@chainpatrol/cli 0.10.0 → 0.11.0

package/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @chainpatrol/cli
 
+## 0.11.0
+
+### Minor Changes
+
+- 21e4455: Add `chainpatrol takedowns list` and `chainpatrol metrics organization`
+  commands so agents can pull per-takedown detail and org-scoped metrics
+  from the CLI instead of stopping at `queues snapshot`'s aggregate
+  counts.
+
+  `takedowns list` wraps `POST /takedowns/list` with filters for status,
+  asset type, liveness, date range, search, sort, and pagination, and
+  emits the standard human/json/markdown/csv shapes. `metrics
+organization` wraps the documented `GET /organization/metrics`
+  endpoint, complementing the existing `metrics summary`/`found`/
+  `breakdown` subcommands.
+
+  Both endpoints now also accept a user-session bearer token (pass
+  `--org <slug>`) in addition to an API key, so customer-success operators
+  logged in via `chainpatrol login` can use them without provisioning a
+  key.
+
 ## 0.10.0
 
 ### Minor Changes

package/README.md

@@ -22,7 +22,9 @@ chainpatrol metrics found --org my-org --this-week
 chainpatrol reports create --org my-org --title "Phishing report" --asset "https://phish.example:BLOCKED"
 chainpatrol reports list --org my-org --limit 10
 chainpatrol metrics breakdown --org my-org --by type --from 2026-01-01 --to 2026-01-08
+chainpatrol metrics organization --org my-org --from 2026-01-01 --to 2026-02-01
 chainpatrol queues snapshot --all --output markdown
+chainpatrol takedowns list --org my-org --takedown-status TODO,IN_PROGRESS --per-page 50
 chainpatrol presets run cs-weekly-health --org my-org --output json
 ```
 

package/dist/{breakdown-63FAOVL7.js → breakdown-MM5GSZKV.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{check-7QDINQPT.js → check-GDKUHVQI.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{chunk-BJISZ3CY.js → chunk-37KYJWB3.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";

package/dist/{chunk-R2DZGMGT.js → chunk-EPKNZRX6.js}

@@ -1,7 +1,7 @@
 import {
   installCompletions,
   uninstallCompletions
-} from "./chunk-Z76CUWSS.js";
+} from "./chunk-YXRFUYA6.js";
 
 // src/commands/setup-skill.ts
 import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync2, existsSync as existsSync2, readFileSync as readFileSync3, rmSync } from "fs";

package/dist/{chunk-RIKR2WFT.js → chunk-SX3L6NKR.js}

@@ -17,6 +17,26 @@ function parseIsoDate(value) {
   }
   return dt.toJSDate();
 }
+function parseIsoDateString(value) {
+  return parseIsoDate(value)?.toISOString();
+}
+var TAKEDOWN_STATUSES = [
+  "TODO",
+  "IN_PROGRESS",
+  "COMPLETED",
+  "CANCELLED",
+  "PENDING_RETRACTION",
+  "RETRACTION_SENT",
+  "RETRACTED",
+  "PENDING_INPUT"
+];
+var LIVENESS_STATUSES = ["UNKNOWN", "ALIVE", "DEAD"];
+var TAKEDOWN_SORT_KEYS = [
+  "updatedAt",
+  "createdAt",
+  "takedownStatus",
+  "takedownUpdatedAt"
+];
 var REQUEST_TIMEOUT_MS = 3e4;
 function defaultGetCredential() {
   const envKey = process.env.CHAINPATROL_API_KEY;
@@ -29,16 +49,49 @@ function createApiClient(options) {
   const config = getConfig();
   const apiUrl = options?.apiUrl ?? config.apiUrl;
   const getCredential = options?.getCredential ?? (options?.getToken ? () => ({ kind: "bearer", value: options.getToken() }) : defaultGetCredential);
-  async function request(path, body) {
+  function buildAuthHeaders() {
     const credential = getCredential();
-    const headers = {
-      "Content-Type": "application/json"
-    };
+    const headers = {};
     if (credential.kind === "api-key") {
       headers["x-api-key"] = credential.value;
     } else {
       headers["Authorization"] = `Bearer ${credential.value}`;
     }
+    return headers;
+  }
+  async function requestGet(path, query) {
+    const headers = buildAuthHeaders();
+    const search = new URLSearchParams();
+    for (const [key, value] of Object.entries(query)) {
+      if (value !== void 0 && value !== "") {
+        search.set(key, value);
+      }
+    }
+    const queryString = search.toString();
+    const url = `${apiUrl}/api/v2${path}${queryString ? `?${queryString}` : ""}`;
+    let res;
+    try {
+      res = await fetch(url, {
+        method: "GET",
+        headers,
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
+      });
+    } catch (err) {
+      if (err instanceof DOMException && err.name === "TimeoutError") {
+        throw new Error(
+          "Request timed out. Check your network connection and try again."
