@chainpatrol/cli 0.3.0 → 0.3.2

package/CHANGELOG.md

@@ -0,0 +1,88 @@
+# @chainpatrol/cli
+
+## 0.3.2
+
+### Patch Changes
+
+- 06ff227: `chainpatrol login`:
+
+  - Skip the browser auto-open when running in a headless / cloud context
+    (Claude Code on the web, GitHub Codespaces, Gitpod, Replit, CI, plain
+    SSH sessions, or Linux without a display server). Detection is opt-in
+    overridable with `CHAINPATROL_HEADLESS=1` / `CHAINPATROL_HEADLESS=0`.
+  - Print `verification_uri_complete` as the primary, one-step link when
+    the server returns it, so a copy-paste to another device (e.g. a
+    phone) works without separately typing the user code. The bare
+    `verification_uri` + code is shown as a fallback.
+  - `login --json` output now includes a `headless` boolean so automation
+    can adapt the way it presents the URL.
+
+  Claude Code skill bundled with the CLI:
+
+  - Stop hard-coding `/usr/local/bin/chainpatrol`. The "Running the CLI"
+    section now documents typical local vs cloud install locations
+    (e.g. `/opt/node*/bin/chainpatrol`), includes a command to discover
+    the binary path, and tells the assistant to substitute the resolved
+    full path in all invocations.
+
+## 0.3.1
+
+### Patch Changes
+
+- ea3c3dc: Switch the release pipeline from `changeset publish` to
+  `yarn workspaces foreach -A --no-private npm publish --tolerate-republish`
+  followed by `changeset tag`. `yarn npm publish` expands Yarn 4's
+  `catalog:` and `workspace:` protocols to concrete versions at pack time,
+  so the published `package.json` no longer leaks `"react": "catalog:"`
+  and `"zod": "catalog:"` (which npm cannot resolve — `npm i -g
+@chainpatrol/cli` was previously failing with `EUNSUPPORTEDPROTOCOL`).
+
+  `--tolerate-republish` makes the publish step idempotent on re-runs.
+  `changeset tag` continues to create per-package git tags after a
+  successful publish, so the rest of the release flow (and tag-driven
+  workflows like extension uploads) is unchanged.
+
+## 0.3.0
+
+### Minor Changes
+
+- fb27d31: Add version awareness to the CLI, plus an Organization HealthCheck Guide
+  in the Claude Code skill:
+  - Skill now includes an Organization HealthCheck Guide walking through the
+    full detection → reviewing → blocklisting → takedowns pipeline, so the
+    assistant can proactively look for what may be wrong for a given org
+    (config gaps, detection spikes/drops, review backlogs, auto-approve
+    spikes, Google Safe Browsing errors, stuck or cancelled takedowns,
+    automated takedowns disabled for too long, etc.). Skill description
+    expanded so phrasings like "org healthcheck", "audit my org", or
+    "what's wrong with org X" trigger the skill.
+  - Embed a `version` field in the Claude Code skill frontmatter (matches the
+    CLI package version) so the installed skill can be diffed against the
+    bundled one.
+  - On every command, run two lightweight version checks (skill freshness +
+    npm registry freshness) in parallel with the command, and print a one-line
+    stderr nudge if either is out of date. First-time users with no skill
+    installed are prompted to run `chainpatrol setup`.
+  - The npm check is throttled to once per 24 hours, capped at a 1.5s timeout,
+    and skipped in JSON / quiet modes. Set `CHAINPATROL_NO_UPDATE_CHECK=1` to
+    silence both checks.
+  - Fix the `--version` flag to read from `package.json` (was hardcoded to
+    `0.1.0`).
+
+## 0.2.2
+
+### Patch Changes
+
+- bump patch to test publishing workflow
+
+## 0.2.1
+
+### Patch Changes
+
+- bump ink version
+
+## 0.2.0
+
+### Minor Changes
+
+- 32986bf: Various improvements and fixes to the ChainPatrol CLI.

package/dist/{chunk-T4DYUWUD.js → chunk-S7PQNG4E.js}

@@ -97,15 +97,39 @@ platform using the CLI tool.
 
