@chainpatrol/cli 0.1.0

package/dist/setup-skill-U24CJZ6T.js

@@ -0,0 +1,211 @@
+import {
+  installCompletions,
+  uninstallCompletions
+} from "./chunk-IUZB3DQW.js";
+
+// src/commands/setup-skill.ts
+import { mkdirSync, writeFileSync, existsSync, readFileSync, rmSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+var SKILL_DIR = join(homedir(), ".claude", "skills", "chainpatrol");
+var SKILL_FILE = join(SKILL_DIR, "SKILL.md");
+var SKILL_CONTENT = `---
+name: chainpatrol
+description: |
+  ChainPatrol CLI assistant. Helps use the chainpatrol CLI tool: login via device
+  code flow, check auth status, list detection configs, and run CLI commands.
+  Use when: "chainpatrol cli", "login to chainpatrol", "check detection configs",
+  "am I logged in", "list configs", "use the cli".
+allowed-tools:
+  - Bash
+  - Read
+  - Grep
+  - Glob
+---
+
+# ChainPatrol CLI Skill
+
+You are a ChainPatrol CLI assistant. Help the user interact with the ChainPatrol
+platform using the CLI tool.
+
+## Running the CLI
+
+IMPORTANT: Claude Code's sandbox shell has a minimal PATH (/usr/bin:/bin:/usr/sbin:/sbin)
+that does NOT include /usr/local/bin. Always use the full path to the binary:
+
+\`\`\`bash
+/usr/local/bin/chainpatrol <command> [options]
+\`\`\`
+
+All examples below use the short name for readability, but you MUST use
+\`/usr/local/bin/chainpatrol\` in all Bash commands.
+
+## Available Commands
+
+### \`login\` \u2014 Authenticate with ChainPatrol
+
+Uses the OAuth Device Code flow (RFC 8628):
+1. CLI requests a device code from the server
+2. User is shown a code and a URL to visit
+3. User authorizes in the browser
+4. CLI polls for the token
+
+\`\`\`bash
+chainpatrol login
+\`\`\`
+
+JSON mode (for automation):
+\`\`\`bash
+chainpatrol --json login
+\`\`\`
+
+### \`logout\` \u2014 Clear stored credentials
+
+\`\`\`bash
+chainpatrol logout
+\`\`\`
+
+### \`configs list\` \u2014 List detection configurations
+
+Requires authentication and an organization slug.
+
+\`\`\`bash
+chainpatrol configs list --org <slug>
+\`\`\`
+
+JSON mode:
+\`\`\`bash
+chainpatrol --json configs list --org <slug>
+\`\`\`
+
+The \`--org\` flag is saved for future commands. Once set, you can omit it:
+\`\`\`bash
+chainpatrol configs list
+\`\`\`
+
+## Checking Auth Status
+
+To check if the user is logged in, read the credentials file:
+
+\`\`\`bash
+cat ~/.chainpatrol/credentials.json 2>/dev/null && echo "Logged in" || echo "Not logged in"
+\`\`\`
+
+Or start the login flow which will detect existing sessions:
+\`\`\`bash
+chainpatrol --json login
+\`\`\`
+
+## Configuration
+
+Config is stored at \`~/.chainpatrol/config.json\`:
+- \`apiUrl\` \u2014 API base URL (default: \`https://app.chainpatrol.io\`)
+- \`defaultOrg\` \u2014 Saved organization slug
+
+Override config dir with \`CHAINPATROL_CONFIG_DIR\` env var.
+
+## Global Flags
+
+| Flag        | Description                          |
+|-------------|--------------------------------------|
+| \`--json\`    | Machine-readable JSON output         |
+| \`--org\`     | Organization slug (saved for later)  |
+| \`--help\`    | Show help                            |
+| \`--version\` | Show version                         |
+
+## Workflow
+
+When the user asks to use the CLI, follow this order:
+
+1. **Check login status** \u2014 Read \`~/.chainpatrol/credentials.json\` to see if they're logged in