+        );
+      }
+      if (err instanceof TypeError && err.code === "ECONNREFUSED") {
+        throw new Error(`Cannot connect to ${apiUrl}. Is the server running?`);
+      }
+      throw new Error("Network error. Check your internet connection and try again.");
+    }
+    return handleResponse(res);
+  }
+  async function request(path, body) {
+    const headers = buildAuthHeaders();
+    headers["Content-Type"] = "application/json";
     let res;
     try {
       res = await fetch(`${apiUrl}/api/v2${path}`, {
@@ -58,6 +111,9 @@ function createApiClient(options) {
       }
       throw new Error("Network error. Check your internet connection and try again.");
     }
+    return handleResponse(res);
+  }
+  async function handleResponse(res) {
     if (!res.ok) {
       let errorMessageFromResponse = null;
       try {
@@ -157,6 +213,28 @@ function createApiClient(options) {
         reportedByCustomer: input.reportedByCustomer
       });
     },
+    listTakedowns(input) {
+      return request("/takedowns/list", {
+        organizationSlug: input.organizationSlug,
+        query: input.query,
+        startDate: parseIsoDateString(input.startDate),
+        endDate: parseIsoDateString(input.endDate),
+        assetType: input.assetType,
+        takedownStatus: input.takedownStatus,
+        livenessStatus: input.livenessStatus,
+        sorting: input.sorting,
+        per_page: input.perPage,
+        next_page: input.nextPage
+      });
+    },
+    getOrganizationMetrics(input) {
+      return requestGet("/organization/metrics", {
+        organizationSlug: input.organizationSlug,
+        brandSlug: input.brandSlug,
+        startDate: parseIsoDateString(input.startDate),
+        endDate: parseIsoDateString(input.endDate)
+      });
+    },
     listHealthchecks() {
       return request("/healthchecks/list", {});
     },
@@ -170,5 +248,8 @@ function createApiClient(options) {
 }
 
 export {
+  TAKEDOWN_STATUSES,
+  LIVENESS_STATUSES,
+  TAKEDOWN_SORT_KEYS,
   createApiClient
 };

package/dist/{chunk-Z76CUWSS.js → chunk-YXRFUYA6.js}

@@ -22,6 +22,7 @@ _chainpatrol() {
     'metrics:Query organization metrics'
     'reports:Create and list reports from terminal'
     'queues:Snapshot operations queues'
+    'takedowns:List individual takedown records'
     'presets:Run saved workflows'
     'setup:Install Claude Code skill and shell completions'
     'uninstall:Remove Claude Code skill and shell completions'
@@ -84,6 +85,7 @@ _chainpatrol() {
           'summary:Show metrics summary'
           'found:Show found threats count'
           'breakdown:Show metrics breakdown'
+          'organization:Get organization metrics (official endpoint)'
         )
         _describe 'subcommand' metrics_subcommands
         ;;
@@ -100,6 +102,11 @@ _chainpatrol() {
         queues_subcommands=('snapshot:Show queue snapshot')
         _describe 'subcommand' queues_subcommands
         ;;
+      takedowns)
+        local -a takedowns_subcommands
+        takedowns_subcommands=('list:List individual takedown records')
+        _describe 'subcommand' takedowns_subcommands
+        ;;
       presets)
         local -a presets_subcommands
         presets_subcommands=(
@@ -124,7 +131,7 @@ var BASH_COMPLETION = `_chainpatrol() {
   COMPREPLY=()
   cur="\${COMP_WORDS[COMP_CWORD]}"
   prev="\${COMP_WORDS[COMP_CWORD-1]}"
-  commands="login logout asset configs detections metrics reports queues presets setup uninstall completions help"
+  commands="login logout asset configs detections metrics reports queues takedowns presets setup uninstall completions help"
 
   case "\${prev}" in
     chainpatrol)
@@ -144,7 +151,7 @@ var BASH_COMPLETION = `_chainpatrol() {
       return 0
       ;;
     metrics)
-      COMPREPLY=( $(compgen -W "summary found breakdown" -- "\${cur}") )
+      COMPREPLY=( $(compgen -W "summary found breakdown organization" -- "\${cur}") )
       return 0
       ;;
     reports)
@@ -155,6 +162,10 @@ var BASH_COMPLETION = `_chainpatrol() {
       COMPREPLY=( $(compgen -W "snapshot" -- "\${cur}") )
       return 0
       ;;
+    takedowns)
+      COMPREPLY=( $(compgen -W "list" -- "\${cur}") )
+      return 0
+      ;;
     presets)
       COMPREPLY=( $(compgen -W "list run" -- "\${cur}") )
       return 0

package/dist/cli.js

@@ -13,8 +13,8 @@ import {
   getCliVersion,
   isSkillInstalled,
   readInstalledSkillVersion
-} from "./chunk-R2DZGMGT.js";
