@chainpatrol/cli 0.5.0 → 0.7.0

package/CHANGELOG.md

@@ -1,5 +1,33 @@
 # @chainpatrol/cli
 
+## 0.7.0
+
+### Minor Changes
+
+- c170343: Add `chainpatrol setup --cloud` flag that also installs a Claude Code
+  SessionStart hook at `~/.claude/hooks/chainpatrol-login.sh` and registers
+  it in `~/.claude/settings.json`. When the user has no chainpatrol
+  credentials, the hook emits SessionStart `additionalContext` so Claude
+  surfaces the device-code login URL on the first user turn — useful for
+  cloud Claude Code environments that can't run the interactive login from
+  a container startup script. The hook is a silent no-op once the user is
+  authenticated. Local installs (without `--cloud`) leave Claude Code
+  hooks untouched. `chainpatrol uninstall` always removes the hook if
+  present, without disturbing unrelated hooks or settings.
+
+## 0.6.0
+
+### Minor Changes
+
+- 575b671: Add `chainpatrol orgs list` — lists organizations accessible to the caller along with each org's subscription status and active/automated service flags (reporting, reviewing, protection, takedowns, detection, dark web monitoring). Filter flags compose with AND and are applied server-side:
+
+  - `--subscription-status <list>` — comma-separated `PROSPECT`, `TRIAL`, `ACTIVE`, `INTEGRATION` (`INACTIVE` is intentionally not reachable through this filter)
+  - `--service-active <list>` / `--service-inactive <list>` — services that must be active / inactive
+  - `--service-automated <list>` / `--service-manual <list>` — services whose automation must be on / off (`reporting`, `reviewing`, `protection`, `takedowns`)
+  - `--query <text>` — partial name match
+
+  Use cases: "which ACTIVE customers have takedowns enabled but automation off", "which prospects don't have detection turned on yet". The bundled CLI skill gets a new `orgs list` section under the `queues snapshot` heading.
+
 ## 0.5.0
 
 ### Minor Changes

package/dist/{breakdown-EBSACUST.js → breakdown-AX6QNTQH.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{chunk-PIYOWGBZ.js → chunk-AGXMZFUU.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";

package/dist/{chunk-MXUZR2BV.js → chunk-LLWKCA3H.js}

@@ -147,6 +147,9 @@ function createApiClient(options) {
     },
     runHealthcheck(endpoint, input) {
       return request(endpoint, input);
+    },
+    getUserOrgs(input) {
+      return request("/user/orgs", input);
     }
   };
 }

package/dist/{chunk-BSK4YHFA.js → chunk-ZN3VMRWG.js}

@@ -4,13 +4,125 @@ import {
 } from "./chunk-IUZB3DQW.js";
 
