@chainpatrol/cli 0.3.4 → 0.4.1

package/CHANGELOG.md

@@ -1,5 +1,54 @@
 # @chainpatrol/cli
 
+## 0.4.1
+
+### Patch Changes
+
+- 9126b45: Split the `reviewing.backlog` healthcheck into reviewable vs. total pending so the count matches the reviewing page in the app. The endpoint now reports `pendingProposals` (total), `reviewableProposals` (the subset the UI shows by default — assets not watchlisted, or reports from a customer), and `watchlistedHiddenProposals` (delta). Severity grades on the reviewable count; a non-zero watchlisted bucket surfaces as a warn-level finding. The bundled CLI skill is updated to document the new shape.
+- fb0b846: Split the reviewing healthchecks along the operational divide between "Needs Review" (high-priority queue reviewers act on) and "Watchlisted" (intentionally deferred bucket):
+
+  - `reviewing.backlog` and `reviewing.old-proposals` now grade the Needs-Review bucket only — assets not on a watchlist, or reports submitted by a customer. Their counts now match what the reviewing page in the app shows by default.
+  - Two new checks cover the Watchlisted bucket as separate first-class signals: `reviewing.watchlist-backlog` (pile-up of watchlisted pending proposals) and `reviewing.watchlist-old` (watchlisted proposals deferred too long). Severity for both is **capped at warn** — watchlist cleanup matters but should never block on the same SLA as Needs Review.
+
+  The CLI skill is updated to spell out the distinction so a healthcheck report groups findings under the right bucket.
+
+## 0.4.0
+
+### Minor Changes
+
+- b5de201: Add a `healthchecks` namespace to the public API and CLI.
+
+  The new `healthchecks list` returns a registry of every check the platform
+  exposes today, including planned checks that are not yet implemented on the
+  backend (marked `implemented: false` with a `notImplementedReason`). The new
+  `healthchecks run <id|--all> --org <slug>` runs a single check or every
+  implemented check in parallel and returns each result in a uniform shape
+  (`id`, `severity`, `observed`, `threshold`, `findings`, `suggestedAction`).
+
+  Implemented checks in this release:
+
+  - `detections.silent-configs` — the existing detection-config healthcheck,
+    wrapped in the uniform shape. The original `detections healthcheck`
+    command continues to work.
+  - `reviewing.backlog` — counts pending review proposals and grades severity
+    against per-org thresholds (default warn=50, fail=100).
+  - `reviewing.old-proposals` — counts proposals older than the warn / fail
+    age thresholds (default 7 / 14 days) and lists the oldest offenders.
+  - `takedowns.stale-in-progress` — counts takedowns sitting in IN_PROGRESS
+    past the staleness threshold (default 7 days).
+
+  Planned but not yet implemented (still returned by `list` with
+  `implemented: false`): `detections.coverage-gaps`, `detections.spike`,
+  `detections.drop`, `reviewing.auto-approval-spike`,
+  `blocklisting.gsb-cancelled-rate`, `takedowns.todo-volume`,
+  `takedowns.cancelled-rate`, `takedowns.automation-off`.
+
+  The bundled Claude Code skill is updated to (a) document the new namespace,
+  (b) recommend `healthchecks run --all` as the canonical entrypoint when a
+  user asks to run a healthcheck on an org, and (c) mark every not-yet-
+  implemented check in the HealthCheck Guide with a "manual check, no API
+  yet" note so the agent surfaces that gap explicitly.
+
 ## 0.3.4
 
 ### Patch Changes

package/dist/{breakdown-FFNYSXRQ.js → breakdown-EBSACUST.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{chunk-DOL35U2S.js → chunk-F4GU6AII.js}

@@ -297,6 +297,96 @@ Use it as the first signal in the Detection part of an org healthcheck, then
 fall back to the manual checks in the HealthCheck Guide below for everything
 else.
 
