PR1: subenum 0.5.1 patch (version, race fixes, TUI, build)

Patch-only release. Fixes:
- Data race in simulate mode via math/rand/v2 (goroutine-safe, auto-seeded).
- Send-on-closed-channel race in scan.Run progress ticker.
- TUI Aborted status on ctrl+c; form no longer blocks live mode on empty hit rate.
- -version reports v0.5.1.
- Docker build copies go.sum / go mod download; base image satisfies module Go version.
- Go minimum reconciled to 1.24.2 across go.mod, Dockerfile, README, docs.

Added tests: concurrent SimulateResolution, scan runner (concurrent + cancel),
TUI form validation.

CI: release workflow now also triggers on tag pushes (tags: ['v*']) so the
first tag actually builds and publishes binaries.

Docs: README facelift; ARCHITECTURE ticker interval (1s) and arg-parsing
(cliFlags + flag.*Var) corrected; removed unused docs/assets/title.svg.

CHANGELOG and ARCHITECTURE are scoped to 0.5.1 only (no unshipped features).

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: TMHSDigital

.github/ISSUE_TEMPLATE/bug_report.md

@@ -25,7 +25,7 @@ If applicable, add screenshots or copy the terminal output to help explain your
 
 **Environment (please complete the following information):**
  - OS: [e.g. Ubuntu 22.04, Windows 11, macOS 13.0]
- - Go Version: [e.g. 1.22.0]
+ - Go Version: [e.g. 1.24.2]
  - subenum Version: [e.g. 0.3.0]
 
 **Additional context**

.github/workflows/go.yml

@@ -3,6 +3,7 @@ name: Go
 on:
   push:
     branches: [ "main" ]
+    tags: [ "v*" ]
   pull_request:
     branches: [ "main" ]
 

.golangci.yml

@@ -15,8 +15,10 @@ linters:
   settings:
     gosec:
       excludes:
-        # G304: File path provided as taint input — expected for a wordlist tool
+        # G304: File path provided as taint input, expected for a wordlist tool
         - G304
+        # G404: Weak RNG is fine; math/rand/v2 only drives simulation output, which is not security-sensitive
+        - G404
     errcheck:
       # These write to stdout/files in hot paths; errors are intentionally ignored
       exclude-functions:

CHANGELOG.md

@@ -5,7 +5,26 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [0.5.1] - 2026-06-03
+
+### Fixed
+- Data race in simulation mode: migrated `internal/dns/simulate.go` to `math/rand/v2`, whose top-level functions are goroutine-safe and auto-seeded. `SimulateResolution` is now safe to call concurrently (previously a shared `*math/rand.Rand` was used from every worker).
+- Send-on-closed-channel race in `scan.Run`: the progress ticker goroutine now signals its own exit (`tickerStopped`) and guards its send with a select, and `Run` waits for that exit before emitting `EventDone`, so the deferred `close(events)` can no longer race an in-flight ticker send.
+- TUI now renders the "Aborted" status when a scan is cancelled with `ctrl+c` (the scan view is marked aborted so the subsequent `EventDone` shows partial counts).
+- TUI form no longer blocks a live-mode scan when the Hit Rate field is empty or out of range; hit rate is validated only when Simulate is on.
+- `-version` now reports the correct version (`subenum v0.5.1`).
+- Docker build: the builder now copies `go.sum` and runs `go mod download` before building, the base image satisfies the module Go version, and `main_test.go` is no longer copied into the build image.
+
+### Changed
+- Go minimum version reconciled to 1.24.2 across `go.mod`, the Dockerfile base image, README, and docs (the charmbracelet TUI dependencies require it); direct vs indirect dependency classification corrected via `go mod tidy`.
+
+### Added
+- Tests: concurrent `SimulateResolution` test, `internal/scan` runner tests (concurrent simulate run and mid-scan context cancellation), and `internal/tui` form validation tests.
+
+### Docs
+- README facelift: plain-text description under the badges, a copy-paste quick-start block, the TUI screenshot promoted to a hero position, PRs-Welcome and platform badges, and removal of em dashes for a clean human-authored look.
+- ARCHITECTURE: corrected the progress ticker interval (1 second) and the argument-parsing section (`flag.*Var` into a `cliFlags` struct).
+- Removed the unused, duplicate `docs/assets/title.svg`.
 
