@chainpatrol/cli 0.1.0

package/dist/cli.js

@@ -0,0 +1,895 @@
+#!/usr/bin/env node
+import {
+  CliExitError,
+  ExitCode,
+  mapErrorToExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  resolveOutputFormat
+} from "./chunk-VFT3TD3E.js";
+
+// src/cli.tsx
+import meow from "meow";
+
+// src/lib/cli-context.ts
+function createCliContext({
+  json,
+  output,
+  dryRun,
+  explain
+}) {
+  try {
+    return {
+      outputFormat: resolveOutputFormat({ json, output }),
+      dryRun,
+      explain
+    };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Invalid output format provided.";
+    throw new CliExitError(message, ExitCode.USAGE);
+  }
+}
+
+// src/lib/command-help.ts
+var COMMON_OPTIONS = [
+  "--json                Output as machine-readable JSON",
+  "--output <fmt>        Output format: human|json|markdown|csv",
+  "--quiet, -q           Suppress non-essential output",
+  "--no-color            Disable colored output (also respects NO_COLOR)",
+  "--no-input            Disable interactive prompts (for scripting)",
+  "--help, -h            Show this help"
+];
+function formatEntry(name, entry) {
+  const lines = [];
+  lines.push(`  ${name}`);
+  lines.push(`    ${entry.description}`);
+  lines.push("");
+  lines.push("  Usage");
+  lines.push(`    $ ${entry.usage}`);
+  if (entry.options && entry.options.length > 0) {
+    lines.push("");
+    lines.push("  Options");
+    for (const option of entry.options) {
+      lines.push(`    ${option}`);
+    }
+  }
+  lines.push("");
+  lines.push("  Common options");
+  for (const option of COMMON_OPTIONS) {
+    lines.push(`    ${option}`);
+  }
+  if (entry.examples && entry.examples.length > 0) {
+    lines.push("");
+    lines.push("  Examples");
+    for (const example of entry.examples) {
+      lines.push(`    $ ${example}`);
+    }
+  }
+  return lines.join("\n");
+}
+var HELP = {
+  login: {
+    description: "Authenticate with ChainPatrol via device-code flow.",
+    usage: "chainpatrol login",
+    examples: ["chainpatrol login", "chainpatrol login --json"]
+  },
+  logout: {
+    description: "Clear stored credentials from this machine.",
+    usage: "chainpatrol logout"
+  },
+  configs: {
+    description: "Manage detection configs for an organization.",
+    usage: "chainpatrol configs <list>",
+    options: ["--org <slug>          Organization slug (saved as default)"],
+    examples: ["chainpatrol configs list --org acme"]
+  },
+  "configs list": {
+    description: "List detection configs available to your organization.",
+    usage: "chainpatrol configs list --org <slug>",
+    options: ["--org <slug>          Organization slug"],
+    examples: ["chainpatrol configs list --org acme"]
+  },
+  detections: {
+    description: "Validate, run, and update detection configs.",
+    usage: "chainpatrol detections <healthcheck|validate|drift|run|configs>",
+    options: ["--org <slug>          Organization slug"],
+    examples: [
+      "chainpatrol detections healthcheck --org acme --run",
+      "chainpatrol detections validate --org acme --min-results 5",
+      "chainpatrol detections drift --org acme --lookback-hours 168",
+      "chainpatrol detections run --org acme --source twitter",
+      "chainpatrol detections configs update --org acme --config-id 1 --enable"
+    ]
+  },
+  "detections healthcheck": {
+    description: "Run a health check across all detection configs for an org.",
+    usage: "chainpatrol detections healthcheck --org <slug> [options]",
+    options: [
+      "--org <slug>          Organization slug",
+      "--source <key>        Filter by detection source key",
+      "--min-results <n>     Minimum recent results required",
+      "--lookback-hours <n>  Lookback window in hours",
+      "--run                 Run detections before validating",
+      "--include-disabled    Include disabled configs"
+    ],
+    examples: ["chainpatrol detections healthcheck --org acme --run"]
+  },
+  "detections validate": {