+> Prefer the newer \`healthchecks\` namespace below. \`detections healthcheck\`
+> is the original single-purpose command; the \`healthchecks\` namespace is
+> the canonical place to discover and run every check we expose.
+
+### \`healthchecks list | run\` \u2014 Run uniform org healthchecks via the public API
+
+The \`healthchecks\` namespace is the canonical way to run the named checks
+from the Organization HealthCheck Guide below. Each implemented endpoint
+returns the same uniform shape \u2014 \`{ id, ok, severity, observed, threshold,
+findings, suggestedAction }\` \u2014 so the CLI / agent can render every check the
+same way regardless of category.
+
+\`\`\`bash
+# Discover every check the platform exposes today, including planned checks
+# that are not yet implemented on the backend.
+chainpatrol --json healthchecks list
+
+# Run a single named check.
+chainpatrol --json healthchecks run reviewing.backlog --org <slug>
+
+# Run every implemented check in parallel and aggregate the results.
+chainpatrol --json healthchecks run --all --org <slug>
+\`\`\`
+
+Each implemented check has a stable id of the form \`category.name\`, e.g.
+\`detections.silent-configs\`, \`reviewing.backlog\`,
+\`reviewing.old-proposals\`, \`reviewing.watchlist-backlog\`,
+\`reviewing.watchlist-old\`, \`takedowns.stale-in-progress\`.
+
+### Pending proposals: "Needs Review" vs "Watchlisted"
+
+PENDING proposals split into two operationally distinct buckets, and we
+grade them with separate checks:
+
+- **Needs Review** \u2014 pending proposals the reviewing UI shows by default
+  (\`excludeWatchlisted=true\`): assets that are NOT on a watchlist, OR
+  reports submitted by a customer (those stay visible even when the asset
+  is watchlisted). This is the actionable queue reviewers work from, so
+  pile-ups and old items here are high-priority signals (\`fail\` severity
+  is reachable).
+- **Watchlisted** \u2014 pending proposals on watchlisted assets (excluding
+  customer-reported reports). The reviewing UI hides these by default
+  because watchlisting is the act of intentionally deferring an asset.
+  Pile-ups and aged items here are worth surfacing as cleanup work, but
+  severity is **capped at warn** so they never block on the same SLA as
+  Needs Review. When reporting findings, treat these as lower-priority.
+
+Implemented checks today:
+
+- **detections.silent-configs** \u2014 equivalent to \`detections healthcheck\`,
+  exposed under the uniform shape.
+- **reviewing.backlog** \u2014 counts Needs Review pending proposals and grades
+  severity against per-org thresholds (default warn=50, fail=100).
+- **reviewing.old-proposals** \u2014 counts Needs Review proposals older than
+  the warn / fail age thresholds (default 7 / 14 days) and lists the
+  oldest offenders.
+- **reviewing.watchlist-backlog** \u2014 counts watchlisted pending proposals
+  (default warn=200). Severity capped at warn.
+- **reviewing.watchlist-old** \u2014 counts watchlisted pending proposals older
+  than the warn-age threshold (default 30 days) and lists the oldest.
+  Severity capped at warn.
+- **takedowns.stale-in-progress** \u2014 counts takedowns sitting in IN_PROGRESS
+  past the staleness threshold (default 7 days) and lists the oldest.
+
+The following checks are listed by \`healthchecks list\` (\`implemented: false\`)
+but **not yet implemented on the backend** \u2014 when the agent surfaces them in
+a healthcheck report, mark them explicitly as "manual check, no API yet":
+
+- **detections.coverage-gaps** \u2014 blocked assets vs. enabled-source correlation.
+  Still requires manual reasoning with \`configs list\` + \`reports list\`.
+- **detections.spike** / **detections.drop** \u2014 require server-side baseline
+  modeling. Use \`metrics breakdown --by day\` as an interim signal.
+- **reviewing.auto-approval-spike** \u2014 needs distinguishing automation vs.
+  human approvers in the review history. Use \`metrics breakdown\` as a proxy.
+- **blocklisting.gsb-cancelled-rate** \u2014 Google Safe Browsing submission state
+  is not yet exposed in the public API.
+- **takedowns.todo-volume** / **takedowns.cancelled-rate** /
+  **takedowns.automation-off** \u2014 the underlying read paths are not yet exposed.
+
+When the user asks to "run a healthcheck on org X", the canonical command is:
+
+\`\`\`bash
+chainpatrol --json healthchecks run --all --org X
+\`\`\`
+
+This iterates the implemented entries in \`healthchecks list\`, runs them in
+parallel, and aggregates the uniform results. Combine with the manual checks
+in the HealthCheck Guide below for everything still marked
+\`implemented: false\`.
+
 ### \`queues snapshot\` \u2014 Operations review/takedown queue snapshot
 
 Server-side aggregation of the operations review queue (pending proposals,
@@ -442,16 +532,26 @@ others are soft / qualitative signals that still need you to fetch data with
 
 ### Quick Path: CLI commands that automate parts of this guide
 
-Run these first to get cheap, structured signals before falling back to the
-manual checks in each subsection:
+The canonical first step is now the \`healthchecks\` namespace, which runs
+every implemented check via the public API and returns a uniform shape per
+check (\`id\`, \`severity\`, \`observed\`, \`threshold\`, \`findings\`,
+\`suggestedAction\`):
 
 \`\`\`bash
-# Detection: configs that have gone silent or are erroring
-chainpatrol --json detections healthcheck --org <slug>
+# Discover every check the platform exposes, implemented or planned.
+chainpatrol --json healthchecks list
 
-# Reviewing & Takedowns: backlog, SLA breaches, stuck takedowns
-chainpatrol --json queues snapshot --org <slug>
+# Run every implemented healthcheck in parallel and aggregate the results.
+chainpatrol --json healthchecks run --all --org <slug>
+
+# Run a single named check.
+chainpatrol --json healthchecks run reviewing.backlog --org <slug>
+\`\`\`
+
+After \`healthchecks run --all\`, use these complementary commands to cover
+the signals that are not yet exposed as a uniform healthcheck endpoint:
 
+\`\`\`bash
 # Spikes / drops in detection volume over time (compare windows)
 chainpatrol --json metrics breakdown --org <slug> --by day --this-week
 
@@ -461,6 +561,9 @@ chainpatrol --json reports list --org <slug> --reported-by-customer
 # What's enabled vs disabled vs not configured for the org
 chainpatrol --json configs list --org <slug>
 
+# Snapshot of review/takedown queues \u2014 raw counts behind several healthchecks
+chainpatrol --json queues snapshot --org <slug>
+
 # Packaged weekly customer-success sweep (preferred when it covers the ask)
 chainpatrol presets run cs-weekly-health --org <slug>
 \`\`\`
@@ -469,7 +572,8 @@ Treat each command's output as one input to the healthcheck. The manual
 checks below still apply \u2014 especially for signals the CLI cannot infer on
 its own (e.g. "lots of Twitter assets are blocked but Twitter Post Search
 is disabled", or "this drop is fine because the config isn't relevant
-to this org").
+to this org"). Each subsection of the guide notes whether a healthcheck
+endpoint exists today and what to fall back on when it doesn't.
 
 ### Reporting progress while running a healthcheck
 
@@ -524,13 +628,15 @@ turned off. For example: lots of Twitter assets are on the blocklist, but
 detection sources like "Twitter / X User Search" or "Twitter Post Search" are
 disabled. Those should be turned on.
 
-**Run via CLI:** there is no single command for this \u2014 it's a manual
-correlation. Fetch the org's enabled vs disabled configs with
-\`chainpatrol --json configs list --org <slug>\`, then look at recent reports
-(\`chainpatrol --json reports list --org <slug>\`) and the asset types of any
-blocked items. Flag any asset type where blocked items exist but the matching
-detection source has \`status: "disabled"\` (or appears in the "Not configured"
-group).
+**Run via CLI:** **Not yet implemented as a healthcheck endpoint.** Listed in
+\`healthchecks list\` as \`detections.coverage-gaps\` with
+\`implemented: false\` \u2014 when reporting this signal in a healthcheck, note
+"manual check, no API yet". Until the endpoint lands, do the correlation
+manually: \`chainpatrol --json configs list --org <slug>\` for enabled vs
+disabled configs, then \`chainpatrol --json reports list --org <slug>\` for
+recent blocked-item asset types. Flag any asset type where blocked items
+exist but the matching detection source has \`status: "disabled"\` (or
+appears in the "Not configured" group).
 
