feat: add comprehensive otelzap logging to all remaining scanner phases

Added detailed structured logging to authentication and SCIM testing phases
with context deadline tracking, timing, and progress monitoring.

Authentication Tests (runAuthenticationTests):
- Added phase start with context deadline status
- Added per-protocol discovery timing
- Added protocols found enumeration (SAML, OAuth2, WebAuthn)
- Added elapsed time tracking from phase start

SCIM Tests (runSCIMTests):
- Added phase start with context health check
- Added phase completion with timing
- Added component tagging for log filtering

All phases now include:
- ⏰ Context deadline monitoring at phase start
- 🔍 Discovery/execution start logging
- ✅ Success completion with detailed timing
- ❌ Failure logging with error context
- Elapsed time tracking since phase start

This completes comprehensive logging coverage across the entire scan pipeline
to diagnose timeout and context propagation issues.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: CodeMonkeyCybersecurity

cmd/serve.go

@@ -241,7 +241,7 @@ func runServe(cmd *cobra.Command, args []string) error {
 			"security_warning", "For production, set SHELLS_API_KEY environment variable",
 			"component", "api_server",
 		)
-		log.Warn("⚠️  SECURITY WARNING: Using auto-generated API key for local development")
+		log.Warn("  SECURITY WARNING: Using auto-generated API key for local development")
 		log.Warn("   For production use, set SHELLS_API_KEY environment variable")
 		log.Warn("   Example: export SHELLS_API_KEY=$(openssl rand -hex 32)")
 	} else {

cmd/workers.go

@@ -76,10 +76,10 @@ and install all dependencies. This only needs to be run once.`,
 		// Update requirements.txt files for Python 3.12 compatibility
 		log.Info("🔧 Updating requirements for Python 3.12 compatibility...", "component", "workers")
 		if err := updateGraphCrawlerRequirements(graphCrawlerDir); err != nil {
-			log.Warnw("⚠️  Warning: Failed to update GraphCrawler requirements", "error", err, "component", "workers")
+			log.Warnw("  Warning: Failed to update GraphCrawler requirements", "error", err, "component", "workers")
 		}
 		if err := updateIDORDRequirements(idordDir); err != nil {
-			log.Warnw("⚠️  Warning: Failed to update IDORD requirements", "error", err, "component", "workers")
+			log.Warnw("  Warning: Failed to update IDORD requirements", "error", err, "component", "workers")
 		}
 
 		// Create Python virtual environment
@@ -115,7 +115,7 @@ and install all dependencies. This only needs to be run once.`,
 			installCmd.Stdout = os.Stdout
 			installCmd.Stderr = os.Stderr
 			if err := installCmd.Run(); err != nil {
-				log.Warnw("⚠️  Warning: Failed to install GraphCrawler requirements", "error", err, "component", "workers")
+				log.Warnw("  Warning: Failed to install GraphCrawler requirements", "error", err, "component", "workers")
 			}
 		}
 
@@ -126,7 +126,7 @@ and install all dependencies. This only needs to be run once.`,
 			installCmd.Stdout = os.Stdout
 			installCmd.Stderr = os.Stderr
 			if err := installCmd.Run(); err != nil {
-				log.Warnw("⚠️  Warning: Failed to install IDORD requirements", "error", err, "component", "workers")
+				log.Warnw("  Warning: Failed to install IDORD requirements", "error", err, "component", "workers")
 			}
 		}
 
@@ -174,7 +174,7 @@ var workersStartCmd = &cobra.Command{
 		// Save PID for stopping later
 		pidFile := filepath.Join(workersDir, "worker.pid")
 		if err := os.WriteFile(pidFile, []byte(fmt.Sprintf("%d", startCmd.Process.Pid)), 0644); err != nil {
-			log.Warnw("⚠️  Warning: Failed to save PID file", "error", err, "component", "workers")
+			log.Warnw("  Warning: Failed to save PID file", "error", err, "component", "workers")
 		}
 
 		// Wait for service to be ready

internal/orchestrator/bounty_engine.go

@@ -376,7 +376,7 @@ func (e *BugBountyEngine) Execute(ctx context.Context, target string) (*BugBount
 			"time_until_deadline", time.Until(deadline).String(),
 		)
 	} else {
-		e.logger.Warnw("⚠️  No deadline on parent context - unexpected!")
+		e.logger.Warnw("  No deadline on parent context - unexpected!")
 	}
 
 	// Phase 1: Asset Discovery (or skip if configured)
@@ -664,7 +664,7 @@ func (e *BugBountyEngine) executeDiscoveryPhase(ctx context.Context, target stri
 			"parent_deadline_seconds", time.Until(deadline).Seconds(),
 		)
 	} else {
-		e.logger.Warnw("⚠️  No parent context deadline - unexpected!",
+		e.logger.Warnw("  No parent context deadline - unexpected!",
 			"target", target,
 		)
 	}
@@ -1130,27 +1130,48 @@ func (e *BugBountyEngine) executeTestingPhase(ctx context.Context, target string
 
 // runAuthenticationTests executes all authentication vulnerability tests
 func (e *BugBountyEngine) runAuthenticationTests(ctx context.Context, target string, assets []*AssetPriority) ([]types.Finding, PhaseResult) {
+	phaseStart := time.Now()
 	phase := PhaseResult{
 		Phase:     "authentication",
 		Status:    "running",
-		StartTime: time.Now(),
+		StartTime: phaseStart,
 	}
 