+2. **Login if needed** \u2014 Run the login command and guide them through the device code flow
+3. **Set org if needed** \u2014 Ensure \`--org\` is provided or already saved in config
+4. **Run the requested command** \u2014 Execute the CLI command and show results
+
+## Detection Config Output
+
+The \`configs list\` command shows detection sources grouped by:
+- **Configured** \u2014 Sources with org-level configs (enabled/disabled with details)
+- **Global** \u2014 Sources that run globally for all orgs (CERTSTREAM, ASSET_CHECK, BLOCKLIST, etc.)
+- **Not Configured** \u2014 Sources available but not yet set up for the org
+
+Each config entry includes: title, status, cron schedule, and configuration parameters.
+`;
+var LOGO = `
+   \u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557
+  \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557
+  \u2588\u2588\u2551     \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D
+  \u2588\u2588\u2551     \u2588\u2588\u2554\u2550\u2550\u2550\u255D
+  \u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551
+   \u255A\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D
+  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+  C H A I N P A T R O L
+  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+`;
+function setupSkill(options) {
+  const alreadyExists = existsSync(SKILL_FILE);
+  if (alreadyExists) {
+    const existing = readFileSync(SKILL_FILE, "utf-8");
+    if (existing === SKILL_CONTENT) {
+      if (options.json) {
+        console.log(JSON.stringify({ status: "up-to-date", path: SKILL_FILE }));
+      } else {
+        console.log("Claude Code skill is already up to date.");
+      }
+      return;
+    }
+  }
+  mkdirSync(SKILL_DIR, { recursive: true });
+  writeFileSync(SKILL_FILE, SKILL_CONTENT, { mode: 420 });
+  const completionResult = installCompletions();
+  if (options.json) {
+    console.log(
+      JSON.stringify({
+        status: alreadyExists ? "updated" : "installed",
+        path: SKILL_FILE,
+        completions: completionResult
+      })
+    );
+  } else {
+    console.log(LOGO);
+    console.log(
+      alreadyExists ? `Updated Claude Code skill at ${SKILL_FILE}` : `Installed Claude Code skill at ${SKILL_FILE}`
+    );
+    console.log("You can now use /chainpatrol in Claude Code from any project.");
+    if (completionResult.installed) {
+      console.log(
+        `Installed ${completionResult.shell} completions at ${completionResult.path}`
+      );
+      if (completionResult.configuredShellRc) {
+        console.log("Added completion config to ~/.zshrc");
+      }
+      console.log('Run "exec zsh" or open a new terminal to enable tab completion.');
+    }
+  }
+}
+function uninstallSkill(options) {
+  if (!existsSync(SKILL_FILE)) {
+    if (options.json) {
+      console.log(JSON.stringify({ status: "not-installed" }));
+    } else {
+      console.log("Claude Code skill is not installed.");
+    }
+    return;
+  }
+  rmSync(SKILL_DIR, { recursive: true });
+  const removedCompletions = uninstallCompletions();
+  if (options.json) {
+    console.log(
+      JSON.stringify({ status: "uninstalled", path: SKILL_FILE, removedCompletions })
+    );
+  } else {
+    console.log("Removed Claude Code skill from " + SKILL_DIR);
+    if (removedCompletions) {
+      console.log("Removed shell completions.");
+    }
+  }
+}
+export {
+  setupSkill,
+  uninstallSkill
+};