 #### Spike in Detections
 
@@ -538,7 +644,9 @@ A spike in recent detections is worth investigating. It could be a bad config
 change, or it could be a legitimate new attack push in this area \u2014 useful
 intel to surface to the security team as a targeted spike.
 
-**Run via CLI:** \`chainpatrol --json metrics breakdown --org <slug> --by day --this-week\`
+**Run via CLI:** **Not yet implemented as a healthcheck endpoint.** Listed
+in \`healthchecks list\` as \`detections.spike\` with \`implemented: false\`.
+Until the endpoint lands, use \`chainpatrol --json metrics breakdown --org <slug> --by day --this-week\`
 (and a comparison window via \`--from\`/\`--to\`) to see daily detection
 volume. Anything notably above the recent baseline is a spike \u2014 cross-reference
 against recent config changes for that source.
@@ -549,40 +657,85 @@ A drop is also worth looking into. It may be a bad config change, or it may
 mean the config is not really relevant and can be safely turned off (not all
 default-on configs are relevant to every org).
 
-**Run via CLI:** the same \`metrics breakdown\` time series catches drops.
-Additionally, \`chainpatrol --json detections healthcheck --org <slug>\`
-fails configs whose \`recentResultCount\` is below \`--min-results\` in the
-\`--lookback-hours\` window \u2014 that's exactly a "this source went silent"
-signal. Use \`--run\` to also catch configs that error when executed.
+**Run via CLI:** the extreme case ("this source went silent") is covered
+today by \`chainpatrol --json healthchecks run detections.silent-configs --org <slug>\`,
+which is the canonical replacement for the older \`detections healthcheck\`.
+It fails any config whose \`recentResultCount\` is below \`--min-results\`
+in the \`--lookback-hours\` window; pass \`--run\` (via the lower-level
+\`detections healthcheck --run\`) to also catch configs that error when
+executed. For soft drops (still producing results but below baseline),
+\`detections.drop\` is marked \`implemented: false\` in \`healthchecks list\`
+\u2014 use \`metrics breakdown --by day\` and compare windows manually.
 
 ### Reviewing
 
-#### Pile Up / Backlog of Unreviewed Proposals
+PENDING proposals split into two operationally distinct buckets:
+
+- **Needs Review** \u2014 assets not on a watchlist, or reports submitted by a
+  customer. This is the reviewing UI's default view (\`excludeWatchlisted=true\`)
+  and the actionable queue reviewers work from. Pile-ups and aged items
+  here are high priority \u2014 \`fail\` severity is reachable.
+- **Watchlisted** \u2014 pending proposals on watchlisted assets (excluding
+  customer-reported reports). The UI hides these by default because
+  watchlisting is the act of intentionally deferring the asset. Pile-ups
+  and aged items here are worth surfacing as cleanup work but **severity
+  is capped at warn** \u2014 they should never block on the same SLA as Needs
+  Review.
+
+Each bucket has its own pile-up and age check, so you can grade them
+independently and tune thresholds without one drowning the other.
+
+#### Pile Up / Backlog of Needs-Review Proposals
 
 Too many proposals waiting in review. For most organizations this is over 100
 reports, but really the threshold is relative to the average number of
 confirmed threats per week. Example: if an org only adds 5 blocked threats per
 week, then a 7-day backlog of even 10 proposals is a really big deal.
 
-**Run via CLI:** \`chainpatrol --json queues snapshot --org <slug>\` returns
-\`reviewQueue.totalPendingProposals\` and \`reviewQueue.distinctReports\`.
-Compare against the org's typical weekly throughput (use
-\`metrics summary --this-week\` for that baseline) \u2014 a backlog that exceeds
-a week of typical confirmed-threat volume is a finding regardless of the
-absolute number.
-
-#### Really Old Proposals
-
-Any proposal waiting for review longer than 14 days is a sign something has
-gone wrong. Even complex investigations rarely take longer than this. Except
-for rare cases, these should be rejected or approved to prevent a backlog
-from building.
-
-**Run via CLI:** \`queues snapshot\` returns \`reviewQueue.ageBuckets.gte168h\`
-(proposals older than 7 days). Anything in that bucket is at least halfway
-to the 14-day threshold; investigate. \`reviewQueue.slaBuckets.breached\`
-captures the strictest SLA breaches separately \u2014 any non-zero value is
-worth raising.
+**Run via CLI:** **Implemented as \`healthchecks run reviewing.backlog\`.**
+The endpoint counts the **Needs Review** subset only (assets not
+watchlisted, or reports marked \`reportedByCustomer\`) and grades severity
+against per-org thresholds (default warn=50, fail=100; override with
+\`--warn-threshold\` / \`--fail-threshold\` via the run payload). This is
+the number the reviewing page in the app shows by default, so the
+healthcheck output matches what reviewers see.
+
+For raw counts plus SLA / age breakdowns,
+\`chainpatrol --json queues snapshot --org <slug>\` remains useful and
+exposes \`reviewQueue.totalPendingProposals\` and
+\`reviewQueue.distinctReports\` (note: \`queues snapshot\` does NOT apply
+the watchlist filter, so its number is the sum of Needs Review +
+Watchlisted). Compare against the org's typical weekly throughput
+(use \`metrics summary --this-week\` for that baseline) \u2014 a backlog that
+exceeds a week of typical confirmed-threat volume is a finding regardless
+of the absolute number.
+
+#### Really Old Needs-Review Proposals
+
+Any Needs-Review proposal waiting longer than 14 days is a sign something
+has gone wrong. Even complex investigations rarely take longer than this.
+Except for rare cases, these should be rejected or approved to prevent a
+backlog from building.
+
+**Run via CLI:** **Implemented as \`healthchecks run reviewing.old-proposals\`.**
+The endpoint counts Needs-Review proposals older than the warn / fail age
+thresholds (default 7 / 14 days) and lists the oldest offenders in
+\`findings\`. \`queues snapshot\` (\`reviewQueue.ageBuckets.gte168h\`) still
+works as a raw view, and \`reviewQueue.slaBuckets.breached\` captures the
+strictest SLA breaches separately \u2014 any non-zero value is worth raising.
+
+#### Watchlist Pile-Up / Old Watchlisted Proposals
+
+Watchlisted-pending proposals are deferred on purpose, but they shouldn't
+grow unbounded \u2014 a huge pile or very-old items signal that the watchlist
+needs a cleanup pass. These don't block on the same SLA as Needs Review.
+
+**Run via CLI:** **Implemented as \`healthchecks run reviewing.watchlist-backlog\`**
+(pile-up count, default warn=200) and
+**\`healthchecks run reviewing.watchlist-old\`** (default warn-age 30
+days). Both cap severity at warn. When reporting findings during an org
+healthcheck, group them under "watchlist cleanup" rather than mixing with
+Needs-Review findings \u2014 they're operationally different concerns.
 