-import "./chunk-Z76CUWSS.js";
+} from "./chunk-EPKNZRX6.js";
+import "./chunk-YXRFUYA6.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";
@@ -207,12 +207,28 @@ var HELP = {
   },
   metrics: {
     description: "Query organization metrics and breakdowns.",
-    usage: "chainpatrol metrics <summary|found|breakdown>",
+    usage: "chainpatrol metrics <summary|found|breakdown|organization>",
     options: ["--org <slug>          Organization slug"],
     examples: [
       "chainpatrol metrics summary --org acme --this-week",
       "chainpatrol metrics found --org acme --from 2025-01-01 --to 2025-02-01",
-      "chainpatrol metrics breakdown --org acme --by day --this-week"
+      "chainpatrol metrics breakdown --org acme --by day --this-week",
+      "chainpatrol metrics organization --org acme --from 2025-01-01 --to 2025-02-01"
+    ]
+  },
+  "metrics organization": {
+    description: "Get organization metrics via the documented GET /organization/metrics endpoint. Works with both API key auth (org derived from key) and session auth (pass --org).",
+    usage: "chainpatrol metrics organization [--org <slug>] [--from ISO --to ISO]",
+    options: [
+      "--org <slug>          Organization slug (omit when using an API key)",
+      "--brand-slug <slug>   Filter by brand slug (requires brands-metrics flag)",
+      "--from <iso>          Start date (ISO 8601, e.g. 2026-01-01)",
+      "--to <iso>            End date (ISO 8601)"
+    ],
+    examples: [
+      "chainpatrol metrics organization --org acme",
+      "chainpatrol metrics organization --org acme --from 2026-01-01 --to 2026-02-01",
+      "CHAINPATROL_API_KEY=... chainpatrol metrics organization --json"
     ]
   },
   "metrics summary": {
@@ -295,6 +311,38 @@ var HELP = {
       "chainpatrol queues snapshot --all"
     ]
   },
+  takedowns: {
+    description: "List individual takedown records for an organization.",
+    usage: "chainpatrol takedowns list [--org <slug>] [filters]",
+    examples: [
+      "chainpatrol takedowns list --org acme",
+      "chainpatrol takedowns list --org acme --takedown-status TODO,IN_PROGRESS",
+      "chainpatrol takedowns list --org acme --from 2026-01-01 --to 2026-02-01 --per-page 50"
+    ]
+  },
+  "takedowns list": {
+    description: "List takedowns for an organization. Defaults to takedowns updated in the last 30 days. Works with both API key auth (org derived from key) and session auth (pass --org).",
+    usage: "chainpatrol takedowns list [--org <slug>] [filters]",
+    options: [
+      "--org <slug>             Organization slug (omit when using an API key)",
+      "--query <text>           Search asset content (substring match)",
+      "--from <iso>             Filter by updatedAt >= ISO date",
+      "--to <iso>               Filter by updatedAt <= ISO date",
+      "--asset-type <list>      Comma list (URL,TWITTER,TELEGRAM,...)",
+      "--takedown-status <list> Comma list (TODO,IN_PROGRESS,COMPLETED,CANCELLED,PENDING_INPUT,...)",
+      "--liveness-status <list> Comma list (ALIVE,DEAD,UNKNOWN)",
+      "--sort-by <key>          Sort key: updatedAt|createdAt|takedownStatus|takedownUpdatedAt",
+      "--sort-direction <dir>   asc|desc (default desc)",
+      "--per-page <n>           Page size 1-100 (default 10; --limit also accepted)",
+      "--next-page <cursor>     Cursor returned from a previous response"
+    ],
+    examples: [
+      "chainpatrol takedowns list --org acme --takedown-status TODO,IN_PROGRESS",
+      "chainpatrol takedowns list --org acme --asset-type URL --liveness-status ALIVE",
+      "chainpatrol takedowns list --org acme --per-page 100 --output csv",
+      "CHAINPATROL_API_KEY=... chainpatrol takedowns list --json"
+    ]
+  },
   "queues snapshot": {
     description: "Snapshot pending review proposals and open takedowns.",
     usage: "chainpatrol queues snapshot [--org <slug>|--all] [--window-hours <n>]",
@@ -421,6 +469,7 @@ function getTopLevelHelp() {
     "    metrics       Query organization metrics and breakdowns",
     "    reports       Create and list reports from terminal",
     "    queues        Snapshot operations review/takedown queues",
+    "    takedowns     List individual takedown records",
     "    orgs          List organizations and filter by status/services",
     "    presets       Run saved workflows for common jobs",
     "    setup         Install Claude Code skill and shell completions",
