docs: document channel config and structured logging

Add per-channel plugin control and JSON logging sections to USAGE.md, CHEATSHEET.md, and derp.toml.example. Mark items done in ROADMAP.md.
2026-02-15 04:16:54 +01:00
parent 668d7f89b8
commit 16425046c8
5 changed files with 81 additions and 4 deletions
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -64,14 +64,15 @@
 - [x] Channel management commands (kick, ban, unban, topic, mode)
 - [x] Plugin state persistence (SQLite key-value store)

-## v1.1.0 -- Hardening + Wave 5 Plugins
+## v1.1.0 -- Hardening + Wave 5 Plugins (done)

 - [x] Message truncation for IRC 512-byte limit
 - [x] Configurable reconnect backoff (exponential)
 - [x] Bot orchestrator + config merge tests
 - [x] `wayback` plugin (Wayback Machine snapshot lookup)
 - [x] `dork` plugin (Google dork query builder)
- [ ] Per-channel plugin enable/disable
+- [x] Per-channel plugin enable/disable
+- [x] Structured logging (JSON output option)
 - [ ] Integration tests with mock IRC server
 - [ ] `username` plugin (cross-platform username enumeration)

@@ -79,6 +80,5 @@

 - [ ] Multi-server support (per-server config, shared plugins)
 - [ ] Stable plugin API (versioned, breaking change policy)
- [ ] Structured logging (JSON output option)
 - [ ] `emailcheck` plugin (SMTP VRFY/RCPT TO)
 - [ ] `canary` plugin (canary token generator/tracker)
--- a/TASKS.md
+++ b/TASKS.md
@@ -10,13 +10,15 @@
 | P1 | [x] | `wayback` plugin (Wayback Machine snapshot lookup) |
 | P1 | [x] | Config merge/load/resolve unit tests |
 | P1 | [x] | Bot API + format_msg + split_utf8 tests |
+| P1 | [x] | Per-channel plugin enable/disable |
+| P1 | [x] | Structured JSON logging |
 | P1 | [x] | Documentation update |

 ## Completed

 | Date | Task |
 |------|------|
-| 2026-02-15 | v1.1.0 (truncation, backoff, dork, wayback, tests) |
+| 2026-02-15 | v1.1.0 (channel filter, JSON logging, dork, wayback, tests) |
 | 2026-02-15 | v1.0.0 (IRCv3, chanmgmt, state persistence) |
 | 2026-02-15 | Wave 4 (opslog, note, subdomain, headers, exploitdb, payload) |
 | 2026-02-15 | Wave 3 plugins (geoip, asn, torcheck, iprep, cve) + update script |
--- a/config/derp.toml.example
+++ b/config/derp.toml.example
@@ -23,3 +23,15 @@ plugins_dir = "plugins"

 [logging]
 level = "info"
+# format = "json"         # Log format: "text" (default) or "json" (JSONL)
+
+# -- Per-Channel Plugin Control --
+# Channels without a section run all plugins.
+# Channels with a `plugins` list only run those plugins.
+# The `core` plugin is always active regardless of config.
+
+# [channels."#public"]
+# plugins = ["core", "dns", "cidr", "encode"]
+
+# [channels."#ops"]
+# plugins = ["core", "revshell", "payload", "exploitdb", "opslog"]
--- a/docs/CHEATSHEET.md
+++ b/docs/CHEATSHEET.md
@@ -31,6 +31,25 @@ rate_limit = 2.0     # Messages per second
 rate_burst = 5       # Burst capacity
 ```

+## Per-Channel Plugin Control
+
+```toml
+# Only allow specific plugins in a channel
+[channels."#public"]
+plugins = ["core", "dns", "cidr", "encode"]
+
+# Omit section entirely to allow all plugins
+```
+
+`core` always active. PMs unrestricted. Denied commands silently ignored.
+
+## Structured Logging
+
+```toml
+[logging]
+format = "json"    # JSONL output (default: "text")
+```
+
 ## Container

 ```bash
--- a/docs/USAGE.md
+++ b/docs/USAGE.md
@@ -53,6 +53,7 @@ admins = []                   # Hostmask patterns (fnmatch), IRCOPs auto-detecte

 [logging]
 level = "info"                # Logging level: debug, info, warning, error
+format = "text"               # Log format: "text" (default) or "json"
 ```

 ## Built-in Commands
@@ -147,6 +148,49 @@ broken.test -- error: timeout
 - crt.sh can be slow; the bot confirms receipt before querying
 - Live cert check runs only when expired CT entries exist

+## Per-Channel Plugin Control
+
+Restrict which plugins are active in specific channels. Channels without
+a `[channels."<name>"]` section run all plugins. Channels with a `plugins`
+list only run those plugins. The `core` plugin is always active (exempt
+from filtering). Private messages are always unrestricted.
+
+```toml
+[channels."#public"]
+plugins = ["core", "dns", "cidr", "encode"]
+
+[channels."#ops"]
+plugins = ["core", "revshell", "payload", "exploitdb", "opslog"]
+
+# #unrestricted -- no section, runs everything
+```
+
+When a command is denied by channel config, it is silently ignored (no
+error message). Event handlers from denied plugins are also skipped.
+
+## Structured Logging (JSON)
+
+Set `format = "json"` in `[logging]` to emit one JSON object per log line
+(JSONL), suitable for log aggregation tools.
+
+```toml
+[logging]
+level = "info"
+format = "json"
+```
+
+Each line contains:
+
+| Field | Description |
+|-------|-------------|
+| `ts` | Timestamp (`YYYY-MM-DDTHH:MM:SS`) |
+| `level` | Log level (`debug`, `info`, `warning`, `error`) |
+| `logger` | Logger name (`derp.bot`, `derp.plugin`, etc.) |
+| `msg` | Log message text |
+| `exc` | Exception traceback (only present on errors) |
+
+Default format is `"text"` (human-readable, same as before).
+
 ## Admin System

 Commands marked as `admin` require elevated permissions. Admin access is