 #### Spike in Auto Approved Reports
 
@@ -594,8 +747,10 @@ cases, notify an engineer at ChainPatrol and check any detection configs you
 adjusted recently, since those may be the cause of spam combined with a weak
 rule.
 
-**Run via CLI:** there is no dedicated subcommand for the auto-approval
-rate yet. As a proxy, use \`chainpatrol --json metrics breakdown --org <slug> --by day --this-week\`
+**Run via CLI:** **Not yet implemented as a healthcheck endpoint.** Listed
+in \`healthchecks list\` as \`reviewing.auto-approval-spike\` with
+\`implemented: false\`. As a proxy until the endpoint lands, use
+\`chainpatrol --json metrics breakdown --org <slug> --by day --this-week\`
 and look for a sudden surge in \`newThreats\` / \`threatsWatchlisted\` that
 isn't matched by a parallel rise in reviewer activity \u2014 that gap usually
 points at automation doing the approving.
@@ -613,9 +768,10 @@ also take a look at the org's custom detection sources \u2014 it's possible ther
 are too many false positives landing on the blocklist, indicating issues with
 detection and reviewing rules.
 
-**Run via CLI:** not yet \u2014 the CLI does not expose Google Safe Browsing
-submission state today. Until the new public API lands, this remains a
-manual / engineering-team check.
+**Run via CLI:** **Not yet implemented as a healthcheck endpoint.** Listed
+in \`healthchecks list\` as \`blocklisting.gsb-cancelled-rate\` with
+\`implemented: false\`. Until Google Safe Browsing submission state is
+exposed in the public API, this remains a manual / engineering-team check.
 
 ### Takedowns
 
@@ -625,8 +781,11 @@ Can mean a gap in automated takedowns not being implemented for some new area
 of threats. It can also mean the areas that require manual takedowns are
 being missed by the takedown team.
 
-**Run via CLI:** \`chainpatrol --json queues snapshot --org <slug>\` returns
-\`takedownQueue.totalOpen\` and breakdowns by status. A persistently large
+**Run via CLI:** **Not yet implemented as a healthcheck endpoint.** Listed
+in \`healthchecks list\` as \`takedowns.todo-volume\` with
+\`implemented: false\` (needs a per-org throughput baseline). As an interim
+signal, \`chainpatrol --json queues snapshot --org <slug>\` returns
+\`takedownQueue.totalOpen\` and breakdowns by status; a persistently large
 ToDo bucket relative to the org's typical takedown rate (use
 \`metrics summary\` for that baseline) is the finding.
 
@@ -636,10 +795,12 @@ Typically means something is wrong with the submission itself. The takedown
 may need to be resubmitted, the vendor asked for more evidence, or we may
 have submitted it in the wrong place.
 
-**Run via CLI:** \`queues snapshot\` returns \`takedownQueue.staleInProgress\`
-\u2014 takedowns that have sat in In Progress past the expected vendor turnaround.
-Any non-zero value is worth investigating; a growing number across snapshots
-strongly suggests a vendor-side or submission-format problem.
+**Run via CLI:** **Implemented as \`healthchecks run takedowns.stale-in-progress\`.**
+The endpoint counts takedowns sitting in IN_PROGRESS past the staleness
+threshold (default 7 days) and lists the oldest offenders in \`findings\`.
+\`queues snapshot\` (\`takedownQueue.staleInProgress\`) still works as a raw
+view. Any non-zero value is worth investigating; a growing number across
+snapshots strongly suggests a vendor-side or submission-format problem.
 
 #### Too Many Cancelled Takedowns
 
@@ -648,7 +809,10 @@ do this takedown" for some reason. Cases like adding an item to the blocklist
 when it's already taken down are treated as completed, not cancelled. So even
 3 cancelled takedowns in a 7-day period is too many.
 
-**Run via CLI:** no first-class command yet. As an interim signal, use
+**Run via CLI:** **Not yet implemented as a healthcheck endpoint.** Listed
+in \`healthchecks list\` as \`takedowns.cancelled-rate\` with
+\`implemented: false\` (public API does not yet expose CANCELLED takedown
+counts over a rolling window). As an interim signal, use
 \`chainpatrol --json metrics breakdown --org <slug> --by day --this-week\`
 and compare \`takedownsFiled\` vs \`takedownsCompleted\` for a sudden
 divergence \u2014 a widening gap with no In-Progress growth often shows up as
@@ -660,9 +824,12 @@ Automated takedowns should be on by default for nearly every organization.
 Any issue that would make you want to turn off automated takedowns should be
 resolved within 30 days.
 