 ## [0.5.0] - 2026-03-14
 

Dockerfile

@@ -1,13 +1,13 @@
-FROM golang:1.22-alpine AS builder
+FROM golang:1.24.2-alpine AS builder
 
 WORKDIR /app
 
-# Copy go.mod and go.sum first to leverage Docker cache
-COPY go.mod ./
+# Copy module files first and download deps to leverage Docker layer caching
+COPY go.mod go.sum ./
+RUN go mod download
 
 # Copy source code
 COPY main.go ./
-COPY main_test.go ./
 COPY internal/ ./internal/
 
 # Build the binary with optimizations

README.md

@@ -6,7 +6,7 @@
 
 [![Build](https://img.shields.io/github/actions/workflow/status/TMHSDigital/subenum/go.yml?branch=main&style=for-the-badge&label=build)](https://github.com/TMHSDigital/subenum/actions)
 [![Release](https://img.shields.io/github/v/release/TMHSDigital/subenum?style=for-the-badge)](https://github.com/TMHSDigital/subenum/releases)
-[![Go](https://img.shields.io/badge/Go-1.22+-00ADD8?style=for-the-badge&logo=go&logoColor=white)](https://go.dev)
+[![Go](https://img.shields.io/badge/Go-1.24.2+-00ADD8?style=for-the-badge&logo=go&logoColor=white)](https://go.dev)
 [![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg?style=for-the-badge)](LICENSE)
 [![CodeQL](https://img.shields.io/github/actions/workflow/status/TMHSDigital/subenum/codeql.yml?label=CodeQL&style=for-the-badge)](https://github.com/TMHSDigital/subenum/actions/workflows/codeql.yml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/TMHSDigital/subenum?style=for-the-badge&v=0.5.0)](https://goreportcard.com/report/github.com/TMHSDigital/subenum)
@@ -87,7 +87,7 @@ flowchart LR
 
 ## Installation
 
-**Prerequisites:** Go 1.22+ · Git · Make _(optional)_ · Docker _(optional)_
+**Prerequisites:** Go 1.24.2+ · Git · Make _(optional)_ · Docker _(optional)_
 
 <details>
 <summary><strong>Build from source</strong></summary>
@@ -272,7 +272,7 @@ No flags required. Fill in the form and press `ctrl+r` to start scanning. Last-u
 
 | Layer | Components |
 | :--- | :--- |
-| Core Engine | Go 1.22 &middot; `net.Resolver` &middot; `context` &middot; `sync/atomic` |
+| Core Engine | Go 1.24.2 &middot; `net.Resolver` &middot; `context` &middot; `sync/atomic` |
 | Concurrency | goroutines &middot; channels &middot; `sync.WaitGroup` &middot; `sync.Mutex` |
 | TUI | Bubble Tea &middot; Bubbles (textinput, viewport, progress) &middot; Lip Gloss |
 | Infrastructure | Docker &middot; Alpine &middot; Make &middot; docker-compose |

docs/ARCHITECTURE.md

@@ -40,19 +40,19 @@ internal/tui/config.go         — Session persistence (load/save ~/.config/sube
 ### 2.1. Argument Parsing
 
