
2 Beteiligte
Nachrichten
Fällig am
Kein Fälligkeitsdatum gesetzt.
Abhängigkeiten

Keine Abhängigkeiten gesetzt.

Referenz: sneak/dnswatcher#8
Branch "feature/watcher-implementation" löschen

Das Löschen eines Branches ist permanent. Obwohl der Branch für eine kurze Zeit weiter existieren könnte, kann diese Aktion in den meisten Fällen NICHT rückgängig gemacht werden. Fortfahren?