+    description: "Validate that detection configs produce expected results.",
+    usage: "chainpatrol detections validate --org <slug> [options]",
+    options: [
+      "--org <slug>          Organization slug",
+      "--source <key>        Filter by detection source key",
+      "--min-results <n>     Minimum recent results required",
+      "--lookback-hours <n>  Lookback window in hours",
+      "--run                 Run detections before validating",
+      "--include-disabled    Include disabled configs"
+    ]
+  },
+  "detections drift": {
+    description: "Detect drift signals (zero-results, noisy, stale queries).",
+    usage: "chainpatrol detections drift --org <slug> [options]",
+    options: [
+      "--org <slug>          Organization slug",
+      "--source <key>        Filter by detection source key",
+      "--config-id <n>       Filter by config id",
+      "--lookback-hours <n>  Lookback window in hours",
+      "--include-disabled    Include disabled configs"
+    ]
+  },
+  "detections run": {
+    description: "Run one or more detection configs on demand.",
+    usage: "chainpatrol detections run --org <slug> [options]",
+    options: [
+      "--org <slug>          Organization slug",
+      "--config-id <n>       Run a specific config",
+      "--source <key>        Filter by detection source key",
+      "--include-disabled    Include disabled configs",
+      "--dry-run             Preview without executing"
+    ]
+  },
+  "detections configs update": {
+    description: "Update an existing detection config's status, title, cron, or query.",
+    usage: "chainpatrol detections configs update --org <slug> --config-id <n> [options]",
+    options: [
+      "--org <slug>          Organization slug",
+      "--config-id <n>       Config id (required)",
+      "--enable              Enable the config",
+      "--disable             Disable the config",
+      "--title <text>        New title",
+      "--description <text>  New description",
+      "--cron <expr>         New CRON expression",
+      "--set key=value       Patch a config value (repeatable)",
+      "--merge-config        Merge --set keys into existing config (default true)",
+      "--dry-run             Preview without applying"
+    ],
+    examples: [
+      "chainpatrol detections configs update --org acme --config-id 12 --enable",
+      'chainpatrol detections configs update --org acme --config-id 12 --set query="phishing site"'
+    ]
+  },
+  metrics: {
+    description: "Query organization metrics and breakdowns.",
+    usage: "chainpatrol metrics <summary|found|breakdown>",
+    options: ["--org <slug>          Organization slug"],
+    examples: [
+      "chainpatrol metrics summary --org acme --this-week",
+      "chainpatrol metrics found --org acme --from 2025-01-01 --to 2025-02-01",
+      "chainpatrol metrics breakdown --org acme --by day --this-week"
+    ]
+  },
+  "metrics summary": {
+    description: "Summary metrics for an org over a date range.",
+    usage: "chainpatrol metrics summary --org <slug> [--from ISO --to ISO]",
+    options: [
+      "--org <slug>          Organization slug",
+      "--from <iso>          Start date (ISO 8601)",
+      "--to <iso>            End date (ISO 8601)",
+      "--brand <ids>         Comma-separated brand IDs"
+    ]
+  },
+  "metrics found": {
+    description: "Count of newly found threats over a date range.",
+    usage: "chainpatrol metrics found --org <slug> [--from ISO --to ISO|--this-week]",
+    options: [
+      "--org <slug>          Organization slug",
+      "--from <iso>          Start date (ISO 8601)",
+      "--to <iso>            End date (ISO 8601)",
+      "--this-week           Use the current week",
+      "--brand <ids>         Comma-separated brand IDs"
+    ]
+  },
+  "metrics breakdown": {
+    description: "Threat counts grouped by axis (day, type, brand).",
+    usage: "chainpatrol metrics breakdown --org <slug> --by <day|type|brand>",
