@chainpatrol/cli 0.1.0

package/dist/list-IBMM562A.js

@@ -0,0 +1,139 @@
+import {
+  createApiClient
+} from "./chunk-H7UKKLCV.js";
+import {
+  ErrorDisplay,
+  Spinner
+} from "./chunk-JCMWDZYY.js";
+import {
+  AuthCorruptedError,
+  AuthExpiredError,
+  AuthNotLoggedInError
+} from "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/configs/list.tsx
+import { useState, useEffect } from "react";
+import { Text, Box, useApp } from "ink";
+import { jsx, jsxs } from "react/jsx-runtime";
+var shouldAutoExit = process.env.NODE_ENV !== "test";
+function statusColor(status) {
+  switch (status) {
+    case "enabled":
+      return "green";
+    case "disabled":
+      return "red";
+    default:
+      return "yellow";
+  }
+}
+function formatConfigValue(key, value) {
+  if (value === null || value === void 0 || value === "") return "";
+  if (typeof value === "boolean") return value ? "yes" : "no";
+  return String(value);
+}
+function ConfigsList({ org, apiClient }) {
+  const { exit } = useApp();
+  const [state, setState] = useState({ phase: "loading" });
+  useEffect(() => {
+    const fetchConfigs = async () => {
+      try {
+        const client = apiClient ?? createApiClient();
+        const sources = await client.listDetectionConfigs(org);
+        setState({ phase: "loaded", sources });
+      } catch (err) {
+        if (err instanceof AuthNotLoggedInError || err instanceof AuthCorruptedError) {
+          setState({ phase: "error", message: err.message });
+        } else if (err instanceof AuthExpiredError) {
+          setState({ phase: "error", message: err.message });
+        } else {
+          const message = err instanceof Error ? err.message : "Failed to fetch detection configs";
+          if (message.includes("FORBIDDEN") || message.includes("403")) {
+            setState({
+              phase: "error",
+              message: "You don't have permission to view configs for this organization."
+            });
+          } else {
+            setState({ phase: "error", message });
+          }
+        }
+        if (shouldAutoExit) {
+          setTimeout(() => exit(), 100);
+        }
+      }
+    };
+    fetchConfigs();
+  }, []);
+  switch (state.phase) {
+    case "loading":
+      return /* @__PURE__ */ jsx(Spinner, { label: "Fetching detection configs..." });
+    case "error":
+      return /* @__PURE__ */ jsx(ErrorDisplay, { message: state.message });
+    case "loaded": {
+      if (shouldAutoExit) {
+        setTimeout(() => exit(), 100);
+      }
+      const configured = state.sources.filter((s) => s.configs.length > 0);
+      const globalOnly = state.sources.filter(
+        (s) => s.scope === "global" && s.configs.length === 0
+      );
+      const notConfigured = state.sources.filter(
+        (s) => s.scope !== "global" && s.configs.length === 0
+      );
+      const totalConfigs = state.sources.reduce((sum, s) => sum + s.configs.length, 0);
+      return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+        configured.map((source) => /* @__PURE__ */ jsxs(Box, { flexDirection: "column", marginBottom: 1, children: [
+          /* @__PURE__ */ jsx(Text, { bold: true, children: source.source }),
+          source.configs.map((cfg) => /* @__PURE__ */ jsxs(Box, { flexDirection: "column", marginLeft: 2, children: [
+            /* @__PURE__ */ jsxs(Box, { gap: 1, children: [
+              /* @__PURE__ */ jsx(Text, { color: statusColor(cfg.status), children: cfg.status }),
+              cfg.title ? /* @__PURE__ */ jsx(Text, { dimColor: true, children: cfg.title }) : null,
+              cfg.cron ? /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+                "cron: ",
+                cfg.cron
+              ] }) : null
+            ] }),
+            Object.keys(cfg.config).length > 0 ? /* @__PURE__ */ jsx(Box, { flexDirection: "column", marginLeft: 2, children: Object.entries(cfg.config).map(([key, value]) => {
+              const formatted = formatConfigValue(key, value);
+              if (!formatted) return null;
+              return /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+                key,
+                ": ",
+                formatted
+              ] }, key);
+            }) }) : null
+          ] }, cfg.id))
+        ] }, source.source)),
+        globalOnly.length > 0 ? /* @__PURE__ */ jsxs(Box, { flexDirection: "column", marginTop: 1, children: [
+          /* @__PURE__ */ jsxs(Text, { bold: true, color: "blue", children: [
+            "Global (",
+            globalOnly.length,
+            "):"
+          ] }),
+          /* @__PURE__ */ jsx(Box, { marginLeft: 2, children: /* @__PURE__ */ jsx(Text, { dimColor: true, children: globalOnly.map((s) => s.source).join(", ") }) })
+        ] }) : null,
+        notConfigured.length > 0 ? /* @__PURE__ */ jsxs(Box, { flexDirection: "column", marginTop: 1, children: [
+          /* @__PURE__ */ jsxs(Text, { bold: true, dimColor: true, children: [
+            "Not configured (",
+            notConfigured.length,
+            "):"
+          ] }),
+          /* @__PURE__ */ jsx(Box, { marginLeft: 2, children: /* @__PURE__ */ jsx(Text, { dimColor: true, children: notConfigured.map((s) => s.source).join(", ") }) })
+        ] }) : null,
+        /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+          "\n",
+          state.sources.length,
+          " source(s), ",
+          totalConfigs,
+          " config(s) across",
+          " ",
+          configured.length,
+          " active source(s)"
+        ] })
+      ] });
+    }
+  }
+}
+export {
+  ConfigsList as default
+};