 // src/commands/setup-skill.ts
-import { mkdirSync, writeFileSync, existsSync, readFileSync as readFileSync2, rmSync } from "fs";
-import { join } from "path";
+import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync2, existsSync as existsSync2, readFileSync as readFileSync3, rmSync } from "fs";
+import { join as join2 } from "path";
+import { homedir as homedir2 } from "os";
+
+// src/commands/login-hook.ts
+import { mkdirSync, writeFileSync, readFileSync, existsSync, unlinkSync } from "fs";
 import { homedir } from "os";
+import { join, dirname } from "path";
+var CLAUDE_DIR = join(homedir(), ".claude");
+var HOOK_DIR = join(CLAUDE_DIR, "hooks");
+var HOOK_FILE = join(HOOK_DIR, "chainpatrol-login.sh");
+var SETTINGS_FILE = join(CLAUDE_DIR, "settings.json");
+var HOOK_SCRIPT = `#!/bin/bash
+# chainpatrol auto-login hook \u2014 installed by \`chainpatrol setup\`.
+# On Claude Code session start, if the user has no chainpatrol credentials,
+# emit additionalContext so Claude surfaces the device-code login URL on
+# the first user turn. Safe to run repeatedly: no-ops once authenticated.
+set -uo pipefail
+
+CONFIG_DIR="\${CHAINPATROL_CONFIG_DIR:-$HOME/.chainpatrol}"
+if [ -s "$CONFIG_DIR/credentials.json" ]; then
+  exit 0
+fi
+
+# Only nudge when the CLI is reachable \u2014 otherwise we'd ask Claude to run
+# a command that isn't installed.
+if ! command -v chainpatrol >/dev/null 2>&1 \\
+   && [ ! -x /usr/local/bin/chainpatrol ] \\
+   && ! ls /opt/node*/bin/chainpatrol >/dev/null 2>&1; then
+  exit 0
+fi
+
+cat <<'JSON'
+{"hookSpecificOutput":{"hookEventName":"SessionStart","additionalContext":"chainpatrol auto-login: the user is not authenticated with ChainPatrol (no credentials.json found). If the user's task involves ChainPatrol or the chainpatrol CLI, start \`chainpatrol login\` in the background per the /chainpatrol skill's headless runbook (background + tail /tmp/cp-login.out) and surface the verification URL before doing anything else. If the user's task is unrelated, ignore this notice."}}
+JSON
+exit 0
+`;
+function installLoginHook() {
+  mkdirSync(HOOK_DIR, { recursive: true });
+  const hookWritten = !existsSync(HOOK_FILE) || readFileSync(HOOK_FILE, "utf-8") !== HOOK_SCRIPT;
+  if (hookWritten) {
+    writeFileSync(HOOK_FILE, HOOK_SCRIPT, { mode: 493 });
+  }
+  const settingsUpdated = registerHookInSettings();
+  return {
+    hookPath: HOOK_FILE,
+    hookWritten,
+    settingsPath: SETTINGS_FILE,
+    settingsUpdated
+  };
+}
+function uninstallLoginHook() {
+  let hookRemoved = false;
+  if (existsSync(HOOK_FILE)) {
+    unlinkSync(HOOK_FILE);
+    hookRemoved = true;
+  }
+  const settingsUpdated = unregisterHookFromSettings();
+  return { hookRemoved, settingsUpdated };
+}
+function readSettings() {
+  if (!existsSync(SETTINGS_FILE)) return {};
+  const raw = readFileSync(SETTINGS_FILE, "utf-8");
+  if (raw.trim() === "") return {};
+  return JSON.parse(raw);
+}
+function writeSettings(settings) {
+  mkdirSync(dirname(SETTINGS_FILE), { recursive: true });
+  writeFileSync(SETTINGS_FILE, JSON.stringify(settings, null, 2) + "\n", {
+    mode: 420
+  });
+}
+function hasHookEntry(settings) {
+  const matchers = settings.hooks?.SessionStart;
+  if (!Array.isArray(matchers)) return false;
+  return matchers.some(
+    (matcher) => Array.isArray(matcher?.hooks) && matcher.hooks.some((h) => h?.command === HOOK_FILE)
+  );
+}
+function registerHookInSettings() {
+  const settings = readSettings();
+  if (hasHookEntry(settings)) return false;
+  const hooks = settings.hooks ??= {};
+  const sessionStart = hooks.SessionStart ??= [];
+  sessionStart.push({
+    hooks: [{ type: "command", command: HOOK_FILE }]
+  });
+  writeSettings(settings);
+  return true;
+}
+function unregisterHookFromSettings() {
+  if (!existsSync(SETTINGS_FILE)) return false;
+  const settings = readSettings();
+  const sessionStart = settings.hooks?.SessionStart;
+  if (!Array.isArray(sessionStart)) return false;
+  let changed = false;
+  const filtered = sessionStart.map((matcher) => {
+    if (!Array.isArray(matcher?.hooks)) return matcher;
+    const remaining = matcher.hooks.filter((h) => h?.command !== HOOK_FILE);
+    if (remaining.length === matcher.hooks.length) return matcher;
+    changed = true;
+    return remaining.length > 0 ? { ...matcher, hooks: remaining } : null;
+  }).filter((m) => m !== null);
+  if (!changed) return false;
+  if (filtered.length === 0) {
+    delete settings.hooks.SessionStart;
+    if (Object.keys(settings.hooks).length === 0) {
+      delete settings.hooks;
+    }
+  } else {
+    settings.hooks.SessionStart = filtered;
+  }
+  writeSettings(settings);
+  return true;
+}
 
 // src/lib/version.ts
-import { readFileSync } from "fs";
-import { dirname, resolve } from "path";
+import { readFileSync as readFileSync2 } from "fs";
+import { dirname as dirname2, resolve } from "path";
 import { fileURLToPath } from "url";
 var PACKAGE_NAME = "@chainpatrol/cli";
 var cached;
@@ -21,7 +133,7 @@ function getCliVersion() {
 }
 function resolveCliVersion() {
   try {
-    const here = dirname(fileURLToPath(import.meta.url));
+    const here = dirname2(fileURLToPath(import.meta.url));
     const candidates = [
       resolve(here, "..", "package.json"),
       resolve(here, "..", "..", "package.json")
@@ -36,7 +148,7 @@ function resolveCliVersion() {
 }
 function tryReadVersion(path) {
   try {
-    const raw = readFileSync(path, "utf-8");
+    const raw = readFileSync2(path, "utf-8");
     const pkg = JSON.parse(raw);
     if (pkg.name === PACKAGE_NAME && typeof pkg.version === "string") {
       return pkg.version;
@@ -66,8 +178,8 @@ function compareVersions(a, b) {
 }
 