+    options: [
+      "--org <slug>          Organization slug",
+      "--by <axis>           day|type|brand (required)",
+      "--from <iso>          Start date",
+      "--to <iso>            End date",
+      "--brand <ids>         Comma-separated brand IDs"
+    ]
+  },
+  reports: {
+    description: "Create and list reports from the terminal.",
+    usage: "chainpatrol reports <create|list>",
+    examples: [
+      'chainpatrol reports create --org acme --title "Phish" --asset "https://bad.site:BLOCKED"',
+      "chainpatrol reports list --org acme --limit 5"
+    ]
+  },
+  "reports create": {
+    description: "Create a new report with one or more assets.",
+    usage: "chainpatrol reports create [--org <slug>] [options]",
+    options: [
+      "--org <slug>          Organization slug (defaults to saved/env)",
+      "--title <text>        Report title",
+      "--description <text>  Report description",
+      "--contact-info <text> Reporter contact info",
+      "--asset <c[:status]>  Asset (repeatable). status=BLOCKED|ALLOWED|UNKNOWN",
+      "--attachment-url <u>  Attachment URL (repeatable)",
+      "--external-submission-link <u>  External submission link",
+      "--payload-file <path> JSON file with full report payload",
+      "--dry-run             Preview without submitting"
+    ],
+    examples: [
+      'chainpatrol reports create --org acme --title "Phish" --asset "https://bad.site:BLOCKED"',
+      "chainpatrol reports create --payload-file ./report.json --dry-run"
+    ]
+  },
+  "reports list": {
+    description: "List recent reports for an organization.",
+    usage: "chainpatrol reports list --org <slug> [options]",
+    options: [
+      "--org <slug>          Organization slug",
+      "--limit <n>           Page size (1-20)",
+      "--cursor <id>         Pagination cursor",
+      "--status <s>          Filter by report status",
+      "--search <q>          Search query"
+    ]
+  },
+  queues: {
+    description: "Snapshot operations review/takedown queues.",
+    usage: "chainpatrol queues snapshot [--org <slug>|--all]",
+    examples: [
+      "chainpatrol queues snapshot --org acme",
+      "chainpatrol queues snapshot --all"
+    ]
+  },
+  "queues snapshot": {
+    description: "Snapshot pending review proposals and open takedowns.",
+    usage: "chainpatrol queues snapshot [--org <slug>|--all] [--window-hours <n>]",
+    options: [
+      "--org <slug>          Organization slug",
+      "--all                 All organizations (staff-only)",
+      "--window-hours <n>    Hours used for staleness windows"
+    ]
+  },
+  presets: {
+    description: "Run saved workflows for common jobs.",
+    usage: "chainpatrol presets <list|run <id>>",
+    examples: [
+      "chainpatrol presets list",
+      "chainpatrol presets run cs-weekly-health --org acme"
+    ]
+  },
+  "presets list": {
+    description: "List available preset workflows.",
+    usage: "chainpatrol presets list"
+  },
+  "presets run": {
+    description: "Run a preset workflow by id.",
+    usage: "chainpatrol presets run <preset-id> --org <slug>",
+    options: ["--org <slug>          Organization slug"]
+  },
+  setup: {
+    description: "Install Claude Code skill and shell completions.",
+    usage: "chainpatrol setup"
+  },
+  uninstall: {
+    description: "Remove Claude Code skill and shell completions.",
+    usage: "chainpatrol uninstall"
+  },
+  completions: {
+    description: "Output a shell completion script.",
+    usage: "chainpatrol completions <zsh|bash>",
+    examples: ["chainpatrol completions zsh > _chainpatrol"]
+  }
+};
+function getCommandHelp(command2, subcommand2) {
+  if (subcommand2) {
+    const combined = `${command2} ${subcommand2}`;
+    if (HELP[combined]) {
+      return formatEntry(`chainpatrol ${combined}`, HELP[combined]);
+    }
+  }
+  if (HELP[command2]) {
+    return formatEntry(`chainpatrol ${command2}`, HELP[command2]);
+  }
+  return null;