@@ -592,6 +641,7 @@ var COMMANDS = [
   "metrics",
   "reports",
   "queues",
+  "takedowns",
   "orgs",
   "presets",
   "setup",
@@ -675,6 +725,14 @@ ${getTopLevelHelp()}
     serviceAutomated: { type: "string" },
     serviceManual: { type: "string" },
     query: { type: "string" },
+    assetType: { type: "string" },
+    takedownStatus: { type: "string" },
+    livenessStatus: { type: "string" },
+    nextPage: { type: "string" },
+    sortBy: { type: "string" },
+    sortDirection: { type: "string" },
+    perPage: { type: "number" },
+    brandSlug: { type: "string" },
     help: { type: "boolean", shortFlag: "h" },
     version: { type: "boolean", shortFlag: "V" },
     quiet: { type: "boolean", default: false, shortFlag: "q" },
@@ -773,18 +831,23 @@ function parseBrandIds() {
 function parseAssetInputs() {
   return getRepeatedFlag("asset");
 }
+function parseCsvList(value) {
+  if (!value) return void 0;
+  const items = value.split(",").map((item) => item.trim()).filter(Boolean);
+  return items.length > 0 ? items : void 0;
+}
 function parseAttachmentUrls() {
   const values = getRepeatedFlag("attachment-url").filter(Boolean);
   return values.length > 0 ? values : void 0;
 }
 async function handleConfigsList(org) {
   if (jsonMode) {
-    const { listConfigsJson } = await import("./list-json-CEPGVUGF.js");
+    const { listConfigsJson } = await import("./list-json-R2MIXADX.js");
     await listConfigsJson({ org });
     return;
   }
   const { render } = await import("ink");
-  const { default: ConfigsList } = await import("./list-IA4CSOIY.js");
+  const { default: ConfigsList } = await import("./list-5DN6X3DP.js");
   const { default: React } = await import("react");
   render(React.createElement(ConfigsList, { org }));
 }
@@ -884,7 +947,7 @@ async function main() {
         const positionals = cli.input.slice(2);
         const flagAssets = parseAssetInputs();
         const contents = [...positionals, ...flagAssets];
-        const { runAssetCheck } = await import("./check-7QDINQPT.js");
+        const { runAssetCheck } = await import("./check-GDKUHVQI.js");
         await runAssetCheck({
           contents,
           json: jsonMode,
@@ -901,7 +964,7 @@ async function main() {
     case "detections": {
       const org = await resolveOrg();
       if (subcommand === "healthcheck") {
-        const { runDetectionsHealthcheck } = await import("./healthcheck-C3AIMUJT.js");
+        const { runDetectionsHealthcheck } = await import("./healthcheck-EVQVPGWW.js");
         await runDetectionsHealthcheck({
           org,
           source: cli.flags.source,
@@ -916,7 +979,7 @@ async function main() {
         break;
       }
       if (subcommand === "validate") {
-        const { runDetectionsValidate } = await import("./validate-5DVPSXJP.js");
+        const { runDetectionsValidate } = await import("./validate-UOVKEAJM.js");
         await runDetectionsValidate({
           org,
           source: cli.flags.source,
@@ -931,7 +994,7 @@ async function main() {
         break;
       }
       if (subcommand === "drift") {
-        const { runDetectionsDrift } = await import("./drift-Q3VG3XG3.js");
+        const { runDetectionsDrift } = await import("./drift-JKBHWWFU.js");
         await runDetectionsDrift({
           org,
           source: cli.flags.source,
@@ -945,7 +1008,7 @@ async function main() {
         break;
       }
       if (subcommand === "run") {
-        const { runDetectionsRun } = await import("./run-YTWNQD5X.js");
+        const { runDetectionsRun } = await import("./run-5E5EC3MP.js");
         await runDetectionsRun({
           org,
           configId: cli.flags.configId,
@@ -964,7 +1027,7 @@ async function main() {
           break;
         }
         if (action === "run") {
-          const { runDetectionsRun } = await import("./run-YTWNQD5X.js");
+          const { runDetectionsRun } = await import("./run-5E5EC3MP.js");
           await runDetectionsRun({
             org,
             configId: cli.flags.configId,
@@ -982,7 +1045,7 @@ async function main() {
             throw new Error("detections configs update requires --config-id");
           }
           const configPatch = getConfigPatchFromSetFlags();
-          const { runDetectionsConfigsUpdate } = await import("./configs-update-2IOSKZH5.js");
+          const { runDetectionsConfigsUpdate } = await import("./configs-update-7X7657PB.js");