package/dist/snapshot-JEVDTE74.js

@@ -0,0 +1,88 @@
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-H7UKKLCV.js";
+import "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/queues/snapshot.ts
+async function runQueuesSnapshot(options) {
+  const client = options.apiClient ?? createApiClient();
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const result = await client.getOperationsQueuesSnapshot({
+    slug: options.org,
+    all: options.all ?? false,
+    windowHours: options.windowHours
+  });
+  const hasRisk = result.reviewQueue.slaBuckets.breached > 0 || result.reviewQueue.ageBuckets.gte168h > 0 || result.takedownQueue.staleInProgress > 0;
+  printOutput({
+    outputFormat,
+    json: {
+      ...result,
+      explanation: options.explain ? {
+        riskSignals: {
+          slaBreaches: result.reviewQueue.slaBuckets.breached,
+          reviewOlderThan168h: result.reviewQueue.ageBuckets.gte168h,
+          staleTakedowns: result.takedownQueue.staleInProgress
+        },
+        failureCondition: "reviewQueue.slaBuckets.breached > 0 || reviewQueue.ageBuckets.gte168h > 0 || takedownQueue.staleInProgress > 0"
+      } : void 0
+    },
+    markdown: [
+      "# Operations Queue Snapshot",
+      "",
+      `- Scope: ${result.scope.all ? "all orgs" : result.scope.slug ?? "unknown"}`,
+      `- Pending review proposals: ${result.reviewQueue.totalPendingProposals}`,
+      `- Open takedowns: ${result.takedownQueue.totalOpen}`,
+      `- SLA breaches: ${result.reviewQueue.slaBuckets.breached}`,
+      `- Review >=168h: ${result.reviewQueue.ageBuckets.gte168h}`,
+      `- Stale in-progress takedowns: ${result.takedownQueue.staleInProgress}`
+    ].join("\n"),
+    csv: toCsvRows([
+      {
+        scope: result.scope.all ? "all" : result.scope.slug ?? "unknown",
+        pendingReviewProposals: result.reviewQueue.totalPendingProposals,
+        reviewDistinctReports: result.reviewQueue.distinctReports,
+        reviewSlaBreached: result.reviewQueue.slaBuckets.breached,
+        reviewAgeGte168h: result.reviewQueue.ageBuckets.gte168h,
+        openTakedowns: result.takedownQueue.totalOpen,
+        staleInProgress: result.takedownQueue.staleInProgress
+      }
+    ]),
+    human: () => {
+      console.log(
+        `Queue snapshot (${result.scope.all ? "all orgs" : result.scope.slug ?? "unknown"})`
+      );
+      console.log(
+        `Review queue: pending=${result.reviewQueue.totalPendingProposals} distinctReports=${result.reviewQueue.distinctReports}`
+      );
+      console.log(
+        `Review SLA: breached=${result.reviewQueue.slaBuckets.breached}, due<24h=${result.reviewQueue.slaBuckets.dueWithin24h}, due<72h=${result.reviewQueue.slaBuckets.dueWithin72h}, >72h=${result.reviewQueue.slaBuckets.beyond72h}, missing=${result.reviewQueue.slaBuckets.missingSla}`
+      );
+      console.log(
+        `Takedown queue: open=${result.takedownQueue.totalOpen} todo=${result.takedownQueue.statusCounts.todo} in_progress=${result.takedownQueue.statusCounts.inProgress} pending_input=${result.takedownQueue.statusCounts.pendingInput} stale_in_progress=${result.takedownQueue.staleInProgress}`
+      );
+      if (options.explain) {
+        console.log(
+          "Snapshot fails when there are SLA breaches, very old pending reviews, or stale in-progress takedowns."
+        );
+      }
+    }
+  });
+  if (hasRisk) {
+    throw new CliExitError(
+      "Queue snapshot has SLA/aging risk signals.",
+      ExitCode.CHECK_FAILED
+    );
+  }
+}
+export {
+  runQueuesSnapshot
+};

package/dist/summary-YG5NYIOA.js

@@ -0,0 +1,61 @@
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-H7UKKLCV.js";
+import "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/metrics/summary.ts
+async function runMetricsSummary(options) {
+  const client = options.apiClient ?? createApiClient();
+  const result = await client.getMetricsSummary({
+    slug: options.org,
+    startDate: options.from,
+    endDate: options.to,
+    brandIds: options.brandIds
+  });
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  printOutput({
+    outputFormat,
+    json: result,
+    markdown: [
+      `# Metrics Summary (${options.org})`,
+      "",
+      `- Reports: ${result.metrics.reports}`,
+      `- New threats: ${result.metrics.newThreats}`,
+      `- Watchlisted threats: ${result.metrics.threatsWatchlisted}`,
+      `- Takedowns filed: ${result.metrics.takedownsFiled}`,
+      `- Takedowns completed: ${result.metrics.takedownsCompleted}`
+    ].join("\n"),
+    csv: toCsvRows([
+      {
+        reports: result.metrics.reports,
+        newThreats: result.metrics.newThreats,
+        threatsWatchlisted: result.metrics.threatsWatchlisted,
+        takedownsFiled: result.metrics.takedownsFiled,
+        takedownsCompleted: result.metrics.takedownsCompleted,
+        domainThreats: result.metrics.domainThreats,
+        twitterThreats: result.metrics.twitterThreats,
+        telegramThreats: result.metrics.telegramThreats,
+        otherThreats: result.metrics.otherThreats
+      }
+    ]),
+    human: () => {
+      console.log(`Metrics summary for ${options.org}`);
+      console.log(`Reports: ${result.metrics.reports}`);
+      console.log(`New threats: ${result.metrics.newThreats}`);
+      console.log(`Watchlisted threats: ${result.metrics.threatsWatchlisted}`);
+      console.log(`Takedowns filed: ${result.metrics.takedownsFiled}`);
+      console.log(`Takedowns completed: ${result.metrics.takedownsCompleted}`);
+      console.log(
+        `Threat breakdown: domains=${result.metrics.domainThreats}, twitter=${result.metrics.twitterThreats}, telegram=${result.metrics.telegramThreats}, other=${result.metrics.otherThreats}`
+      );
+    }
+  });
+}
+export {
+  runMetricsSummary
+};