 ## Running the CLI
 
-IMPORTANT: Claude Code's sandbox shell has a minimal PATH (/usr/bin:/bin:/usr/sbin:/sbin)
-that does NOT include /usr/local/bin. Always use the full path to the binary:
+IMPORTANT: Claude Code's sandbox shell often has a minimal PATH
+(\`/usr/bin:/bin:/usr/sbin:/sbin\`) that may not include the directory where
+\`chainpatrol\` is installed, so bare \`chainpatrol\` calls may fail with
+"command not found". Always invoke the CLI by its full path.
+
+The install location depends on the environment:
+
+- **Local installs** typically land at \`/usr/local/bin/chainpatrol\` (when
+  installed globally via \`npm install -g @chainpatrol/cli\`).
+- **Cloud / sandboxed environments** (e.g. Claude Code on the web, Cursor
+  Cloud) often install Node into \`/opt\` and the binary ends up under a
+  Node-version-specific path like \`/opt/node22/bin/chainpatrol\`. Variants
+  such as \`/opt/node20/bin/chainpatrol\` or \`/opt/node21/bin/chainpatrol\`
+  are also possible depending on which Node version is active.
+
+To find the binary, try (in order):
+
+\`\`\`bash
+command -v chainpatrol \\
+  || ls /usr/local/bin/chainpatrol /opt/node*/bin/chainpatrol 2>/dev/null \\
+  | head -n 1
+\`\`\`
+
+Then use that full path for every subsequent command, e.g.:
 
 \`\`\`bash
+/opt/node22/bin/chainpatrol <command> [options]
+# or
 /usr/local/bin/chainpatrol <command> [options]
 \`\`\`
 
-All examples below use the short name for readability, but you MUST use
-\`/usr/local/bin/chainpatrol\` in all Bash commands.
+All examples below use the short name \`chainpatrol\` for readability, but you
+MUST substitute the full resolved path in your Bash commands.
 
 ## Available Commands
 

package/dist/chunk-ZVM45CTB.js

@@ -0,0 +1,19 @@
+// src/lib/headless.ts
+function isHeadlessEnv(env = process.env, platform = process.platform) {
+  if (env.CHAINPATROL_HEADLESS === "1") return true;
+  if (env.CHAINPATROL_HEADLESS === "0") return false;
+  if (env.CLAUDE_CODE_REMOTE === "true") return true;
+  if (env.CODESPACES === "true") return true;
+  if (env.GITPOD_WORKSPACE_ID) return true;
+  if (env.REPL_ID) return true;
+  if (env.CI === "true") return true;
+  if (env.SSH_CONNECTION || env.SSH_TTY) return true;
+  if (platform === "linux" && !env.DISPLAY && !env.WAYLAND_DISPLAY && !env.MIR_SOCKET) {
+    return true;
+  }
+  return false;
+}
+
+export {
+  isHeadlessEnv
+};

package/dist/cli.js

@@ -13,7 +13,7 @@ import {
   getCliVersion,
   isSkillInstalled,
   readInstalledSkillVersion
-} from "./chunk-T4DYUWUD.js";
+} from "./chunk-S7PQNG4E.js";
 import "./chunk-IUZB3DQW.js";
 import {
   DateTime
@@ -746,11 +746,11 @@ async function main() {
         );
       }
       if (jsonMode) {
-        const { loginJson } = await import("./login-json-LKB72OFY.js");
+        const { loginJson } = await import("./login-json-Y3AIQIIB.js");
         await loginJson();
       } else {
         const { render } = await import("ink");
-        const { default: Login } = await import("./login-G7LPHKDR.js");
+        const { default: Login } = await import("./login-ML2EKF44.js");
         const { default: React } = await import("react");
         render(React.createElement(Login));
       }
@@ -1029,12 +1029,12 @@ async function main() {
     case "setup":
     case "install":
     case "i": {
-      const { setupSkill } = await import("./setup-skill-ZUZ5MYLI.js");
+      const { setupSkill } = await import("./setup-skill-XZRLJE3A.js");
       setupSkill({ json: jsonMode });
       break;
     }
     case "uninstall": {
-      const { uninstallSkill } = await import("./setup-skill-ZUZ5MYLI.js");
+      const { uninstallSkill } = await import("./setup-skill-XZRLJE3A.js");
       uninstallSkill({ json: jsonMode });
       break;
     }