           await runDetectionsConfigsUpdate({
             org,
             configId: cli.flags.configId,
@@ -1007,9 +1070,22 @@ async function main() {
       );
     }
     case "metrics": {
+      if (subcommand === "organization" || subcommand === "org") {
+        const org2 = await tryResolveOrg();
+        const { runMetricsOrganization } = await import("./organization-MJRKWC4Z.js");
+        await runMetricsOrganization({
+          org: org2,
+          brandSlug: cli.flags.brandSlug,
+          from: cli.flags.from,
+          to: cli.flags.to,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat
+        });
+        break;
+      }
       const org = await resolveOrg();
       if (subcommand === "summary") {
-        const { runMetricsSummary } = await import("./summary-NQDZQEOD.js");
+        const { runMetricsSummary } = await import("./summary-RVYQUKWV.js");
         await runMetricsSummary({
           org,
           from: cli.flags.from,
@@ -1021,7 +1097,7 @@ async function main() {
         break;
       }
       if (subcommand === "found") {
-        const { runMetricsFound } = await import("./found-22B7RZT5.js");
+        const { runMetricsFound } = await import("./found-3WI4XQG4.js");
         await runMetricsFound({
           org,
           from: cli.flags.from,
@@ -1038,7 +1114,7 @@ async function main() {
         if (!by || !["day", "type", "brand"].includes(by)) {
           throw new Error("metrics breakdown requires --by <day|type|brand>");
         }
-        const { runMetricsBreakdown } = await import("./breakdown-63FAOVL7.js");
+        const { runMetricsBreakdown } = await import("./breakdown-MM5GSZKV.js");
         await runMetricsBreakdown({
           org,
           by,
@@ -1050,15 +1126,15 @@ async function main() {
         });
         break;
       }
-      const hint = subcommand ? suggest(subcommand, ["summary", "found", "breakdown"]) : null;
+      const hint = subcommand ? suggest(subcommand, ["summary", "found", "breakdown", "organization"]) : null;
       throw new Error(
-        subcommand ? `Unknown subcommand: metrics ${subcommand}${hint ? `. Did you mean "metrics ${hint}"?` : ""}` : "Usage: chainpatrol metrics <summary|found|breakdown>"
+        subcommand ? `Unknown subcommand: metrics ${subcommand}${hint ? `. Did you mean "metrics ${hint}"?` : ""}` : "Usage: chainpatrol metrics <summary|found|breakdown|organization>"
       );
     }
     case "reports": {
       if (subcommand === "list") {
         const org = await resolveOrg();
-        const { runReportsList } = await import("./list-AYHDFSQG.js");
+        const { runReportsList } = await import("./list-E5XNR2YG.js");
         await runReportsList({
           org,
           limit: cli.flags.limit,
@@ -1074,7 +1150,7 @@ async function main() {
       }
       if (subcommand === "create") {
         const org = await tryResolveOrg();
-        const { runReportsCreate } = await import("./create-EWS3SFCH.js");
+        const { runReportsCreate } = await import("./create-FL4QQTPN.js");
         await runReportsCreate({
           org,
           title: cli.flags.title,
@@ -1096,9 +1172,35 @@ async function main() {
         subcommand ? `Unknown subcommand: reports ${subcommand}${hint ? `. Did you mean "reports ${hint}"?` : ""}` : "Usage: chainpatrol reports <create|list>"
       );
     }
+    case "takedowns": {
+      if (subcommand === "list") {
+        const org = await tryResolveOrg();
+        const { runTakedownsList } = await import("./list-JPG2ZSR4.js");
+        await runTakedownsList({
+          org,
+          query: cli.flags.query,
+          from: cli.flags.from,
+          to: cli.flags.to,
+          assetType: parseCsvList(cli.flags.assetType),
+          takedownStatus: parseCsvList(cli.flags.takedownStatus),
+          livenessStatus: parseCsvList(cli.flags.livenessStatus),
+          sortBy: cli.flags.sortBy,
+          sortDirection: cli.flags.sortDirection,
+          perPage: cli.flags.perPage ?? cli.flags.limit,
+          nextPage: cli.flags.nextPage,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat
+        });
+        break;
+      }
+      const hint = subcommand ? suggest(subcommand, ["list"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: takedowns ${subcommand}${hint ? `. Did you mean "takedowns ${hint}"?` : ""}` : "Usage: chainpatrol takedowns list [--org <slug>] [filters]"