package/dist/validate-PI7GPT5I.js

@@ -0,0 +1,79 @@
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-H7UKKLCV.js";
+import "./chunk-EEG7T6WT.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/detections/validate.ts
+async function runDetectionsValidate(options) {
+  const client = options.apiClient ?? createApiClient();
+  const result = await client.validateDetectionConfigs({
+    slug: options.org,
+    source: options.source,
+    minResults: options.minResults,
+    lookbackHours: options.lookbackHours,
+    runBeforeValidate: options.runBeforeValidate ?? false,
+    includeDisabled: options.includeDisabled ?? false
+  });
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const csv = toCsvRows(
+    result.validations.map((item) => ({
+      configId: item.configId,
+      source: item.source,
+      valid: item.valid,
+      runOk: item.runOk,
+      recentResultCount: item.recentResultCount
+    }))
+  );
+  const markdown = [
+    `# Detection Validation (${options.org})`,
+    "",
+    `- Status: ${result.ok ? "passed" : "failed"}`,
+    `- Passing configs: ${result.summary.passingConfigs}`,
+    `- Checked configs: ${result.summary.checkedConfigs}`,
+    "",
+    ...result.validations.map(
+      (item) => `- ${item.valid ? "PASS" : "FAIL"} [${item.source}] #${item.configId} results=${item.recentResultCount} runOk=${item.runOk}`
+    )
+  ].join("\n");
+  printOutput({
+    outputFormat,
+    json: {
+      ...result,
+      explanation: options.explain ? {
+        checkType: "detection_validate",
+        failureCondition: "result.ok === false"
+      } : void 0
+    },
+    markdown,
+    csv,
+    human: () => {
+      console.log(
+        `Validation ${result.ok ? "passed" : "failed"} (${result.summary.passingConfigs}/${result.summary.checkedConfigs})`
+      );
+      for (const item of result.validations) {
+        const icon = item.valid ? "\u2713" : "\u2717";
+        console.log(
+          `${icon} [${item.source}] config ${item.configId} results=${item.recentResultCount} runOk=${item.runOk}`
+        );
+      }
+      if (options.explain) {
+        console.log("Validation fails when any config result count is below threshold.");
+      }
+    }
+  });
+  if (!result.ok) {
+    throw new CliExitError("Detection validation failed.", ExitCode.CHECK_FAILED);
+  }
+}
+export {
+  runDetectionsValidate
+};

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "@chainpatrol/cli",
+  "description": "The official ChainPatrol CLI — terminal interface for threat detection",
+  "author": "Umar Ahmed <umar@chainpatrol.io>",
+  "version": "0.1.0",
+  "license": "UNLICENSED",
+  "homepage": "https://chainpatrol.com/docs/cli",
+  "keywords": [
+    "chainpatrol",
+    "cli",
+    "mcp"
+  ],
+  "type": "module",
+  "bin": {
+    "chainpatrol": "./dist/cli.js"
+  },
+  "files": [
+    "./dist/**"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "dev": "tsx src/cli.tsx",
+    "dev:setup": "tsx src/cli.tsx setup",
+    "build": "tsup",
+    "local:install": "tsup && npm link",
+    "local:uninstall": "npm unlink -g chainpatrol && rm -f /usr/local/bin/chainpatrol",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run --config vitest.config.unit.ts",
+    "test:watch": "vitest --config vitest.config.unit.ts",
+    "lint": "npx oxlint ."
+  },
+  "dependencies": {
+    "ink": "^7.0.0",
+    "meow": "^14.1.0",
+    "open": "^11.0.0",
+    "react": "^19.2.4",
+    "zod": "^3.25.76"
+  },
+  "devDependencies": {
+    "@types/react": "^19.2.7",
+    "ink-testing-library": "^4.0.0",
+    "msw": "^2.0.0",
+    "tsup": "^8.5.0",
+    "tsx": "^4.19.4",
+    "typescript": "6.0.2",
+    "vitest": "^3.2.4"
+  }
+}