+}
+function getTopLevelHelp() {
+  return [
+    "  ChainPatrol CLI",
+    "",
+    "  Usage",
+    "    $ chainpatrol <command> [options]",
+    "",
+    "  Commands",
+    "    login         Authenticate with ChainPatrol",
+    "    logout        Clear stored credentials",
+    "    configs       Manage detection configs",
+    "    detections    Validate, run, update detection configs",
+    "    metrics       Query organization metrics and breakdowns",
+    "    reports       Create and list reports from terminal",
+    "    queues        Snapshot operations review/takedown queues",
+    "    presets       Run saved workflows for common jobs",
+    "    setup         Install Claude Code skill and shell completions",
+    "    uninstall     Remove Claude Code skill and shell completions",
+    "    completions   Output shell completion script (zsh/bash)",
+    "    help <cmd>    Show help for a specific command",
+    "",
+    "  Common options (use --help on a command for full options)",
+    ...COMMON_OPTIONS.map((option) => `    ${option}`),
+    "",
+    "  Examples",
+    "    $ chainpatrol login",
+    "    $ chainpatrol configs list --org acme",
+    "    $ chainpatrol detections healthcheck --help",
+    "    $ chainpatrol reports create --help",
+    "",
+    "  Support",
+    "    https://github.com/chainpatrol/chainpatrol-cli/issues"
+  ].join("\n");
+}
+
+// src/cli.tsx
+var COMMANDS = [
+  "login",
+  "logout",
+  "configs",
+  "detections",
+  "metrics",
+  "reports",
+  "queues",
+  "presets",
+  "setup",
+  "uninstall",
+  "completions",
+  "help"
+];
+function levenshtein(a, b) {
+  const m = a.length;
+  const n = b.length;
+  const dp = Array.from({ length: m + 1 }, () => Array(n + 1).fill(0));
+  for (let i = 0; i <= m; i++) dp[i][0] = i;
+  for (let j = 0; j <= n; j++) dp[0][j] = j;
+  for (let i = 1; i <= m; i++) {
+    for (let j = 1; j <= n; j++) {
+      dp[i][j] = a[i - 1] === b[j - 1] ? dp[i - 1][j - 1] : 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
+    }
+  }
+  return dp[m][n];
+}
+function suggest(input, candidates) {
+  let best = null;
+  let bestDist = 3;
+  for (const candidate of candidates) {
+    const d = levenshtein(input, candidate);
+    if (d < bestDist) {
+      bestDist = d;
+      best = candidate;
+    }
+  }
+  return best;
+}
+var cli = meow(`
+${getTopLevelHelp()}
+`, {
+  importMeta: import.meta,
+  version: "0.1.0",
+  flags: {
+    json: { type: "boolean", default: false },
+    output: { type: "string" },
+    dryRun: { type: "boolean", default: false },
+    explain: { type: "boolean", default: false },
+    all: { type: "boolean", default: false },
+    windowHours: { type: "number" },
+    org: { type: "string" },
+    source: { type: "string" },
+    configId: { type: "number" },
+    run: { type: "boolean", default: false },
+    minResults: { type: "number" },
+    lookbackHours: { type: "number" },
+    from: { type: "string" },
+    to: { type: "string" },
+    thisWeek: { type: "boolean", default: false },
+    by: { type: "string" },
+    brand: { type: "string" },
+    enable: { type: "boolean", default: false },
+    disable: { type: "boolean", default: false },
+    includeDisabled: { type: "boolean", default: false },
+    title: { type: "string" },
+    description: { type: "string" },
+    cron: { type: "string" },
+    mergeConfig: { type: "boolean", default: true },
+    asset: { type: "string" },
+    limit: { type: "number" },
+    cursor: { type: "number" },
+    status: { type: "string" },
+    search: { type: "string" },
+    attachmentUrl: { type: "string" },
+    contactInfo: { type: "string" },
+    externalSubmissionLink: { type: "string" },
+    payloadFile: { type: "string" },
+    help: { type: "boolean", shortFlag: "h" },
+    version: { type: "boolean", shortFlag: "V" },
+    quiet: { type: "boolean", default: false, shortFlag: "q" },
+    noInput: { type: "boolean", default: false },