+      );
+    }
     case "queues": {
       if (subcommand === "snapshot") {
-        const { runQueuesSnapshot } = await import("./snapshot-C5MZWJTW.js");
+        const { runQueuesSnapshot } = await import("./snapshot-3FUJICJJ.js");
         await runQueuesSnapshot({
           org: cli.flags.org,
           all: cli.flags.all,
@@ -1116,7 +1218,7 @@ async function main() {
     }
     case "orgs": {
       if (subcommand === "list") {
-        const { runOrgsList } = await import("./list-SDBLGBVW.js");
+        const { runOrgsList } = await import("./list-XDGU6SJQ.js");
         await runOrgsList({
           query: cli.flags.query,
           subscriptionStatus: cli.flags.subscriptionStatus,
@@ -1136,7 +1238,7 @@ async function main() {
     }
     case "healthchecks": {
       if (subcommand === "list") {
-        const { runHealthchecksList } = await import("./list-DNRWKM5O.js");
+        const { runHealthchecksList } = await import("./list-BLNIE4GL.js");
         await runHealthchecksList({
           json: jsonMode,
           outputFormat: cliContext.outputFormat
@@ -1150,7 +1252,7 @@ async function main() {
           thresholds.minResults = cli.flags.minResults;
         if (cli.flags.lookbackHours !== void 0)
           thresholds.lookbackHours = cli.flags.lookbackHours;
-        const { runHealthchecksRun } = await import("./run-AQMJRFGL.js");
+        const { runHealthchecksRun } = await import("./run-2YZZGZYN.js");
         await runHealthchecksRun({
           org,
           id: action,
@@ -1168,7 +1270,7 @@ async function main() {
     }
     case "presets": {
       if (subcommand === "list") {
-        const { runPresetsList } = await import("./list-HFWSMLGJ.js");
+        const { runPresetsList } = await import("./list-ULHPOUJV.js");
         await runPresetsList({ outputFormat: cliContext.outputFormat });
         break;
       }
@@ -1179,7 +1281,7 @@ async function main() {
           );
         }
         const org = await resolveOrg();
-        const { runPresetsRun } = await import("./run-WJGHJPXN.js");
+        const { runPresetsRun } = await import("./run-EUVRC72M.js");
         await runPresetsRun({
           presetId: action,
           org,
@@ -1196,17 +1298,17 @@ async function main() {
     case "setup":
     case "install":
     case "i": {
-      const { setupSkill } = await import("./setup-skill-BLJLRCXL.js");
+      const { setupSkill } = await import("./setup-skill-HAENFIFQ.js");
       setupSkill({ json: jsonMode, cloud: cli.flags.cloud });
       break;
     }
     case "uninstall": {
-      const { uninstallSkill } = await import("./setup-skill-BLJLRCXL.js");
+      const { uninstallSkill } = await import("./setup-skill-HAENFIFQ.js");
       uninstallSkill({ json: jsonMode });
       break;
     }
     case "completions": {
-      const { printCompletions } = await import("./completions-D6SOLU2D.js");
+      const { printCompletions } = await import("./completions-62OW3B3Y.js");
       printCompletions(subcommand);
       break;
     }

package/dist/{completions-D6SOLU2D.js → completions-62OW3B3Y.js}

@@ -3,7 +3,7 @@ import {
   installCompletions,
   printCompletions,
   uninstallCompletions
-} from "./chunk-Z76CUWSS.js";
+} from "./chunk-YXRFUYA6.js";
 export {
   getCompletionScript,
   installCompletions,

package/dist/{configs-update-2IOSKZH5.js → configs-update-7X7657PB.js}

@@ -7,7 +7,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{create-EWS3SFCH.js → create-FL4QQTPN.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{drift-Q3VG3XG3.js → drift-JKBHWWFU.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{found-22B7RZT5.js → found-3WI4XQG4.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import {
   DateTime

package/dist/{healthcheck-C3AIMUJT.js → healthcheck-EVQVPGWW.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-IA4CSOIY.js → list-5DN6X3DP.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-JCMWDZYY.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import {
   AuthCorruptedError,
   AuthExpiredError,

package/dist/{list-DNRWKM5O.js → list-BLNIE4GL.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-AYHDFSQG.js → list-E5XNR2YG.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/list-JPG2ZSR4.js

@@ -0,0 +1,137 @@
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  LIVENESS_STATUSES,
+  TAKEDOWN_SORT_KEYS,
+  TAKEDOWN_STATUSES,
+  createApiClient