 // src/commands/setup-skill.ts
-var SKILL_DIR = join(homedir(), ".claude", "skills", "chainpatrol");
-var SKILL_FILE = join(SKILL_DIR, "SKILL.md");
+var SKILL_DIR = join2(homedir2(), ".claude", "skills", "chainpatrol");
+var SKILL_FILE = join2(SKILL_DIR, "SKILL.md");
 function buildSkillContent(version) {
   return `---
 name: chainpatrol
@@ -82,7 +194,9 @@ description: |
   "am I logged in", "list configs", "use the cli", "list reports",
   "customer reports", "reports reported by customer", "find detection gaps",
   "org healthcheck", "organization health check", "audit my org",
-  "what's wrong with org", "review org setup".
+  "what's wrong with org", "review org setup", "list orgs", "list organizations",
+  "orgs with takedowns off", "automation off across orgs",
+  "which customers have X enabled", "service toggles by org".
 allowed-tools:
   - Bash
   - Read
@@ -443,6 +557,51 @@ Guide. Key signals in the response:
 
 Use \`--all\` to snapshot every org you have access to instead of a single slug.
 
+### \`orgs list\` \u2014 List organizations with subscription status and service toggles
+
+Returns every organization the caller can see, with each org's
+subscription status (\`PROSPECT\`, \`TRIAL\`, \`ACTIVE\`, \`INTEGRATION\`) and
+which services are active and automated. Use it to answer questions like
+"which customers have takedowns enabled but automation off?" or "which
+prospects don't have detection turned on yet?" \u2014 filters compose with AND
+and are applied server-side, so one call returns the final list.
+
+\`\`\`bash
+chainpatrol --json orgs list \\
+  --subscription-status ACTIVE \\
+  --service-active takedowns \\
+  --service-manual takedowns
+\`\`\`
+
+Filter flags (all optional, all comma-separated lists):
+
+- \`--query <text>\` partial name match (substring, case-insensitive)
+- \`--subscription-status <list>\` one or more of \`PROSPECT\`, \`TRIAL\`,
+  \`ACTIVE\`, \`INTEGRATION\`. \`INACTIVE\` is intentionally not reachable
+  through this filter \u2014 \`orgs list\` only ever returns live customers.
+- \`--service-active <list>\` services that must be active
+- \`--service-inactive <list>\` services that must be inactive
+- \`--service-automated <list>\` services whose automation must be ON
+  (\`reporting\`, \`reviewing\`, \`protection\`, \`takedowns\` \u2014 the four
+  with an automation toggle)
+- \`--service-manual <list>\` services whose automation must be OFF
+  (same four)
+
+Service names: \`reporting\`, \`reviewing\`, \`protection\`, \`takedowns\`,
+\`detection\`, \`darkWebMonitoring\`.
+
+Customers see only orgs they're a member of. Staff/superuser sessions see
+every matching org. The response is the same in both cases; visibility is
+enforced server-side.
+
+#### Use case: finding service configuration gaps across the customer base
+
+When the user asks something like "which customers are paying us but don't
+have takedowns automated yet?" or "any orgs running detection without
+takedowns?", reach for \`orgs list\` \u2014 it's the only command that exposes
+service flags across multiple orgs in one call. Run it in \`--json\` mode
+and summarize patterns by service or by subscription tier.
+
 ### \`metrics summary | found | breakdown\` \u2014 Org metrics for spike/drop analysis
 