+    noColor: { type: "boolean", default: false }
+  }
+});
+var [command, subcommand, action] = cli.input;
+var cliContext = createCliContext({
+  json: cli.flags.json,
+  output: cli.flags.output,
+  dryRun: cli.flags.dryRun,
+  explain: cli.flags.explain
+});
+var jsonMode = cliContext.outputFormat === "json";
+var quiet = cli.flags.quiet;
+function jsonError(message, code = ExitCode.UNKNOWN) {
+  console.error(JSON.stringify({ error: message, exitCode: code }, null, 2));
+  process.exit(code);
+}
+async function tryResolveOrg() {
+  const { getConfig, saveConfig } = await import("./config-Z3TASRME.js");
+  const config = getConfig();
+  if (cli.flags.org) {
+    if (config.defaultOrg !== cli.flags.org) {
+      saveConfig({ ...config, defaultOrg: cli.flags.org });
+    }
+    return cli.flags.org;
+  }
+  if (config.defaultOrg) {
+    return config.defaultOrg;
+  }
+  const envOrg = process.env.CHAINPATROL_ORG;
+  if (envOrg) {
+    return envOrg;
+  }
+  return void 0;
+}
+async function resolveOrg() {
+  const org = await tryResolveOrg();
+  if (org) return org;
+  if (jsonMode) jsonError("Organization required. Use --org <slug> to specify one.");
+  throw new Error("Organization required. Use --org <slug> to specify one.");
+}
+function getRepeatedFlag(flagName) {
+  const values = [];
+  const argv = process.argv.slice(2);
+  for (let i = 0; i < argv.length; i += 1) {
+    if (argv[i] === `--${flagName}`) {
+      const nextValue = argv[i + 1];
+      if (nextValue && !nextValue.startsWith("-")) {
+        values.push(nextValue);
+      }
+    }
+    if (argv[i].startsWith(`--${flagName}=`)) {
+      values.push(argv[i].slice(flagName.length + 3));
+    }
+  }
+  return values;
+}
+function parseSetValue(value) {
+  if (value === "true") return true;
+  if (value === "false") return false;
+  if (value === "null") return null;
+  const parsedNumber = Number(value);
+  if (!Number.isNaN(parsedNumber) && value.trim() !== "") return parsedNumber;
+  if (value.startsWith("{") && value.endsWith("}") || value.startsWith("[") && value.endsWith("]")) {
+    try {
+      return JSON.parse(value);
+    } catch {
+      return value;
+    }
+  }
+  return value;
+}
+function getConfigPatchFromSetFlags() {
+  const setFlags = getRepeatedFlag("set");
+  const patch = {};
+  for (const flag of setFlags) {
+    const equalsIndex = flag.indexOf("=");
+    if (equalsIndex <= 0) continue;
+    const key = flag.slice(0, equalsIndex).trim();
+    const value = flag.slice(equalsIndex + 1).trim();
+    if (!key) continue;
+    patch[key] = parseSetValue(value);
+  }
+  return patch;
+}
+function parseBrandIds() {
+  if (!cli.flags.brand) return void 0;
+  const values = cli.flags.brand.split(",").map((item) => item.trim()).filter(Boolean);
+  const ids = values.map((value) => Number(value)).filter((value) => !Number.isNaN(value));
+  return ids.length > 0 ? ids : void 0;
+}
+function parseAssetInputs() {
+  return getRepeatedFlag("asset");
+}
+function parseAttachmentUrls() {
+  const values = getRepeatedFlag("attachment-url").filter(Boolean);
+  return values.length > 0 ? values : void 0;
+}
+async function handleConfigsList(org) {
+  if (jsonMode) {
+    const { listConfigsJson } = await import("./list-json-TPBLJBD3.js");
+    await listConfigsJson({ org });
+    return;
+  }
+  const { render } = await import("ink");
+  const { default: ConfigsList } = await import("./list-IBMM562A.js");
+  const { default: React } = await import("react");
+  render(React.createElement(ConfigsList, { org }));
+}
+function maybeShowScopedHelp() {
+  const wantsHelp = cli.flags.help === true || command === "help";
+  if (command === "help") {
+    if (subcommand) {
+      const text = getCommandHelp(subcommand, action);
+      if (text) {
+        console.log(text);
+        return true;
+      }
+    }
+    console.log(getTopLevelHelp());
+    return true;
+  }
+  if (wantsHelp && command) {
+    const text = getCommandHelp(command, subcommand);