+} from "./chunk-SX3L6NKR.js";
+import "./chunk-EGWK6SRQ.js";
+import "./chunk-TFCNKBRC.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/takedowns/list.ts
+var TAKEDOWN_STATUS_SET = new Set(TAKEDOWN_STATUSES);
+var LIVENESS_STATUS_SET = new Set(LIVENESS_STATUSES);
+var SORT_KEY_SET = new Set(TAKEDOWN_SORT_KEYS);
+function toRow(takedown) {
+  return {
+    id: takedown.id,
+    status: takedown.status,
+    asset: takedown.asset.content,
+    assetType: takedown.asset.type,
+    livenessStatus: takedown.asset.livenessStatus ?? "",
+    brand: takedown.brand?.name ?? "",
+    assignee: takedown.assignee?.fullName ?? "",
+    createdAt: takedown.createdAt,
+    updatedAt: takedown.updatedAt
+  };
+}
+function validateEnumValues(values, validSet, flagName) {
+  if (!values || values.length === 0) return void 0;
+  const invalid = values.filter((value) => !validSet.has(value));
+  if (invalid.length > 0) {
+    throw new CliExitError(
+      `Invalid value(s) for --${flagName}: ${invalid.join(", ")}. Valid: ${Array.from(
+        validSet
+      ).join(", ")}`,
+      ExitCode.USAGE
+    );
+  }
+  return values;
+}
+async function runTakedownsList(options) {
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const perPage = options.perPage ?? 10;
+  if (perPage < 1 || perPage > 100) {
+    throw new CliExitError(
+      "takedowns list requires --per-page between 1 and 100.",
+      ExitCode.USAGE
+    );
+  }
+  const sortDirection = options.sortDirection ?? "desc";
+  if (sortDirection !== "asc" && sortDirection !== "desc") {
+    throw new CliExitError(
+      `Invalid --sort-direction '${sortDirection}'. Use 'asc' or 'desc'.`,
+      ExitCode.USAGE
+    );
+  }
+  if (options.sortBy && !SORT_KEY_SET.has(options.sortBy)) {
+    throw new CliExitError(
+      `Invalid --sort-by '${options.sortBy}'. Valid: ${TAKEDOWN_SORT_KEYS.join(", ")}`,
+      ExitCode.USAGE
+    );
+  }
+  const assetType = options.assetType?.length ? options.assetType : void 0;
+  const takedownStatus = validateEnumValues(
+    options.takedownStatus,
+    TAKEDOWN_STATUS_SET,
+    "takedown-status"
+  );
+  const livenessStatus = validateEnumValues(
+    options.livenessStatus,
+    LIVENESS_STATUS_SET,
+    "liveness-status"
+  );
+  const client = options.apiClient ?? createApiClient();
+  const input = {
+    organizationSlug: options.org,
+    query: options.query,
+    startDate: options.from,
+    endDate: options.to,
+    assetType,
+    takedownStatus,
+    livenessStatus,
+    perPage,
+    nextPage: options.nextPage,
+    sorting: options.sortBy ? [
+      {
+        key: options.sortBy,
+        direction: sortDirection
+      }
+    ] : void 0
+  };
+  const result = await client.listTakedowns(input);
+  const rows = result.takedowns.map(toRow);
+  printOutput({
+    outputFormat,
+    json: result,
+    markdown: [
+      `# Takedowns${options.org ? ` (${options.org})` : ""}`,
+      "",
+      `- Returned: ${result.takedowns.length}`,
+      `- Next page cursor: ${result.next_page ?? "none"}`,
+      "",
+      ...rows.map(
+        (row) => `- #${row.id} [${row.status}] ${row.asset} (${row.assetType}) brand=${row.brand || "-"} updated=${row.updatedAt}`
+      )
+    ].join("\n"),
+    csv: toCsvRows(rows),
+    human: () => {
+      if (result.takedowns.length === 0) {
+        console.log("No takedowns found.");
+        return;
+      }
+      console.log(
+        `Takedowns${options.org ? ` for ${options.org}` : ""} (returned ${result.takedowns.length})`
+      );
+      for (const row of rows) {
+        console.log(
+          `#${row.id} [${row.status}] ${row.asset} (${row.assetType}) brand=${row.brand || "-"} assignee=${row.assignee || "-"} updated=${row.updatedAt}`
+        );
+      }
+      if (result.next_page) {
+        console.log(`Next page cursor: ${result.next_page}`);
+      }
+    }
+  });
+}
+export {
+  runTakedownsList
+};

package/dist/{list-HFWSMLGJ.js → list-ULHPOUJV.js}

@@ -1,12 +1,12 @@
 import {
   PRESETS
-} from "./chunk-BJISZ3CY.js";
+} from "./chunk-37KYJWB3.js";
 import "./chunk-E2LAMILJ.js";
 import {
   printOutput,
   toCsvRows
 } from "./chunk-VFT3TD3E.js";
-import "./chunk-RIKR2WFT.js";
+import "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-SDBLGBVW.js → list-XDGU6SJQ.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-json-CEPGVUGF.js → list-json-R2MIXADX.js}

@@ -1,6 +1,6 @@
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/organization-MJRKWC4Z.js