-**Run via CLI:** not yet exposed in a single command. Check this manually
-with the org's takedown automation settings; the CLI's role here is mostly
-to highlight stale state in \`queues snapshot\` so you know to ask.
+**Run via CLI:** **Not yet implemented as a healthcheck endpoint.** Listed
+in \`healthchecks list\` as \`takedowns.automation-off\` with
+\`implemented: false\` (public API does not yet expose automated-takedown
+enablement state). Check this manually with the org's takedown automation
+settings; the CLI's role here is mostly to highlight stale state in
+\`queues snapshot\` so you know to ask.
 `;
 }
 function getBundledSkillVersion() {

package/dist/{chunk-44FSS3CZ.js → chunk-MXUZR2BV.js}

@@ -141,6 +141,12 @@ function createApiClient(options) {
         searchQuery: input.searchQuery,
         reportedByCustomer: input.reportedByCustomer
       });
+    },
+    listHealthchecks() {
+      return request("/healthchecks/list", {});
+    },
+    runHealthcheck(endpoint, input) {
+      return request(endpoint, input);
     }
   };
 }

package/dist/{chunk-WBKCXGLV.js → chunk-PIYOWGBZ.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";

package/dist/cli.js

@@ -13,7 +13,7 @@ import {
   getCliVersion,
   isSkillInstalled,
   readInstalledSkillVersion
-} from "./chunk-DOL35U2S.js";
+} from "./chunk-F4GU6AII.js";
 import "./chunk-IUZB3DQW.js";
 import {
   DateTime
@@ -281,6 +281,35 @@ var HELP = {
       "--window-hours <n>    Hours used for staleness windows"
     ]
   },
+  healthchecks: {
+    description: "Run organization healthchecks via the public API. Use `list` to see every available check (including planned ones not yet implemented on the backend) and `run` to execute one or all implemented checks.",
+    usage: "chainpatrol healthchecks <list|run <id>|run --all>",
+    options: ["--org <slug>          Organization slug (required for `run`)"],
+    examples: [
+      "chainpatrol healthchecks list",
+      "chainpatrol healthchecks run --all --org acme",
+      "chainpatrol healthchecks run reviewing.backlog --org acme",
+      "chainpatrol healthchecks run takedowns.stale-in-progress --org acme"
+    ]
+  },
+  "healthchecks list": {
+    description: "List every healthcheck the platform exposes. Each entry reports whether it is implemented today; not-yet-implemented entries include a `notImplementedReason` you can surface to users.",
+    usage: "chainpatrol healthchecks list"
+  },
+  "healthchecks run": {
+    description: "Run a single healthcheck by id, or pass `--all` to run every implemented check in parallel and aggregate the results. Returns the uniform healthcheck shape (id, severity, observed, threshold, findings, suggestedAction).",
+    usage: "chainpatrol healthchecks run <id|--all> --org <slug>",
+    options: [
+      "--org <slug>          Organization slug (required)",
+      "--all                 Run every implemented healthcheck in parallel",
+      "--min-results <n>     Pass through to detections.silent-configs",
+      "--lookback-hours <n>  Pass through to detections.silent-configs"
+    ],
+    examples: [
+      "chainpatrol healthchecks run reviewing.backlog --org acme",
+      "chainpatrol healthchecks run --all --org acme"
+    ]
+  },
   presets: {
     description: "Run saved workflows for common jobs.",
     usage: "chainpatrol presets <list|run <id>>",
@@ -336,6 +365,7 @@ function getTopLevelHelp() {
     "    logout        Clear stored credentials",
     "    configs       Manage detection configs",
     "    detections    Validate, run, update detection configs",
+    "    healthchecks  List and run organization healthchecks",
     "    metrics       Query organization metrics and breakdowns",
     "    reports       Create and list reports from terminal",
     "    queues        Snapshot operations review/takedown queues",
@@ -504,6 +534,7 @@ var COMMANDS = [
   "logout",
   "configs",
   "detections",
+  "healthchecks",
   "metrics",
   "reports",
   "queues",
@@ -686,12 +717,12 @@ function parseAttachmentUrls() {
 }
 async function handleConfigsList(org) {
   if (jsonMode) {
-    const { listConfigsJson } = await import("./list-json-SUZL2GBJ.js");
+    const { listConfigsJson } = await import("./list-json-WTMYLZGY.js");
     await listConfigsJson({ org });
     return;
   }
   const { render } = await import("ink");
-  const { default: ConfigsList } = await import("./list-TMFLCS5U.js");
+  const { default: ConfigsList } = await import("./list-GEMCFDD5.js");
   const { default: React } = await import("react");
   render(React.createElement(ConfigsList, { org }));
 }
@@ -789,7 +820,7 @@ async function main() {
     case "detections": {
       const org = await resolveOrg();
       if (subcommand === "healthcheck") {
-        const { runDetectionsHealthcheck } = await import("./healthcheck-SIE5EXN3.js");
+        const { runDetectionsHealthcheck } = await import("./healthcheck-KAONRGSS.js");
         await runDetectionsHealthcheck({
           org,
           source: cli.flags.source,
@@ -804,7 +835,7 @@ async function main() {
         break;
       }
       if (subcommand === "validate") {
-        const { runDetectionsValidate } = await import("./validate-II6GH6H6.js");
+        const { runDetectionsValidate } = await import("./validate-BJFEKI2N.js");
         await runDetectionsValidate({
           org,
           source: cli.flags.source,
@@ -819,7 +850,7 @@ async function main() {
         break;
       }
       if (subcommand === "drift") {
-        const { runDetectionsDrift } = await import("./drift-PASGDEEX.js");
+        const { runDetectionsDrift } = await import("./drift-DZ6A7JL5.js");
         await runDetectionsDrift({
           org,
           source: cli.flags.source,
@@ -833,7 +864,7 @@ async function main() {
         break;
       }
       if (subcommand === "run") {
-        const { runDetectionsRun } = await import("./run-MGOASUON.js");
+        const { runDetectionsRun } = await import("./run-43CC5AXR.js");
         await runDetectionsRun({
           org,
           configId: cli.flags.configId,
@@ -852,7 +883,7 @@ async function main() {
           break;
         }
         if (action === "run") {
-          const { runDetectionsRun } = await import("./run-MGOASUON.js");
+          const { runDetectionsRun } = await import("./run-43CC5AXR.js");
           await runDetectionsRun({
             org,
             configId: cli.flags.configId,
@@ -870,7 +901,7 @@ async function main() {