package/dist/list-json-TPBLJBD3.js

@@ -0,0 +1,24 @@
+import {
+  createApiClient
+} from "./chunk-H7UKKLCV.js";
+import "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/configs/list-json.ts
+async function listConfigsJson({
+  org,
+  apiClient
+}) {
+  try {
+    const client = apiClient ?? createApiClient();
+    const configs = await client.listDetectionConfigs(org);
+    console.log(JSON.stringify(configs, null, 2));
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Failed to fetch configs";
+    console.error(JSON.stringify({ error: message }));
+    process.exit(1);
+  }
+}
+export {
+  listConfigsJson
+};

package/dist/login-G7LPHKDR.js

@@ -0,0 +1,162 @@
+import {
+  ErrorDisplay,
+  Spinner
+} from "./chunk-JCMWDZYY.js";
+import {
+  fetchUserEmail,
+  getCredentials,
+  isLoggedIn,
+  pollForToken,
+  requestDeviceCode,
+  storeCredentials
+} from "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/login.tsx
+import { useState, useEffect } from "react";
+import { Text, Box, useApp } from "ink";
+import open from "open";
+import { jsx, jsxs } from "react/jsx-runtime";
+function Login() {
+  const { exit } = useApp();
+  const [state, setState] = useState({ phase: "checking" });
+  useEffect(() => {
+    if (isLoggedIn()) {
+      const creds = getCredentials();
+      if (creds.email) {
+        setState({ phase: "already-logged-in", email: creds.email });
+        setTimeout(() => exit(), 100);
+      } else {
+        fetchUserEmail(creds.accessToken).then((email) => {
+          if (email) {
+            storeCredentials({ ...creds, email });
+          }
+          setState({ phase: "already-logged-in", email: email ?? "" });
+          setTimeout(() => exit(), 100);
+        }).catch(() => {
+          setState({ phase: "already-logged-in", email: "" });
+          setTimeout(() => exit(), 100);
+        });
+      }
+      return;
+    }
+    setState({ phase: "requesting-code" });
+    requestDeviceCode().then((deviceCode) => {
+      setState({ phase: "waiting-for-approval", deviceCode });
+      const uri = deviceCode.verification_uri_complete ?? deviceCode.verification_uri;
+      open(uri).catch(() => {
+      });
+    }).catch((err) => {
+      setState({
+        phase: "error",
+        message: err instanceof Error ? err.message : "Failed to request device code"
+      });
+      setTimeout(() => exit(), 100);
+    });
+  }, []);
+  useEffect(() => {
+    if (state.phase !== "waiting-for-approval") return;
+    let interval = state.deviceCode.interval * 1e3;
+    let cancelled = false;
+    const poll = async () => {
+      while (!cancelled) {
+        await new Promise((r) => setTimeout(r, interval));
+        if (cancelled) break;
+        const result = await pollForToken(state.deviceCode.device_code);
+        switch (result.status) {
+          case "success": {
+            const expiresAt = new Date(
+              Date.now() + result.expiresIn * 1e3
+            ).toISOString();
+            const email = await fetchUserEmail(result.accessToken);
+            const creds = {
+              accessToken: result.accessToken,
+              expiresAt,
+              ...email ? { email } : {}
+            };
+            storeCredentials(creds);
+            setState({ phase: "success", email: email ?? "" });
+            setTimeout(() => exit(), 500);
