chore: Release v2.0.1 - Documentation and infrastructure improvements

## Documentation Updates
- Added comprehensive scripts/README.md for installation scripts
- Enhanced main README with detailed TODO roadmap breakdown
- Marked httpx/nuclei integration as completed in TODO
- Added vulnerability scanner ingestion roadmap (Nessus/OpenVAS/Nmap)
- Added service-specific exploitation hooks roadmap (Metasploit)
- Added mindpalace visualization enhancement roadmap

## Infrastructure
- Created .version-tracking.md for semantic versioning compliance
- Enhanced .gitignore with comprehensive exclusions (test artifacts, logs, secrets)
- Added .github/workflows/ to version control for CI/CD transparency
- Updated Cargo.toml version from 2.0.0-dev to 2.0.1

## Analysis & Resource Audit
- Confirmed httpx/nuclei fully integrated (tool_httpx.rs, tool_nuclei.rs)
- Identified Metasploit mentioned but not implemented in hound mode
- Documented mindpalace capabilities and enhancement options
- Analyzed rsc/ directory usage and identified unused artifacts

## Version Bump Rationale
PATCH version bump (2.0.1) - backward compatible documentation and
infrastructure improvements without code functionality changes.

Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: gbiagomba

.github/workflows/build_release.yml

@@ -0,0 +1,51 @@
+
+name: Build and Release
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Build on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+
+      - name: Build the project
+        run: cargo build --release
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: sherlock
+          path: target/release/sherlock
+
+  release:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: target/release/sherlock
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/check-lockfile.yml

@@ -0,0 +1,26 @@
+name: Check Cargo.lock
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+    branches: ["**"]
+
+jobs:
+  verify-lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Ensure Cargo.lock exists and is tracked
+        shell: bash
+        run: |
+          if [ ! -f Cargo.lock ]; then
+            echo "Cargo.lock is missing at repo root" >&2
+            exit 1
+          fi
+          if ! git ls-files --error-unmatch Cargo.lock >/dev/null 2>&1; then
+            echo "Cargo.lock exists but is not tracked by git" >&2
+            exit 1
+          fi
+          echo "Cargo.lock present and tracked."

.github/workflows/release-binaries.yml

@@ -0,0 +1,116 @@
+name: Release Binaries
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+permissions:
+  contents: write
+
+jobs:
+  linux:
+    name: Linux (glibc+musl)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: taiki-e/upload-rust-binary@v1
+        with:
+          bin: sherlock
+          target: >-
+            x86_64-unknown-linux-gnu,
+            aarch64-unknown-linux-gnu,
+            x86_64-unknown-linux-musl,
+            aarch64-unknown-linux-musl
+          use-cross: true
+          archive: auto
+          asset: sherlock-{target}
+          checksum: sha256
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  macos-x64:
+    name: macOS x64 (macos-13)
+    runs-on: macos-13
+    steps:
+      - uses: actions/checkout@v4
+      - uses: taiki-e/upload-rust-binary@v1
+        with:
+          bin: sherlock
+          target: x86_64-apple-darwin
+          # Native build on macOS runner
+          use-cross: false
+          archive: auto
+          asset: sherlock-{target}
+          checksum: sha256
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  macos-arm64:
+    name: macOS arm64 (macos-14)
+    runs-on: macos-14
+    steps:
+      - uses: actions/checkout@v4
+      - uses: taiki-e/upload-rust-binary@v1
+        with:
+          bin: sherlock
+          target: aarch64-apple-darwin
+          use-cross: false
+          archive: auto
+          asset: sherlock-{target}
+          checksum: sha256
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  windows:
+    name: Windows (x64 + arm64)
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: taiki-e/upload-rust-binary@v1
+        with:
+          bin: sherlock
+          target: >-
+            x86_64-pc-windows-msvc,
+            aarch64-pc-windows-msvc
+          use-cross: false
+          archive: auto
+          asset: sherlock-{target}
+          checksum: sha256
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  checksums-sign:
+    name: Checksums and Sign
+    needs: [linux, macos-x64, macos-arm64, windows]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install GitHub CLI
+        uses: cli/cli/action@v2
+      - name: Download release assets
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          mkdir -p dist
+          gh release download "$GITHUB_REF_NAME" --pattern 'sherlock-*' --dir dist
+      - name: Generate SHA256SUMS
+        run: |
+          cd dist
+          if command -v sha256sum >/dev/null 2>&1; then sha256sum sherlock-* > SHA256SUMS; else shasum -a 256 sherlock-* > SHA256SUMS; fi
+      - name: Import GPG key
+        if: ${{ secrets.GPG_PRIVATE_KEY != '' }}
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          echo "$GPG_PRIVATE_KEY" | gpg --batch --yes --passphrase "$GPG_PASSPHRASE" --import
+      - name: Sign SHA256SUMS
+        if: ${{ secrets.GPG_PRIVATE_KEY != '' }}
+        run: |
+          cd dist
+          gpg --batch --yes --armor --detach-sign -o SHA256SUMS.asc SHA256SUMS
+      - name: Upload checksum and signature to release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release upload "$GITHUB_REF_NAME" dist/SHA256SUMS dist/SHA256SUMS.asc --clobber || gh release upload "$GITHUB_REF_NAME" dist/SHA256SUMS --clobber