             throw new Error("detections configs update requires --config-id");
           }
           const configPatch = getConfigPatchFromSetFlags();
-          const { runDetectionsConfigsUpdate } = await import("./configs-update-VOWH674W.js");
+          const { runDetectionsConfigsUpdate } = await import("./configs-update-RPN32YTL.js");
           await runDetectionsConfigsUpdate({
             org,
             configId: cli.flags.configId,
@@ -897,7 +928,7 @@ async function main() {
     case "metrics": {
       const org = await resolveOrg();
       if (subcommand === "summary") {
-        const { runMetricsSummary } = await import("./summary-QORQFCMW.js");
+        const { runMetricsSummary } = await import("./summary-6NCA7PDP.js");
         await runMetricsSummary({
           org,
           from: cli.flags.from,
@@ -909,7 +940,7 @@ async function main() {
         break;
       }
       if (subcommand === "found") {
-        const { runMetricsFound } = await import("./found-TIW7T4VX.js");
+        const { runMetricsFound } = await import("./found-AOPBSLRD.js");
         await runMetricsFound({
           org,
           from: cli.flags.from,
@@ -926,7 +957,7 @@ async function main() {
         if (!by || !["day", "type", "brand"].includes(by)) {
           throw new Error("metrics breakdown requires --by <day|type|brand>");
         }
-        const { runMetricsBreakdown } = await import("./breakdown-FFNYSXRQ.js");
+        const { runMetricsBreakdown } = await import("./breakdown-EBSACUST.js");
         await runMetricsBreakdown({
           org,
           by,
@@ -946,7 +977,7 @@ async function main() {
     case "reports": {
       if (subcommand === "list") {
         const org = await resolveOrg();
-        const { runReportsList } = await import("./list-CEWBMKJ3.js");
+        const { runReportsList } = await import("./list-MWDFCHMJ.js");
         await runReportsList({
           org,
           limit: cli.flags.limit,
@@ -962,7 +993,7 @@ async function main() {
       }
       if (subcommand === "create") {
         const org = await tryResolveOrg();
-        const { runReportsCreate } = await import("./create-ASGUBKZ7.js");
+        const { runReportsCreate } = await import("./create-QP3M7EZM.js");
         await runReportsCreate({
           org,
           title: cli.flags.title,
@@ -986,7 +1017,7 @@ async function main() {
     }
     case "queues": {
       if (subcommand === "snapshot") {
-        const { runQueuesSnapshot } = await import("./snapshot-MQ6DWDFG.js");
+        const { runQueuesSnapshot } = await import("./snapshot-E3TPZOKT.js");
         await runQueuesSnapshot({
           org: cli.flags.org,
           all: cli.flags.all,
@@ -1002,9 +1033,41 @@ async function main() {
         subcommand ? `Unknown subcommand: queues ${subcommand}${hint ? `. Did you mean "queues ${hint}"?` : ""}` : "Usage: chainpatrol queues snapshot [--org <slug>|--all]"
       );
     }
+    case "healthchecks": {
+      if (subcommand === "list") {
+        const { runHealthchecksList } = await import("./list-UW63DIKX.js");
+        await runHealthchecksList({
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat
+        });
+        break;
+      }
+      if (subcommand === "run") {
+        const org = await resolveOrg();
+        const thresholds = {};
+        if (cli.flags.minResults !== void 0)
+          thresholds.minResults = cli.flags.minResults;
+        if (cli.flags.lookbackHours !== void 0)
+          thresholds.lookbackHours = cli.flags.lookbackHours;
+        const { runHealthchecksRun } = await import("./run-7THXM7GF.js");
+        await runHealthchecksRun({
+          org,
+          id: action,
+          all: cli.flags.all,
+          thresholds,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat
+        });
+        break;
+      }
+      const hint = subcommand ? suggest(subcommand, ["list", "run"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: healthchecks ${subcommand}${hint ? `. Did you mean "healthchecks ${hint}"?` : ""}` : "Usage: chainpatrol healthchecks <list|run <id>>"
+      );
+    }
     case "presets": {
       if (subcommand === "list") {
-        const { runPresetsList } = await import("./list-KTIZ3UHA.js");
+        const { runPresetsList } = await import("./list-LN6NOZIJ.js");
         await runPresetsList({ outputFormat: cliContext.outputFormat });
         break;
       }
@@ -1015,7 +1078,7 @@ async function main() {
           );
         }
         const org = await resolveOrg();
-        const { runPresetsRun } = await import("./run-3TTLZ6HA.js");
+        const { runPresetsRun } = await import("./run-MH5RYPWA.js");
         await runPresetsRun({
           presetId: action,
           org,
@@ -1032,12 +1095,12 @@ async function main() {
     case "setup":
     case "install":
     case "i": {
-      const { setupSkill } = await import("./setup-skill-PCUBJJYU.js");
+      const { setupSkill } = await import("./setup-skill-2SEVH3M6.js");
       setupSkill({ json: jsonMode });
       break;
     }
     case "uninstall": {
-      const { uninstallSkill } = await import("./setup-skill-PCUBJJYU.js");
+      const { uninstallSkill } = await import("./setup-skill-2SEVH3M6.js");
       uninstallSkill({ json: jsonMode });
       break;
     }

package/dist/{configs-update-VOWH674W.js → configs-update-RPN32YTL.js}

@@ -7,7 +7,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{create-ASGUBKZ7.js → create-QP3M7EZM.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{drift-PASGDEEX.js → drift-DZ6A7JL5.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{found-TIW7T4VX.js → found-AOPBSLRD.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import {
   DateTime

package/dist/{healthcheck-SIE5EXN3.js → healthcheck-KAONRGSS.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-TMFLCS5U.js → list-GEMCFDD5.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-JCMWDZYY.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import {
   AuthCorruptedError,
   AuthExpiredError,

package/dist/{list-KTIZ3UHA.js → list-LN6NOZIJ.js}

@@ -1,12 +1,12 @@
 import {
   PRESETS
-} from "./chunk-WBKCXGLV.js";
+} from "./chunk-PIYOWGBZ.js";
 import "./chunk-E2LAMILJ.js";
 import {
   printOutput,
   toCsvRows
 } from "./chunk-VFT3TD3E.js";
-import "./chunk-44FSS3CZ.js";
+import "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-CEWBMKJ3.js → list-MWDFCHMJ.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/list-UW63DIKX.js