+    if (text) {
+      console.log(text);
+      return true;
+    }
+  }
+  return false;
+}
+async function main() {
+  if (maybeShowScopedHelp()) {
+    return;
+  }
+  if (cliContext.dryRun) {
+    const dryRunSupported = command === "reports" && subcommand === "create" || command === "detections" && subcommand === "run" || command === "detections" && subcommand === "configs" && action === "run" || command === "detections" && subcommand === "configs" && action === "update";
+    if (!dryRunSupported) {
+      throw new CliExitError(
+        "--dry-run is only supported for mutation commands.",
+        ExitCode.USAGE
+      );
+    }
+  }
+  switch (command) {
+    case "login": {
+      if (cli.flags.noInput && !jsonMode) {
+        throw new Error(
+          "Login requires interaction. Use --json to get the device code URL for non-interactive auth."
+        );
+      }
+      if (jsonMode) {
+        const { loginJson } = await import("./login-json-LKB72OFY.js");
+        await loginJson();
+      } else {
+        const { render } = await import("ink");
+        const { default: Login } = await import("./login-G7LPHKDR.js");
+        const { default: React } = await import("react");
+        render(React.createElement(Login));
+      }
+      break;
+    }
+    case "logout": {
+      if (jsonMode) {
+        const { logoutJson } = await import("./logout-json-4GIJZJ46.js");
+        await logoutJson();
+      } else {
+        const { render } = await import("ink");
+        const { default: Logout } = await import("./logout-LA7VEKON.js");
+        const { default: React } = await import("react");
+        render(React.createElement(Logout));
+      }
+      break;
+    }
+    case "configs": {
+      if (subcommand === "list") {
+        const org = await resolveOrg();
+        await handleConfigsList(org);
+        break;
+      }
+      const sub = subcommand;
+      if (sub) {
+        const hint = suggest(sub, ["list"]);
+        throw new Error(
+          `Unknown subcommand: configs ${sub}${hint ? `. Did you mean "configs ${hint}"?` : ""}`
+        );
+      }
+      throw new Error("Usage: chainpatrol configs list");
+    }
+    case "detections": {
+      const org = await resolveOrg();
+      if (subcommand === "healthcheck") {
+        const { runDetectionsHealthcheck } = await import("./healthcheck-7DR5MGEQ.js");
+        await runDetectionsHealthcheck({
+          org,
+          source: cli.flags.source,
+          minResults: cli.flags.minResults,
+          lookbackHours: cli.flags.lookbackHours,
+          run: cli.flags.run,
+          includeDisabled: cli.flags.includeDisabled,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain
+        });
+        break;
+      }
+      if (subcommand === "validate") {
+        const { runDetectionsValidate } = await import("./validate-PI7GPT5I.js");
+        await runDetectionsValidate({
+          org,
+          source: cli.flags.source,
+          minResults: cli.flags.minResults,
+          lookbackHours: cli.flags.lookbackHours,
+          runBeforeValidate: cli.flags.run,
+          includeDisabled: cli.flags.includeDisabled,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain
+        });
+        break;
+      }
+      if (subcommand === "drift") {
+        const { runDetectionsDrift } = await import("./drift-VRZKQC4P.js");
+        await runDetectionsDrift({
+          org,
+          source: cli.flags.source,
+          configId: cli.flags.configId,
+          lookbackHours: cli.flags.lookbackHours,
+          includeDisabled: cli.flags.includeDisabled,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain
+        });
+        break;
+      }
+      if (subcommand === "run") {
+        const { runDetectionsRun } = await import("./run-PABQKATZ.js");
+        await runDetectionsRun({
+          org,
+          configId: cli.flags.configId,
+          source: cli.flags.source,