 \`\`\`bash
@@ -924,16 +1083,16 @@ function getBundledSkillContent() {
   return buildSkillContent(getCliVersion());
 }
 function readInstalledSkillVersion() {
-  if (!existsSync(SKILL_FILE)) return void 0;
+  if (!existsSync2(SKILL_FILE)) return void 0;
   try {
-    const raw = readFileSync2(SKILL_FILE, "utf-8");
+    const raw = readFileSync3(SKILL_FILE, "utf-8");
     return parseSkillVersion(raw);
   } catch {
     return void 0;
   }
 }
 function isSkillInstalled() {
-  return existsSync(SKILL_FILE);
+  return existsSync2(SKILL_FILE);
 }
 function parseSkillVersion(content) {
   const fmMatch = content.match(/^---\r?\n([\s\S]*?)\r?\n---/);
@@ -954,66 +1113,94 @@ var LOGO = `
 `;
 function setupSkill(options) {
   const skillContent = buildSkillContent(getCliVersion());
-  const alreadyExists = existsSync(SKILL_FILE);
-  if (alreadyExists) {
-    const existing = readFileSync2(SKILL_FILE, "utf-8");
-    if (existing === skillContent) {
-      if (options.json) {
-        console.log(JSON.stringify({ status: "up-to-date", path: SKILL_FILE }));
-      } else {
-        console.log("Claude Code skill is already up to date.");
-      }
-      return;
-    }
+  const skillAlreadyExists = existsSync2(SKILL_FILE);
+  const skillUpToDate = skillAlreadyExists && readFileSync3(SKILL_FILE, "utf-8") === skillContent;
+  let skillStatus;
+  if (!skillAlreadyExists) {
+    mkdirSync2(SKILL_DIR, { recursive: true });
+    writeFileSync2(SKILL_FILE, skillContent, { mode: 420 });
+    skillStatus = "installed";
+  } else if (!skillUpToDate) {
+    writeFileSync2(SKILL_FILE, skillContent, { mode: 420 });
+    skillStatus = "updated";
+  } else {
+    skillStatus = "up-to-date";
   }
-  mkdirSync(SKILL_DIR, { recursive: true });
-  writeFileSync(SKILL_FILE, skillContent, { mode: 420 });
   const completionResult = installCompletions();
+  const loginHookResult = options.cloud ? installLoginHook() : null;
+  const completionsChanged = completionResult.installed || completionResult.configuredShellRc;
+  const loginHookChanged = loginHookResult != null && (loginHookResult.hookWritten || loginHookResult.settingsUpdated);
+  const overallStatus = skillStatus !== "up-to-date" ? skillStatus : completionsChanged || loginHookChanged ? "updated" : "up-to-date";
   if (options.json) {
     console.log(
       JSON.stringify({
-        status: alreadyExists ? "updated" : "installed",
+        status: overallStatus,
         path: SKILL_FILE,
-        completions: completionResult
+        skill: { status: skillStatus, path: SKILL_FILE },
+        completions: completionResult,
+        loginHook: loginHookResult
       })
     );
-  } else {
-    console.log(LOGO);
+    return;
+  }
+  if (overallStatus === "up-to-date") {
+    console.log("Claude Code skill, completions, and login hook are already up to date.");
+    return;
+  }
+  console.log(LOGO);
+  if (skillStatus === "installed") {
+    console.log(`Installed Claude Code skill at ${SKILL_FILE}`);
+  } else if (skillStatus === "updated") {
+    console.log(`Updated Claude Code skill at ${SKILL_FILE}`);
+  }
+  console.log("You can now use /chainpatrol in Claude Code from any project.");
+  if (loginHookChanged && loginHookResult) {
+    console.log(`Installed auto-login hook at ${loginHookResult.hookPath}`);
+    if (loginHookResult.settingsUpdated) {
+      console.log(`Registered SessionStart hook in ${loginHookResult.settingsPath}`);
+    }
+  }
+  if (completionResult.installed) {
     console.log(
-      alreadyExists ? `Updated Claude Code skill at ${SKILL_FILE}` : `Installed Claude Code skill at ${SKILL_FILE}`
+      `Installed ${completionResult.shell} completions at ${completionResult.path}`
     );
-    console.log("You can now use /chainpatrol in Claude Code from any project.");
-    if (completionResult.installed) {
-      console.log(
-        `Installed ${completionResult.shell} completions at ${completionResult.path}`
-      );
-      if (completionResult.configuredShellRc) {
-        console.log("Added completion config to ~/.zshrc");
-      }
-      console.log('Run "exec zsh" or open a new terminal to enable tab completion.');
+    if (completionResult.configuredShellRc) {
+      console.log("Added completion config to ~/.zshrc");
     }
+    console.log('Run "exec zsh" or open a new terminal to enable tab completion.');
   }
 }
 function uninstallSkill(options) {
-  if (!existsSync(SKILL_FILE)) {
-    if (options.json) {
-      console.log(JSON.stringify({ status: "not-installed" }));
-    } else {
-      console.log("Claude Code skill is not installed.");
-    }
-    return;
+  const skillInstalled = existsSync2(SKILL_FILE);
+  if (skillInstalled) {
+    rmSync(SKILL_DIR, { recursive: true });
   }
-  rmSync(SKILL_DIR, { recursive: true });
   const removedCompletions = uninstallCompletions();
+  const loginHookResult = uninstallLoginHook();
+  const removedAnything = skillInstalled || removedCompletions || loginHookResult.hookRemoved || loginHookResult.settingsUpdated;
   if (options.json) {
     console.log(
-      JSON.stringify({ status: "uninstalled", path: SKILL_FILE, removedCompletions })
+      JSON.stringify({
+        status: removedAnything ? "uninstalled" : "not-installed",
+        path: SKILL_FILE,
+        removedCompletions,
+        loginHook: loginHookResult
+      })
     );
-  } else {
+    return;
+  }
+  if (!removedAnything) {
+    console.log("Claude Code skill is not installed.");
+    return;
+  }
+  if (skillInstalled) {
     console.log("Removed Claude Code skill from " + SKILL_DIR);
-    if (removedCompletions) {
-      console.log("Removed shell completions.");
-    }
+  }
+  if (loginHookResult.hookRemoved || loginHookResult.settingsUpdated) {
+    console.log("Removed chainpatrol auto-login hook.");
+  }
+  if (removedCompletions) {
+    console.log("Removed shell completions.");
   }
 }
 