+            return;
+          }
+          case "pending":
+            continue;
+          case "slow_down":
+            interval += result.addSeconds * 1e3;
+            continue;
+          case "expired":
+            setState({
+              phase: "error",
+              message: "Code expired. Run `chainpatrol login` again."
+            });
+            setTimeout(() => exit(), 100);
+            return;
+          case "denied":
+            setState({ phase: "error", message: "Authorization denied." });
+            setTimeout(() => exit(), 100);
+            return;
+          case "error":
+            setState({ phase: "error", message: result.message });
+            setTimeout(() => exit(), 100);
+            return;
+        }
+      }
+    };
+    poll().catch((err) => {
+      if (!cancelled) {
+        setState({
+          phase: "error",
+          message: err instanceof Error ? `Cannot reach ChainPatrol API. ${err.message}` : "Network error during authentication."
+        });
+        setTimeout(() => exit(), 100);
+      }
+    });
+    return () => {
+      cancelled = true;
+    };
+  }, [state.phase === "waiting-for-approval" ? state.deviceCode.device_code : null]);
+  switch (state.phase) {
+    case "checking":
+      return /* @__PURE__ */ jsx(Spinner, { label: "Checking authentication status..." });
+    case "already-logged-in":
+      return /* @__PURE__ */ jsxs(Text, { children: [
+        /* @__PURE__ */ jsx(Text, { color: "green", bold: true, children: "\u2713" }),
+        /* @__PURE__ */ jsx(Text, { children: " Already logged in" }),
+        state.email ? /* @__PURE__ */ jsxs(Text, { children: [
+          " ",
+          "as ",
+          /* @__PURE__ */ jsx(Text, { bold: true, children: state.email })
+        ] }) : null
+      ] });
+    case "requesting-code":
+      return /* @__PURE__ */ jsx(Spinner, { label: "Requesting device code..." });
+    case "waiting-for-approval":
+      return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", gap: 1, children: [
+        /* @__PURE__ */ jsxs(Box, { children: [
+          /* @__PURE__ */ jsx(Text, { children: "Your code is: " }),
+          /* @__PURE__ */ jsx(Text, { bold: true, color: "cyan", children: state.deviceCode.user_code.length === 8 ? `${state.deviceCode.user_code.slice(0, 4)}-${state.deviceCode.user_code.slice(4)}` : state.deviceCode.user_code })
+        ] }),
+        /* @__PURE__ */ jsxs(Text, { children: [
+          "Open this URL in your browser:",
+          " ",
+          /* @__PURE__ */ jsx(Text, { color: "blue", underline: true, children: state.deviceCode.verification_uri })
+        ] }),
+        /* @__PURE__ */ jsx(Spinner, { label: "Waiting for approval..." })
+      ] });
+    case "success":
+      return /* @__PURE__ */ jsxs(Text, { children: [
+        /* @__PURE__ */ jsx(Text, { color: "green", bold: true, children: "\u2713" }),
+        /* @__PURE__ */ jsx(Text, { children: " Logged in successfully" }),
+        state.email ? /* @__PURE__ */ jsxs(Text, { children: [
+          " ",
+          "as ",
+          /* @__PURE__ */ jsx(Text, { bold: true, children: state.email })
+        ] }) : null
+      ] });
+    case "error":
+      return /* @__PURE__ */ jsx(ErrorDisplay, { message: state.message });
+  }
+}
+export {
+  Login as default
+};