+          includeDisabled: cli.flags.includeDisabled,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain,
+          dryRun: cliContext.dryRun
+        });
+        break;
+      }
+      if (subcommand === "configs") {
+        if (action === "list") {
+          await handleConfigsList(org);
+          break;
+        }
+        if (action === "run") {
+          const { runDetectionsRun } = await import("./run-PABQKATZ.js");
+          await runDetectionsRun({
+            org,
+            configId: cli.flags.configId,
+            source: cli.flags.source,
+            includeDisabled: cli.flags.includeDisabled,
+            json: jsonMode,
+            outputFormat: cliContext.outputFormat,
+            explain: cliContext.explain,
+            dryRun: cliContext.dryRun
+          });
+          break;
+        }
+        if (action === "update") {
+          if (!cli.flags.configId) {
+            throw new Error("detections configs update requires --config-id");
+          }
+          const configPatch = getConfigPatchFromSetFlags();
+          const { runDetectionsConfigsUpdate } = await import("./configs-update-BK2S6AZ6.js");
+          await runDetectionsConfigsUpdate({
+            org,
+            configId: cli.flags.configId,
+            enable: cli.flags.enable,
+            disable: cli.flags.disable,
+            title: cli.flags.title,
+            description: cli.flags.description,
+            cron: cli.flags.cron,
+            configPatch: Object.keys(configPatch).length > 0 ? configPatch : void 0,
+            mergeConfig: cli.flags.mergeConfig,
+            json: jsonMode,
+            outputFormat: cliContext.outputFormat,
+            explain: cliContext.explain,
+            dryRun: cliContext.dryRun
+          });
+          break;
+        }
+      }
+      const hint = subcommand ? suggest(subcommand, ["healthcheck", "validate", "drift", "run", "configs"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: detections ${subcommand}${hint ? `. Did you mean "detections ${hint}"?` : ""}` : "Usage: chainpatrol detections <healthcheck|validate|drift|run|configs>"
+      );
+    }
+    case "metrics": {
+      const org = await resolveOrg();
+      if (subcommand === "summary") {
+        const { runMetricsSummary } = await import("./summary-YG5NYIOA.js");
+        await runMetricsSummary({
+          org,
+          from: cli.flags.from,
+          to: cli.flags.to,
+          brandIds: parseBrandIds(),
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat
+        });
+        break;
+      }
+      if (subcommand === "found") {
+        const { runMetricsFound } = await import("./found-4O3AISNI.js");
+        await runMetricsFound({
+          org,
+          from: cli.flags.from,
+          to: cli.flags.to,
+          thisWeek: cli.flags.thisWeek,
+          brandIds: parseBrandIds(),
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat
+        });
+        break;
+      }
+      if (subcommand === "breakdown") {
+        const by = cli.flags.by;
+        if (!by || !["day", "type", "brand"].includes(by)) {
+          throw new Error("metrics breakdown requires --by <day|type|brand>");
+        }
+        const { runMetricsBreakdown } = await import("./breakdown-JVN66HY3.js");
+        await runMetricsBreakdown({
+          org,
+          by,
+          from: cli.flags.from,
+          to: cli.flags.to,
+          brandIds: parseBrandIds(),
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat
+        });
+        break;
+      }
+      const hint = subcommand ? suggest(subcommand, ["summary", "found", "breakdown"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: metrics ${subcommand}${hint ? `. Did you mean "metrics ${hint}"?` : ""}` : "Usage: chainpatrol metrics <summary|found|breakdown>"
+      );
+    }
+    case "reports": {
+      if (subcommand === "list") {
+        const org = await resolveOrg();
+        const { runReportsList } = await import("./list-6L7XR4SZ.js");
+        await runReportsList({