.github/workflows/release-docker.yml

@@ -0,0 +1,85 @@
+name: Release Docker Image
+
+on:
+  push:
+    branches: [ "main" ]
+    tags: [ 'v*.*.*' ]
+
+env:
+  GHCR_REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3
+
+      - name: GHCR Login
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GHCR_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker Hub Login (optional)
+        if: github.event_name != 'pull_request' && secrets.DOCKERHUB_USERNAME && secrets.DOCKERHUB_TOKEN
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract Docker metadata (GHCR)
+        id: meta_ghcr
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: latest=true
+
+      - name: Extract Docker metadata (Docker Hub)
+        id: meta_dh
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKERHUB_REPO || format('docker.io/{0}', env.IMAGE_NAME) }}
+          flavor: latest=true
+
+      - name: Build and push (multi-arch)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: |
+            ${{ steps.meta_ghcr.outputs.tags }}
+            ${{ steps.meta_dh.outputs.tags }}
+          labels: |
+            ${{ steps.meta_ghcr.outputs.labels }}
+            ${{ steps.meta_dh.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Sign images with cosign (keyless)
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+        run: |
+          for t in ${{ steps.meta_ghcr.outputs.tags }} ${{ steps.meta_dh.outputs.tags }}; do
+            if [ -n "$t" ]; then
+              cosign sign --yes "$t@${{ steps.build-and-push.outputs.digest }}"
+            fi
+          done

.github/workflows/security-and-smoke.yml

@@ -0,0 +1,44 @@
+name: Security and Smoke
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: '0 6 * * 1'
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
+      - name: Cargo audit
+        run: cargo audit --deny warnings
+
+  smoke:
+    name: Build/Tests/CLI Smoke (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-13, macos-14, windows-latest]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+      - name: Build
+        run: cargo build --release
+      - name: Tests
+        run: cargo test --all --all-features --verbose
+      - name: CLI dry-run
+        shell: bash
+        run: |
+          target/release/sherlock recon --dry-run -t example.com -p ci-smoke || true

.gitignore

@@ -0,0 +1,70 @@
+# Rust build artifacts
+target/
+*.rs.bk
+Cargo.lock.bak
+
+# IDE/editor configuration files
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS-specific files
+.DS_Store
+Thumbs.db
+desktop.ini
+
+# Test outputs and artifacts
+output.txt
+test_output.html
+test_output.json
+test_output.csv
+test_*.txt
+test_*.html
+test_*.json
+test_*.csv
+*.test.log
+*.test.txt
+
+# Working directories
+work/
+output/
+results/
+tmp/
+temp/
+
+# Logs
+*.log
+logs/
+
+# Archives
+*.zip
+*.tar.gz
+*.tgz
+*.tar.bz2
+
+# Environment and secrets
+.env
+.env.local
+*.key
+*.pem
+credentials.json
+secrets.txt
+
+# macOS specific
+._*
+.Spotlight-V100
+.Trashes
+
+# Linux specific
+.directory
+
+# Windows specific
+ehthumbs.db
+Desktop.ini
+
+# Backup files
+*.bak
+*.backup
+*~