package/dist/{login-G7LPHKDR.js → login-ML2EKF44.js}

@@ -2,6 +2,9 @@ import {
   ErrorDisplay,
   Spinner
 } from "./chunk-JCMWDZYY.js";
+import {
+  isHeadlessEnv
+} from "./chunk-ZVM45CTB.js";
 import {
   fetchUserEmail,
   getCredentials,
@@ -43,9 +46,11 @@ function Login() {
     setState({ phase: "requesting-code" });
     requestDeviceCode().then((deviceCode) => {
       setState({ phase: "waiting-for-approval", deviceCode });
-      const uri = deviceCode.verification_uri_complete ?? deviceCode.verification_uri;
-      open(uri).catch(() => {
-      });
+      if (!isHeadlessEnv()) {
+        const uri = deviceCode.verification_uri_complete ?? deviceCode.verification_uri;
+        open(uri).catch(() => {
+        });
+      }
     }).catch((err) => {
       setState({
         phase: "error",
@@ -130,19 +135,34 @@ function Login() {
       ] });
     case "requesting-code":
       return /* @__PURE__ */ jsx(Spinner, { label: "Requesting device code..." });
-    case "waiting-for-approval":
+    case "waiting-for-approval": {
+      const completeUri = state.deviceCode.verification_uri_complete;
       return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", gap: 1, children: [
         /* @__PURE__ */ jsxs(Box, { children: [
-          /* @__PURE__ */ jsx(Text, { children: "Your code is: " }),
+          /* @__PURE__ */ jsx(Text, { children: "Your code: " }),
           /* @__PURE__ */ jsx(Text, { bold: true, color: "cyan", children: state.deviceCode.user_code.length === 8 ? `${state.deviceCode.user_code.slice(0, 4)}-${state.deviceCode.user_code.slice(4)}` : state.deviceCode.user_code })
         ] }),
-        /* @__PURE__ */ jsxs(Text, { children: [
+        completeUri ? /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
+          /* @__PURE__ */ jsx(Text, { children: "Open this URL on any device to approve in one step:" }),
+          /* @__PURE__ */ jsxs(Text, { color: "blue", underline: true, children: [
+            "  ",
+            completeUri
+          ] }),
+          /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+            "Or visit ",
+            state.deviceCode.verification_uri,
+            " and enter the code above."
+          ] })
+        ] }) : /* @__PURE__ */ jsxs(Text, { children: [
           "Open this URL in your browser:",
           " ",
-          /* @__PURE__ */ jsx(Text, { color: "blue", underline: true, children: state.deviceCode.verification_uri })
+          /* @__PURE__ */ jsx(Text, { color: "blue", underline: true, children: state.deviceCode.verification_uri }),
+          " ",
+          "and enter the code above."
         ] }),
         /* @__PURE__ */ jsx(Spinner, { label: "Waiting for approval..." })
       ] });
+    }
     case "success":
       return /* @__PURE__ */ jsxs(Text, { children: [
         /* @__PURE__ */ jsx(Text, { color: "green", bold: true, children: "\u2713" }),

package/dist/{login-json-LKB72OFY.js → login-json-Y3AIQIIB.js}

@@ -1,3 +1,6 @@
+import {
+  isHeadlessEnv
+} from "./chunk-ZVM45CTB.js";
 import {
   fetchUserEmail,
   getCredentials,
@@ -24,7 +27,8 @@ async function loginJson() {
       user_code: deviceCode.user_code,
       verification_uri: deviceCode.verification_uri,
       verification_uri_complete: deviceCode.verification_uri_complete ?? null,
-      expires_in: deviceCode.expires_in
+      expires_in: deviceCode.expires_in,
+      headless: isHeadlessEnv()
     })
   );
   let interval = deviceCode.interval * 1e3;

package/dist/{setup-skill-ZUZ5MYLI.js → setup-skill-XZRLJE3A.js}

@@ -6,7 +6,7 @@ import {
   readInstalledSkillVersion,
   setupSkill,
   uninstallSkill
-} from "./chunk-T4DYUWUD.js";
+} from "./chunk-S7PQNG4E.js";
 import "./chunk-IUZB3DQW.js";
 export {
   getBundledSkillContent,

package/package.json

@@ -2,7 +2,7 @@
   "name": "@chainpatrol/cli",
   "description": "The official ChainPatrol CLI — terminal interface for threat detection",
   "author": "Umar Ahmed <umar@chainpatrol.io>",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "license": "UNLICENSED",
   "homepage": "https://chainpatrol.com/docs/cli",
   "keywords": [
@@ -36,16 +36,16 @@
     "ink": "^7.0.1",
     "meow": "^14.1.0",
     "open": "^11.0.0",
-    "react": "catalog:",
-    "zod": "catalog:"
+    "react": "^19.2.4",
+    "zod": "^3.25.76"
   },
   "devDependencies": {
-    "@types/react": "catalog:",
+    "@types/react": "^19.2.7",
     "ink-testing-library": "^4.0.0",
     "msw": "^2.0.0",
     "tsup": "^8.5.0",
-    "tsx": "catalog:",
-    "typescript": "catalog:",
-    "vitest": "catalog:"
+    "tsx": "^4.19.4",
+    "typescript": "6.0.2",
+    "vitest": "^3.2.4"
   }
-}
+}