 *   **Purpose**: This component is responsible for processing the command-line arguments provided by the user when `subenum` is executed. It extracts the target domain, the path to the wordlist file, the desired number of concurrent workers, and the DNS lookup timeout.
-*   **Implementation**: Utilizes Go's standard `flag` package.
-    *   `flag.String("w", "", "Path to the wordlist file")`: Defines the wordlist file flag.
-    *   `flag.Int("t", 100, "Number of concurrent workers")`: Defines the concurrency level flag.
-    *   `flag.Int("timeout", 1000, "DNS lookup timeout in milliseconds")`: Defines the DNS timeout flag.
-    *   `flag.String("dns-server", DefaultDNSServer, "DNS server to use")`: Defines the custom DNS server flag.
-    *   `flag.Bool("v", false, "Enable verbose output")`: Defines the verbose flag.
-    *   `flag.Bool("progress", true, "Show progress during scanning")`: Defines the progress reporting flag.
-    *   `flag.Bool("version", false, "Show version information")`: Defines the version flag.
-    *   `flag.String("o", "", "Write results to file")`: Defines the output file flag.
-    *   `flag.Int("attempts", 0, "Total DNS resolution attempts per subdomain")`: Defines the attempt count flag.
-    *   `flag.Int("retries", 0, "Deprecated: alias for -attempts")`: Deprecated retry flag.
-    *   `flag.Bool("force", false, "Continue scanning on wildcard DNS")`: Defines the force flag.
-    *   `flag.Parse()`: Parses the provided arguments.
+*   **Implementation**: Utilizes Go's standard `flag` package. `parseFlags()` binds every flag into a `cliFlags` struct using the `flag.*Var` forms, then calls `flag.Parse()`.
+    *   `flag.StringVar(&f.wordlistFile, "w", "", ...)`: Binds the wordlist file flag.
+    *   `flag.IntVar(&f.concurrency, "t", 100, ...)`: Binds the concurrency level flag.
+    *   `flag.IntVar(&f.timeoutMs, "timeout", 1000, ...)`: Binds the DNS timeout flag.
+    *   `flag.StringVar(&f.dnsServer, "dns-server", DefaultDNSServer, ...)`: Binds the custom DNS server flag.
+    *   `flag.BoolVar(&f.verbose, "v", false, ...)`: Binds the verbose flag.
+    *   `flag.BoolVar(&f.showProgress, "progress", true, ...)`: Binds the progress reporting flag.
+    *   `flag.BoolVar(&f.showVersion, "version", false, ...)`: Binds the version flag.
+    *   `flag.StringVar(&f.outputFile, "o", "", ...)`: Binds the output file flag.
+    *   `flag.IntVar(&f.attempts, "attempts", 0, ...)`: Binds the attempt count flag.
+    *   `flag.IntVar(&f.retries, "retries", 0, ...)`: Binds the deprecated retry flag.
+    *   `flag.BoolVar(&f.force, "force", false, ...)`: Binds the force flag.
+    *   `flag.Parse()`: Parses the provided arguments into the `cliFlags` struct.
     *   `flag.Arg(0)`: Retrieves the positional argument (the target domain).
 *   **Interactions**: The parsed values are used to configure the subsequent components, such as the Wordlist Processing and DNS Resolution Engine. Input validation is performed to ensure valid values for critical parameters like concurrency, timeout, DNS server format (validated via `validateDNSServer`), and domain syntax (validated via `validateDomain`).
 
@@ -105,7 +105,7 @@ internal/tui/config.go         — Session persistence (load/save ~/.config/sube
     *   **Verbose Output** (when `-v` flag is enabled):
         *   Configuration summary, per-query DNS resolution info, and final scan statistics — all via `Info` to stderr.
     *   **Progress Reporting** (when `-progress` flag is enabled):
-        *   A dedicated goroutine using a 2-second ticker calls `Progress` on stderr.
+        *   A dedicated goroutine using a 1-second ticker calls `Progress` on stderr.
 *   **Interactions**: All components route output through the `Writer`. Since results are the only thing on stdout, piping (`| cut -d' ' -f2`) works without `-progress=false`.
 
 ### 2.6. Progress Monitoring
@@ -117,7 +117,7 @@ internal/tui/config.go         — Session persistence (load/save ~/.config/sube
         *   `processedWords`: An atomic counter that's incremented each time a subdomain is checked.
         *   `foundSubdomains`: An atomic counter that's incremented each time a valid subdomain is found.
     *   **Progress Display** (on stderr):
-        *   A dedicated goroutine using a ticker (running every 2 seconds) calls `Writer.Progress`
+        *   A dedicated goroutine using a ticker (running every 1 second) calls `Writer.Progress`
         *   Uses `\r` carriage return to update the same line repeatedly
         *   Shows percentage completion, processed count, and found count
 *   **Interactions**: The Progress Monitoring component works alongside the worker goroutines, using atomic operations to safely track counts across multiple goroutines. Writing to stderr keeps stdout pipe-clean.

docs/CONTRIBUTING.md

@@ -13,7 +13,7 @@ See the [Code of Conduct](CODE_OF_CONDUCT.html).
 
 ### Prerequisites
 
-- Go 1.22 or later
+- Go 1.24.2 or later
 - Git
 - Make (optional but recommended)
 - Docker (optional, for containerized development)

docs/DEVELOPER_GUIDE.md

@@ -13,7 +13,7 @@ This guide provides information for developers looking to contribute to or build
 
 To work with `subenum`, you'll need:
 
-*   **Go Programming Language**: [Go 1.22+](https://golang.org/dl/) is required.
+*   **Go Programming Language**: [Go 1.24.2+](https://golang.org/dl/) is required.
 *   **Git**: For version control.
 *   **Text Editor or IDE**: VS Code, GoLand, or any editor with Go support is recommended.