-	e.logger.Infow("Testing authentication vulnerabilities", "target", target)
+	e.logger.Infow("🔐 Starting authentication testing phase",
+		"target", target,
+		"asset_count", len(assets),
+		"component", "auth_scanner",
+	)
+
+	// Check context status
+	if deadline, ok := ctx.Deadline(); ok {
+		remaining := time.Until(deadline)
+		e.logger.Infow("⏰ Context status at auth phase start",
+			"remaining_time", remaining.String(),
+			"remaining_seconds", remaining.Seconds(),
+			"context_healthy", remaining > 0,
+			"component", "auth_scanner",
+		)
+	}
 
 	var findings []types.Finding
 
 	// Discover authentication endpoints
-	e.logger.Infow(" Discovering authentication endpoints",
+	discoveryStart := time.Now()
+	e.logger.Infow("🔍 Discovering authentication endpoints",
 		"target", target,
 		"component", "auth_scanner",
 	)
 
 	authInventory, err := e.authDiscovery.DiscoverAllAuth(ctx, target)
+	discoveryDuration := time.Since(discoveryStart)
+
 	if err != nil {
-		e.logger.Errorw("Authentication discovery failed",
+		e.logger.Errorw("❌ Authentication discovery failed",
 			"error", err,
 			"target", target,
+			"discovery_duration", discoveryDuration.String(),
+			"elapsed_since_phase_start", time.Since(phaseStart).String(),
 			"component", "auth_scanner",
 		)
 		phase.Status = "failed"
@@ -1161,10 +1182,25 @@ func (e *BugBountyEngine) runAuthenticationTests(ctx context.Context, target str
 	}
 
 	// Log discovery results
-	e.logger.Infow("Authentication endpoint discovery complete",
+	protocolsFound := []string{}
+	if authInventory.SAML != nil {
+		protocolsFound = append(protocolsFound, "SAML")
+	}
+	if authInventory.OAuth2 != nil {
+		protocolsFound = append(protocolsFound, "OAuth2/OIDC")
+	}
+	if authInventory.WebAuthn != nil {
+		protocolsFound = append(protocolsFound, "WebAuthn/FIDO2")
+	}
+
+	e.logger.Infow("✅ Authentication endpoint discovery complete",
 		"saml_found", authInventory.SAML != nil,
 		"oauth2_found", authInventory.OAuth2 != nil,
 		"webauthn_found", authInventory.WebAuthn != nil,
+		"protocols_found", protocolsFound,
+		"protocol_count", len(protocolsFound),
+		"discovery_duration", discoveryDuration.String(),
+		"elapsed_since_phase_start", time.Since(phaseStart).String(),
 		"component", "auth_scanner",
 	)
 
@@ -1324,13 +1360,28 @@ func (e *BugBountyEngine) runAuthenticationTests(ctx context.Context, target str
 
 // runSCIMTests executes SCIM vulnerability tests in parallel
 func (e *BugBountyEngine) runSCIMTests(ctx context.Context, assets []*AssetPriority) ([]types.Finding, PhaseResult) {
+	phaseStart := time.Now()
 	phase := PhaseResult{
 		Phase:     "scim",
 		Status:    "running",
-		StartTime: time.Now(),
+		StartTime: phaseStart,
 	}
 
-	e.logger.Infow("Testing SCIM endpoints")
+	e.logger.Infow("🔍 Starting SCIM testing phase",
+		"asset_count", len(assets),
+		"component", "scim_scanner",
+	)
+
+	// Check context status
+	if deadline, ok := ctx.Deadline(); ok {
+		remaining := time.Until(deadline)
+		e.logger.Infow("⏰ Context status at SCIM phase start",
+			"remaining_time", remaining.String(),
+			"remaining_seconds", remaining.Seconds(),
+			"context_healthy", remaining > 0,
+			"component", "scim_scanner",
+		)
+	}
 
 	var findings []types.Finding
 	var mu sync.Mutex
@@ -1393,7 +1444,12 @@ func (e *BugBountyEngine) runSCIMTests(ctx context.Context, assets []*AssetPrior
 	phase.Status = "completed"
 	phase.Findings = len(findings)
 
-	e.logger.Infow("SCIM testing completed", "findings", len(findings), "duration", phase.Duration)
+	e.logger.Infow("🎉 SCIM testing phase completed",
+		"total_findings", len(findings),
+		"phase_duration", phase.Duration.String(),
+		"elapsed_since_phase_start", time.Since(phaseStart).String(),
+		"component", "scim_scanner",
+	)
 
 	return findings, phase
 }
@@ -1482,7 +1538,7 @@ func (e *BugBountyEngine) runNmapScans(ctx context.Context, assets []*AssetPrior
 			)
 		}
 	} else {
-		e.logger.Warnw("⚠️  No deadline on context before Nmap - unexpected!",
+		e.logger.Warnw("  No deadline on context before Nmap - unexpected!",
 			"component", "nmap_scanner",
 		)
 	}

pkg/platforms/azure/client.go

@@ -134,7 +134,7 @@ func (c *Client) Submit(ctx context.Context, report *platforms.VulnerabilityRepo
 			fmt.Sprintf("Azure Security Vulnerability: %s", report.Title) +
 			"&body=" + emailBody,
 		Status: "requires_manual_email", // User must click mailto link or copy email body
-		Message: fmt.Sprintf("⚠️  MANUAL ACTION REQUIRED: Report formatted but NOT submitted.\n"+
+		Message: fmt.Sprintf("  MANUAL ACTION REQUIRED: Report formatted but NOT submitted.\n"+
 			"Please click the mailto: link above or manually email the report to %s\n"+
 			"The email body has been formatted according to MSRC guidelines.",
 			c.config.ReportingEmail),