+          org,
+          limit: cli.flags.limit,
+          cursor: cli.flags.cursor,
+          status: cli.flags.status,
+          searchQuery: cli.flags.search,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain
+        });
+        break;
+      }
+      if (subcommand === "create") {
+        const org = await tryResolveOrg();
+        const { runReportsCreate } = await import("./create-4SQUBQI7.js");
+        await runReportsCreate({
+          org,
+          title: cli.flags.title,
+          description: cli.flags.description,
+          contactInfo: cli.flags.contactInfo,
+          attachmentUrls: parseAttachmentUrls(),
+          externalSubmissionLink: cli.flags.externalSubmissionLink,
+          assets: parseAssetInputs(),
+          payloadFile: cli.flags.payloadFile,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain,
+          dryRun: cliContext.dryRun
+        });
+        break;
+      }
+      const hint = subcommand ? suggest(subcommand, ["create", "list"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: reports ${subcommand}${hint ? `. Did you mean "reports ${hint}"?` : ""}` : "Usage: chainpatrol reports <create|list>"
+      );
+    }
+    case "queues": {
+      if (subcommand === "snapshot") {
+        const { runQueuesSnapshot } = await import("./snapshot-JEVDTE74.js");
+        await runQueuesSnapshot({
+          org: cli.flags.org,
+          all: cli.flags.all,
+          windowHours: cli.flags.windowHours,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain
+        });
+        break;
+      }
+      const hint = subcommand ? suggest(subcommand, ["snapshot"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: queues ${subcommand}${hint ? `. Did you mean "queues ${hint}"?` : ""}` : "Usage: chainpatrol queues snapshot [--org <slug>|--all]"
+      );
+    }
+    case "presets": {
+      if (subcommand === "list") {
+        const { runPresetsList } = await import("./list-HZAHEHDM.js");
+        await runPresetsList({ outputFormat: cliContext.outputFormat });
+        break;
+      }
+      if (subcommand === "run") {
+        if (!action) {
+          throw new Error(
+            "presets run requires a preset id. Example: presets run cs-weekly-health"
+          );
+        }
+        const org = await resolveOrg();
+        const { runPresetsRun } = await import("./run-U62KVNTH.js");
+        await runPresetsRun({
+          presetId: action,
+          org,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain
+        });
+        break;
+      }
+      const hint = subcommand ? suggest(subcommand, ["list", "run"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: presets ${subcommand}${hint ? `. Did you mean "presets ${hint}"?` : ""}` : "Usage: chainpatrol presets <list|run>"
+      );
+    }
+    case "setup":
+    case "install":
+    case "i": {
+      const { setupSkill } = await import("./setup-skill-U24CJZ6T.js");
+      setupSkill({ json: jsonMode });
+      break;
+    }
+    case "uninstall": {
+      const { uninstallSkill } = await import("./setup-skill-U24CJZ6T.js");
+      uninstallSkill({ json: jsonMode });
+      break;
+    }
+    case "completions": {
+      const { printCompletions } = await import("./completions-EGQIARFC.js");
+      printCompletions(subcommand);
+      break;
+    }
+    default: {
+      if (command) {
+        const hint = suggest(command, COMMANDS);
+        const suffix = hint ? ` Did you mean "${hint}"?` : "";
+        throw new Error(`Unknown command: ${command}.${suffix} Use -h for help.`);
+      }
+      if (jsonMode) jsonError("No command specified. Use --help for usage.");
+      if (!quiet) console.log(getTopLevelHelp());
+    }
+  }
+}
+main().catch((err) => {
+  const message = err instanceof Error ? err.message : String(err);
+  const exitCode = mapErrorToExitCode(err);
+  if (jsonMode) {
+    jsonError(message, exitCode);
+  }
+  console.error(message);
+  process.exit(exitCode);
+});