@@ -0,0 +1,75 @@
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-SX3L6NKR.js";
+import "./chunk-EGWK6SRQ.js";
+import "./chunk-TFCNKBRC.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/metrics/organization.ts
+async function runMetricsOrganization(options) {
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const client = options.apiClient ?? createApiClient();
+  const input = {
+    organizationSlug: options.org,
+    brandSlug: options.brandSlug,
+    startDate: options.from,
+    endDate: options.to
+  };
+  const result = await client.getOrganizationMetrics(input);
+  const label = options.org ?? "your organization";
+  printOutput({
+    outputFormat,
+    json: result,
+    markdown: [
+      `# Organization Metrics (${label})`,
+      "",
+      `- Reports: ${result.metrics.reports}`,
+      `- New threats: ${result.metrics.newThreats}`,
+      `- Watchlisted threats: ${result.metrics.threatsWatchlisted}`,
+      `- Takedowns filed: ${result.metrics.takedownsFiled}`,
+      `- Takedowns completed: ${result.metrics.takedownsCompleted}`,
+      `- Domain threats: ${result.metrics.domainThreats}`,
+      `- Twitter threats: ${result.metrics.twitterThreats}`,
+      `- Telegram threats: ${result.metrics.telegramThreats}`,
+      `- Other threats: ${result.metrics.otherThreats}`
+    ].join("\n"),
+    csv: toCsvRows([
+      {
+        reports: result.metrics.reports,
+        newThreats: result.metrics.newThreats,
+        threatsWatchlisted: result.metrics.threatsWatchlisted,
+        takedownsFiled: result.metrics.takedownsFiled,
+        takedownsCompleted: result.metrics.takedownsCompleted,
+        domainThreats: result.metrics.domainThreats,
+        twitterThreats: result.metrics.twitterThreats,
+        telegramThreats: result.metrics.telegramThreats,
+        otherThreats: result.metrics.otherThreats
+      }
+    ]),
+    human: () => {
+      console.log(`Organization metrics for ${label}`);
+      console.log(`Reports: ${result.metrics.reports}`);
+      console.log(`New threats: ${result.metrics.newThreats}`);
+      console.log(`Watchlisted threats: ${result.metrics.threatsWatchlisted}`);
+      console.log(`Takedowns filed: ${result.metrics.takedownsFiled}`);
+      console.log(`Takedowns completed: ${result.metrics.takedownsCompleted}`);
+      console.log(
+        `Threat breakdown: domains=${result.metrics.domainThreats}, twitter=${result.metrics.twitterThreats}, telegram=${result.metrics.telegramThreats}, other=${result.metrics.otherThreats}`
+      );
+      if (result.blockedByDay.length > 0) {
+        console.log("");
+        console.log(`Blocked by day (${result.blockedByDay.length} entries):`);
+        for (const entry of result.blockedByDay) {
+          console.log(`  ${entry.date}: ${entry.count}`);
+        }
+      }
+    }
+  });
+}
+export {
+  runMetricsOrganization
+};

package/dist/{run-AQMJRFGL.js → run-2YZZGZYN.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{run-YTWNQD5X.js → run-5E5EC3MP.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{run-WJGHJPXN.js → run-EUVRC72M.js}

@@ -1,13 +1,13 @@
 import {
   getPresetDefinition,
   runPreset
-} from "./chunk-BJISZ3CY.js";
+} from "./chunk-37KYJWB3.js";
 import {
   CliExitError,
   ExitCode
 } from "./chunk-E2LAMILJ.js";
 import "./chunk-VFT3TD3E.js";
-import "./chunk-RIKR2WFT.js";
+import "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{setup-skill-BLJLRCXL.js → setup-skill-HAENFIFQ.js}

@@ -6,8 +6,8 @@ import {
   readInstalledSkillVersion,
   setupSkill,
   uninstallSkill
-} from "./chunk-R2DZGMGT.js";
-import "./chunk-Z76CUWSS.js";
+} from "./chunk-EPKNZRX6.js";
+import "./chunk-YXRFUYA6.js";
 export {
   getBundledSkillContent,
   getBundledSkillVersion,

package/dist/{snapshot-C5MZWJTW.js → snapshot-3FUJICJJ.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{summary-NQDZQEOD.js → summary-RVYQUKWV.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{validate-5DVPSXJP.js → validate-UOVKEAJM.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/package.json

@@ -2,7 +2,7 @@
   "name": "@chainpatrol/cli",
   "description": "The official ChainPatrol CLI — terminal interface for threat detection",
   "author": "Umar Ahmed <umar@chainpatrol.io>",
-  "version": "0.10.0",
+  "version": "0.11.0",
   "license": "UNLICENSED",
   "homepage": "https://chainpatrol.com/docs/cli",
   "keywords": [