@@ -0,0 +1,73 @@
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-MXUZR2BV.js";
+import "./chunk-EEG7T6WT.js";
+import "./chunk-TFCNKBRC.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/healthchecks/list.ts
+async function runHealthchecksList(options) {
+  const client = options.apiClient ?? createApiClient();
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const result = await client.listHealthchecks();
+  printOutput({
+    outputFormat,
+    json: result,
+    markdown: [
+      "# Healthchecks",
+      "",
+      ...result.checks.map((entry) => {
+        const status = entry.implemented ? "implemented" : "not-implemented";
+        const lines = [
+          `## ${entry.id}  _(${status})_`,
+          `- Title: ${entry.title}`,
+          `- Category: ${entry.category}`,
+          `- Description: ${entry.description}`
+        ];
+        if (entry.endpoint) {
+          lines.push(`- Endpoint: \`${entry.endpoint}\``);
+        }
+        if (entry.notImplementedReason) {
+          lines.push(`- Not yet implemented: ${entry.notImplementedReason}`);
+        }
+        return lines.join("\n");
+      })
+    ].join("\n\n"),
+    csv: toCsvRows(
+      result.checks.map((entry) => ({
+        id: entry.id,
+        category: entry.category,
+        implemented: entry.implemented,
+        title: entry.title,
+        endpoint: entry.endpoint ?? ""
+      }))
+    ),
+    human: () => {
+      const implemented = result.checks.filter((entry) => entry.implemented);
+      const notImplemented = result.checks.filter((entry) => !entry.implemented);
+      console.log(
+        `Healthchecks: ${implemented.length} implemented, ${notImplemented.length} not yet implemented (planned)`
+      );
+      console.log("");
+      console.log("Implemented:");
+      for (const entry of implemented) {
+        console.log(`  \u2713 ${entry.id}  [${entry.category}]  ${entry.title}`);
+      }
+      console.log("");
+      console.log("Not yet implemented (data gaps; follow-up tracked):");
+      for (const entry of notImplemented) {
+        console.log(`  \xB7 ${entry.id}  [${entry.category}]  ${entry.title}`);
+        if (entry.notImplementedReason) {
+          console.log(`      ${entry.notImplementedReason}`);
+        }
+      }
+    }
+  });
+}
+export {
+  runHealthchecksList
+};

package/dist/{list-json-SUZL2GBJ.js → list-json-WTMYLZGY.js}

@@ -1,6 +1,6 @@
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{run-MGOASUON.js → run-43CC5AXR.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/run-7THXM7GF.js