package/dist/login-json-LKB72OFY.js

@@ -0,0 +1,71 @@
+import {
+  fetchUserEmail,
+  getCredentials,
+  isLoggedIn,
+  pollForToken,
+  requestDeviceCode,
+  storeCredentials
+} from "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/login-json.ts
+async function loginJson() {
+  if (isLoggedIn()) {
+    const creds = getCredentials();
+    console.log(
+      JSON.stringify({ status: "already_logged_in", email: creds.email ?? null })
+    );
+    return;
+  }
+  const deviceCode = await requestDeviceCode();
+  console.error(
+    JSON.stringify({
+      action: "open_url",
+      user_code: deviceCode.user_code,
+      verification_uri: deviceCode.verification_uri,
+      verification_uri_complete: deviceCode.verification_uri_complete ?? null,
+      expires_in: deviceCode.expires_in
+    })
+  );
+  let interval = deviceCode.interval * 1e3;
+  while (true) {
+    await new Promise((r) => setTimeout(r, interval));
+    const result = await pollForToken(deviceCode.device_code);
+    switch (result.status) {
+      case "success": {
+        const expiresAt = new Date(Date.now() + result.expiresIn * 1e3).toISOString();
+        const email = await fetchUserEmail(result.accessToken);
+        const creds = {
+          accessToken: result.accessToken,
+          expiresAt,
+          ...email ? { email } : {}
+        };
+        storeCredentials(creds);
+        console.log(JSON.stringify({ status: "success", email: email ?? null }));
+        return;
+      }
+      case "pending":
+        continue;
+      case "slow_down":
+        interval += result.addSeconds * 1e3;
+        continue;
+      case "expired":
+        console.error(
+          JSON.stringify({ error: "Code expired. Run `chainpatrol login` again." })
+        );
+        process.exit(1);
+        break;
+      case "denied":
+        console.error(JSON.stringify({ error: "Authorization denied." }));
+        process.exit(1);
+        break;
+      case "error":
+        console.error(JSON.stringify({ error: result.message }));
+        process.exit(1);
+        break;
+    }
+  }
+}
+export {
+  loginJson
+};

package/dist/logout-LA7VEKON.js

@@ -0,0 +1,25 @@
+import {
+  clearCredentials,
+  isLoggedIn
+} from "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/logout.tsx
+import { Text, useApp } from "ink";
+import { jsx, jsxs } from "react/jsx-runtime";
+function Logout() {
+  const { exit } = useApp();
+  if (!isLoggedIn()) {
+    setTimeout(() => exit(), 100);
+    return /* @__PURE__ */ jsx(Text, { children: "Not currently logged in." });
+  }
+  clearCredentials();
+  setTimeout(() => exit(), 100);
+  return /* @__PURE__ */ jsxs(Text, { children: [
+    /* @__PURE__ */ jsx(Text, { color: "green", bold: true, children: "\u2713" }),
+    /* @__PURE__ */ jsx(Text, { children: " Logged out successfully." })
+  ] });
+}
+export {
+  Logout as default
+};

package/dist/logout-json-4GIJZJ46.js

@@ -0,0 +1,18 @@
+import {
+  clearCredentials,
+  isLoggedIn
+} from "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/logout-json.ts
+async function logoutJson() {
+  if (!isLoggedIn()) {
+    console.log(JSON.stringify({ status: "not_logged_in" }));
+    return;
+  }
+  clearCredentials();
+  console.log(JSON.stringify({ status: "logged_out" }));
+}
+export {
+  logoutJson
+};

