derp/TASKS.md

# derp - Tasks

## Current Sprint -- v1.2.4 URL Title Preview (2026-02-17)

| Pri | Status | Task |
|-----|--------|------|
| P0 | [x] | URL title preview plugin (`plugins/urltitle.py`) |
| P0 | [x] | HEAD-then-GET fetch via SOCKS5 connection pool |
| P1 | [x] | `_TitleParser`: og:title/description + `<title>` fallback |
| P1 | [x] | URL extraction with `!`-suppression and balanced parens |
| P1 | [x] | Dedup/cooldown (5 min, 500 entry cache) |
| P1 | [x] | Skip non-HTML, binary extensions, FlaskPaste host |
| P2 | [x] | Tests for urltitle (11 test classes, ~40 cases) |
| P2 | [x] | Documentation update (USAGE.md) |

## Previous Sprint -- v1.2.3 Paste Overflow (2026-02-17)

| Pri | Status | Task |
|-----|--------|------|
| P0 | [x] | `Bot.long_reply()` method with FlaskPaste overflow |
| P0 | [x] | Configurable `paste_threshold` (default: 4) |
| P1 | [x] | Refactor alert history to use `long_reply()` |
| P1 | [x] | Refactor exploitdb search/cve to use `long_reply()` |
| P1 | [x] | Refactor subdomain, crtsh, abuseipdb, dork to use `long_reply()` |
| P2 | [x] | Tests for paste overflow (10 cases) |

## Previous Sprint -- v1.2.2 Connection Pooling + Batch OG (2026-02-17)

| Pri | Status | Task |
|-----|--------|------|
| P0 | [x] | Batch `_fetch_og` calls via ThreadPoolExecutor (alert.py) |
| P0 | [x] | Connection pooling via `urllib3[socks]` SOCKSProxyManager (http.py) |
| P1 | [x] | Cache FlaskPaste `_ssl_context()` at module level |
| P1 | [x] | Backward-compat `urllib.error.HTTPError` for 4xx/5xx in pooled path |
| P1 | [x] | Legacy opener fallback for `context=` callers (username.py) |
| P2 | [x] | Containerfile uses requirements.txt for deps |

## Previous Sprint -- v1.2.1 Performance + Polish (2026-02-17)

| Pri | Status | Task |
|-----|--------|------|
| P1 | [x] | Cache default HTTP opener at module level |
| P1 | [x] | `--tracemalloc` CLI flag for memory profiling |
| P1 | [x] | Background seeding on `!alert add` (instant reply) |
| P1 | [x] | Per-backend error tracking with exponential backoff |
| P1 | [x] | Concurrent fetches for multi-instance backends (PeerTube, Mastodon, Lemmy, SearXNG) |
| P1 | [x] | `retries` parameter for `derp.http.urlopen` |
| P2 | [x] | Full alert titles (ACTION metadata + PRIVMSG content) |
| P2 | [x] | Remove title truncation from backend builders |

## Completed

| Date | Task |
|------|------|
| 2026-02-17 | v1.2.3 (paste overflow with FlaskPaste integration) |
| 2026-02-17 | v1.2.1 (HTTP opener cache, alert perf, concurrent multi-instance, tracemalloc) |
| 2026-02-16 | v1.2.0 (subscriptions, alerts, proxy, reminders) |
| 2026-02-15 | Calendar-based reminders (at/yearly) with persistence |
| 2026-02-15 | v1.1.0 (channel filter, JSON logging, dork, wayback, tests) |
| 2026-02-15 | v1.0.0 (IRCv3, chanmgmt, state persistence) |
| 2026-02-15 | Wave 4 (opslog, note, subdomain, headers, exploitdb, payload) |
| 2026-02-15 | Wave 3 plugins (geoip, asn, torcheck, iprep, cve) + update script |
| 2026-02-15 | Admin/owner permission system (hostmask + IRCOP) |
| 2026-02-15 | SASL PLAIN, rate limiting, CTCP responses |
| 2026-02-15 | Wave 2 plugins (whois, portcheck, httpcheck, tlscheck, blacklist, rand, timer) |
| 2026-02-15 | CLI --cprofile flag |
| 2026-02-15 | Wave 1 plugins (dns, encode, hash, defang, revshell, cidr) |
| 2026-02-15 | Hot-reload, shorthand, plugin help |
| 2026-02-15 | Container deployment (Containerfile, compose, Makefile targets) |
| 2026-02-15 | crt.sh CT lookup plugin |
| 2026-02-15 | TLS verify option for self-signed certs |
| 2026-02-15 | Initial implementation (IRC, plugins, config, CLI) |