@@ -0,0 +1,209 @@
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-MXUZR2BV.js";
+import "./chunk-EEG7T6WT.js";
+import "./chunk-TFCNKBRC.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/healthchecks/run.ts
+function buildPayload(entry, org, thresholds) {
+  const payload = { slug: org };
+  const allowedKeys = /* @__PURE__ */ new Set([
+    ...Object.keys(entry.defaultThreshold ?? {}),
+    "source",
+    "minResults",
+    "lookbackHours",
+    "runBeforeValidate",
+    "includeDisabled",
+    "warnThreshold",
+    "failThreshold",
+    "warnAgeHours",
+    "failAgeHours",
+    "staleThresholdHours"
+  ]);
+  for (const [key, value] of Object.entries(thresholds)) {
+    if (allowedKeys.has(key)) {
+      payload[key] = value;
+    }
+  }
+  return payload;
+}
+function statusSymbol(severity) {
+  if (severity === "ok") return "\u2713";
+  if (severity === "warn") return "\u26A0";
+  return "\u2717";
+}
+function statusLabel(severity) {
+  if (severity === "ok") return "DONE";
+  if (severity === "warn") return "WARN";
+  return "FAIL";
+}
+function summariseObserved(result) {
+  const parts = Object.entries(result.observed).slice(0, 4).map(([key, value]) => `${key}=${value}`);
+  return parts.join(", ");
+}
+async function runHealthchecksRun(options) {
+  const client = options.apiClient ?? createApiClient();
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const thresholds = options.thresholds ?? {};
+  const isMachineFormat = outputFormat !== "human";
+  const registry = await client.listHealthchecks();
+  const targets = [];
+  if (options.all) {
+    for (const entry of registry.checks) {
+      if (entry.implemented && entry.endpoint) targets.push(entry);
+    }
+  } else if (options.id) {
+    const entry = registry.checks.find((item) => item.id === options.id);
+    if (!entry) {
+      throw new CliExitError(
+        `Unknown healthcheck id: '${options.id}'. Run 'chainpatrol healthchecks list' to see available checks.`,
+        ExitCode.USAGE
+      );
+    }
+    if (!entry.implemented || !entry.endpoint) {
+      throw new CliExitError(
+        `Healthcheck '${entry.id}' is not yet implemented on the backend.${entry.notImplementedReason ? ` Reason: ${entry.notImplementedReason}` : ""}`,
+        ExitCode.USAGE
+      );
+    }
+    targets.push(entry);
+  } else {
+    throw new CliExitError(
+      "Provide a healthcheck id or --all. Example: 'chainpatrol healthchecks run reviewing.backlog --org acme' or 'chainpatrol healthchecks run --all --org acme'.",
+      ExitCode.USAGE
+    );
+  }
+  if (targets.length === 0) {
+    throw new CliExitError(
+      "No implemented healthchecks available to run.",
+      ExitCode.USAGE
+    );
+  }
+  const tasks = targets.map(async (entry) => {
+    if (!isMachineFormat) {
+      console.log(`Running ${entry.id} for ${options.org}\u2026`);
+    }
+    try {
+      const result = await client.runHealthcheck(
+        entry.endpoint,
+        buildPayload(entry, options.org, thresholds)
+      );
+      if (!isMachineFormat) {
+        const detail = summariseObserved(result);
+        console.log(
+          `${statusLabel(result.severity)} \u2014 ${entry.id} ${statusSymbol(result.severity)} (${detail})`
+        );
+      }
+      return { entry, result, error: null };
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      if (!isMachineFormat) {
+        console.log(`FAIL \u2014 ${entry.id} \u2717 (error: ${message})`);
+      }
+      return { entry, result: null, error: message };
+    }
+  });
+  const settled = await Promise.all(tasks);
+  const results = settled.filter(
+    (entry) => entry.result !== null
+  );
+  const errors = settled.filter((entry) => entry.error !== null);
+  const overallOk = results.every((entry) => entry.result.ok) && errors.length === 0;
+  printOutput({
+    outputFormat,
+    json: {
+      org: options.org,
+      ok: overallOk,
+      results: results.map((entry) => entry.result),
+      errors: errors.map((entry) => ({ id: entry.entry.id, error: entry.error }))
+    },
+    markdown: [
+      `# Healthchecks (${options.org})`,
+      "",
+      `Overall: ${overallOk ? "OK" : "ISSUES FOUND"}`,
+      "",
+      ...results.map((entry) => {
+        const lines = [
+          `## ${entry.result.id} \u2014 ${statusLabel(entry.result.severity)}`,
+          `- Title: ${entry.result.title}`,
+          `- Severity: ${entry.result.severity}`,
+          `- Observed: ${JSON.stringify(entry.result.observed)}`,
+          `- Threshold: ${JSON.stringify(entry.result.threshold)}`
+        ];
+        if (entry.result.findings.length > 0) {
+          lines.push("- Findings:");
+          for (const finding of entry.result.findings) {
+            lines.push(
+              `  - [${finding.severity}] ${finding.kind}${finding.ref ? ` (${finding.ref})` : ""}: ${finding.message}`
+            );
+          }
+        }
+        if (entry.result.suggestedAction) {
+          lines.push(`- Suggested action: ${entry.result.suggestedAction}`);
+        }
+        return lines.join("\n");
+      }),
+      ...errors.map((entry) => `## ${entry.entry.id} \u2014 ERROR
+- ${entry.error}`)
+    ].join("\n\n"),
+    csv: toCsvRows(
+      results.map((entry) => ({
+        id: entry.result.id,
+        severity: entry.result.severity,
+        ok: entry.result.ok,
+        observed: JSON.stringify(entry.result.observed),
+        threshold: JSON.stringify(entry.result.threshold),
+        findings: entry.result.findings.length
+      }))
+    ),
+    human: () => {
+      if (targets.length > 1) {
+        console.log("");
+        console.log("Summary:");
+        for (const entry of results) {
+          console.log(
+            `  ${statusSymbol(entry.result.severity)} ${entry.result.id}  ${statusLabel(entry.result.severity)}  ${summariseObserved(entry.result)}`
+          );
+        }
+        for (const entry of errors) {
+          console.log(`  \u2717 ${entry.entry.id}  FAIL  error=${entry.error}`);
+        }
+      }
+      for (const entry of results) {
+        if (entry.result.findings.length > 0) {
+          console.log("");
+          console.log(`Findings for ${entry.result.id}:`);
+          for (const finding of entry.result.findings) {
+            const ref = finding.ref ? ` (${finding.ref})` : "";
+            console.log(
+              `  [${finding.severity}] ${finding.kind}${ref}: ${finding.message}`
+            );
+          }
+        }
+        if (entry.result.suggestedAction) {
+          console.log("");
+          console.log(`Suggested action for ${entry.result.id}:`);
+          console.log(`  ${entry.result.suggestedAction}`);
+        }
+      }
+    }
+  });
+  if (!overallOk) {
+    throw new CliExitError(
+      "One or more healthchecks failed or errored.",
+      ExitCode.CHECK_FAILED
+    );
+  }
+}
+export {
+  runHealthchecksRun
+};

package/dist/{run-3TTLZ6HA.js → run-MH5RYPWA.js}

@@ -1,13 +1,13 @@
 import {
   getPresetDefinition,
   runPreset
-} from "./chunk-WBKCXGLV.js";
+} from "./chunk-PIYOWGBZ.js";
 import {
   CliExitError,
   ExitCode
 } from "./chunk-E2LAMILJ.js";
 import "./chunk-VFT3TD3E.js";
-import "./chunk-44FSS3CZ.js";
+import "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{setup-skill-PCUBJJYU.js → setup-skill-2SEVH3M6.js}

@@ -6,7 +6,7 @@ import {
   readInstalledSkillVersion,
   setupSkill,
   uninstallSkill
-} from "./chunk-DOL35U2S.js";
+} from "./chunk-F4GU6AII.js";
 import "./chunk-IUZB3DQW.js";
 export {
   getBundledSkillContent,

package/dist/{snapshot-MQ6DWDFG.js → snapshot-E3TPZOKT.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{summary-QORQFCMW.js → summary-6NCA7PDP.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{validate-II6GH6H6.js → validate-BJFEKI2N.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-44FSS3CZ.js";
+} from "./chunk-MXUZR2BV.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/package.json

@@ -2,7 +2,7 @@
   "name": "@chainpatrol/cli",
   "description": "The official ChainPatrol CLI — terminal interface for threat detection",
   "author": "Umar Ahmed <umar@chainpatrol.io>",
-  "version": "0.3.4",
+  "version": "0.4.1",
   "license": "UNLICENSED",
   "homepage": "https://chainpatrol.com/docs/cli",
   "keywords": [