package/dist/run-PABQKATZ.js

@@ -0,0 +1,112 @@
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-H7UKKLCV.js";
+import "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/detections/run.ts
+async function runDetectionsRun(options) {
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  if (options.dryRun) {
+    const payload = {
+      slug: options.org,
+      configId: options.configId,
+      source: options.source,
+      includeDisabled: options.includeDisabled ?? false
+    };
+    printOutput({
+      outputFormat,
+      json: {
+        dryRun: true,
+        mutation: "detection.configs.run",
+        payload,
+        explanation: options.explain ? "This command triggers on-demand execution for the selected configs." : void 0
+      },
+      markdown: [
+        "# Dry Run: Detection Run",
+        "",
+        `- Org: ${payload.slug}`,
+        `- Config ID: ${payload.configId ?? "all"}`,
+        `- Source: ${payload.source ?? "all"}`,
+        `- Include disabled: ${payload.includeDisabled}`
+      ].join("\n"),
+      human: () => {
+        console.log("Dry run only. No detection configs were executed.");
+        console.log(
+          `Would run configs for org=${payload.slug} configId=${payload.configId ?? "all"} source=${payload.source ?? "all"}`
+        );
+      }
+    });
+    return;
+  }
+  const client = options.apiClient ?? createApiClient();
+  const result = await client.runDetectionConfigs({
+    slug: options.org,
+    configId: options.configId,
+    source: options.source,
+    includeDisabled: options.includeDisabled ?? false
+  });
+  const csv = toCsvRows(
+    result.results.map((item) => ({
+      configId: item.configId,
+      source: item.source,
+      ok: item.ok,
+      assetsCount: item.assetsCount,
+      message: item.message
+    }))
+  );
+  const markdown = [
+    `# Detection Run (${options.org})`,
+    "",
+    `- Ran: ${result.ranCount}`,
+    `- Success: ${result.successCount}`,
+    `- Failed: ${result.failedCount}`,
+    "",
+    ...result.results.map(
+      (item) => `- ${item.ok ? "OK" : "FAIL"} [${item.source}] #${item.configId} assets=${item.assetsCount}${item.message ? ` (${item.message})` : ""}`
+    )
+  ].join("\n");
+  printOutput({
+    outputFormat,
+    json: {
+      ...result,
+      explanation: options.explain ? {
+        checkType: "detection_run",
+        failureCondition: "failedCount > 0"
+      } : void 0
+    },
+    markdown,
+    csv,
+    human: () => {
+      console.log(
+        `Ran ${result.ranCount} config(s): ${result.successCount} success, ${result.failedCount} failed`
+      );
+      for (const item of result.results) {
+        const icon = item.ok ? "\u2713" : "\u2717";
+        console.log(
+          `${icon} [${item.source}] config ${item.configId} assets=${item.assetsCount}${item.message ? ` message=${item.message}` : ""}`
+        );
+      }
+      if (options.explain) {
+        console.log("Run is marked failed when at least one config run returns not ok.");
+      }
+    }
+  });
+  if (result.failedCount > 0) {
+    throw new CliExitError(
+      "One or more detection config runs failed.",
+      ExitCode.MUTATION_PARTIAL_FAILURE
+    );
+  }
+}
+export {
+  runDetectionsRun
+};

package/dist/run-U62KVNTH.js

@@ -0,0 +1,34 @@
+import {
+  getPresetDefinition,
+  runPreset
+} from "./chunk-D2QGXYXZ.js";
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import "./chunk-VFT3TD3E.js";
+import "./chunk-H7UKKLCV.js";
+import "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/presets/run.ts
+async function runPresetsRun({
+  presetId,
+  org,
+  outputFormat,
+  explain
+}) {
+  const preset = getPresetDefinition(presetId);
+  if (!preset) {
+    throw new CliExitError(`Unknown preset '${presetId}'.`, ExitCode.USAGE);
+  }
+  await runPreset({
+    presetId: preset.id,
+    org,
+    outputFormat,
+    explain
+  });
+}
+export {
+  runPresetsRun
+};