package/dist/cli.js

@@ -13,7 +13,7 @@ import {
   getCliVersion,
   isSkillInstalled,
   readInstalledSkillVersion
-} from "./chunk-BSK4YHFA.js";
+} from "./chunk-ZN3VMRWG.js";
 import "./chunk-IUZB3DQW.js";
 import {
   DateTime
@@ -281,6 +281,31 @@ var HELP = {
       "--window-hours <n>    Hours used for staleness windows"
     ]
   },
+  orgs: {
+    description: "List organizations accessible to you with subscription status and service toggles.",
+    usage: "chainpatrol orgs list [filters]",
+    examples: [
+      "chainpatrol orgs list",
+      "chainpatrol orgs list --subscription-status ACTIVE --service-active takedowns --service-manual takedowns"
+    ]
+  },
+  "orgs list": {
+    description: "List organizations with their subscription status and per-service active/automated flags. All filters compose with AND.",
+    usage: "chainpatrol orgs list [filters]",
+    options: [
+      "--query <text>             Partial name match (substring, case-insensitive)",
+      "--subscription-status <l>  Comma-separated list (PROSPECT,TRIAL,ACTIVE,INTEGRATION)",
+      "--service-active <l>       Comma-separated services that must be active",
+      "--service-inactive <l>     Comma-separated services that must be inactive",
+      "--service-automated <l>    Services whose automation must be ON (reporting,reviewing,protection,takedowns)",
+      "--service-manual <l>       Services whose automation must be OFF (reporting,reviewing,protection,takedowns)"
+    ],
+    examples: [
+      "chainpatrol orgs list --subscription-status ACTIVE",
+      "chainpatrol orgs list --service-active takedowns --service-manual takedowns",
+      "chainpatrol --json orgs list --subscription-status ACTIVE,TRIAL --service-active detection"
+    ]
+  },
   healthchecks: {
     description: "Run organization healthchecks via the public API. Use `list` to see every available check (including planned ones not yet implemented on the backend) and `run` to execute one or all implemented checks.",
     usage: "chainpatrol healthchecks <list|run <id>|run --all>",
@@ -329,7 +354,10 @@ var HELP = {
   },
   setup: {
     description: "Install Claude Code skill and shell completions.",
-    usage: "chainpatrol setup"
+    usage: "chainpatrol setup [--cloud]",
+    options: [
+      "--cloud              Also install a SessionStart hook that surfaces the device-code login URL when the user is not authenticated. Intended for Claude Code cloud / headless environments; omit for local installs."
+    ]
   },
   uninstall: {
     description: "Remove Claude Code skill and shell completions.",
@@ -369,6 +397,7 @@ function getTopLevelHelp() {
     "    metrics       Query organization metrics and breakdowns",
     "    reports       Create and list reports from terminal",
     "    queues        Snapshot operations review/takedown queues",
+    "    orgs          List organizations and filter by status/services",
     "    presets       Run saved workflows for common jobs",
     "    setup         Install Claude Code skill and shell completions",
     "    uninstall     Remove Claude Code skill and shell completions",
@@ -538,6 +567,7 @@ var COMMANDS = [
   "metrics",
   "reports",
   "queues",
+  "orgs",
   "presets",
   "setup",
   "uninstall",
@@ -614,11 +644,18 @@ ${getTopLevelHelp()}
     contactInfo: { type: "string" },
     externalSubmissionLink: { type: "string" },
     payloadFile: { type: "string" },
+    subscriptionStatus: { type: "string" },
+    serviceActive: { type: "string" },
+    serviceInactive: { type: "string" },
+    serviceAutomated: { type: "string" },
+    serviceManual: { type: "string" },
+    query: { type: "string" },
     help: { type: "boolean", shortFlag: "h" },
     version: { type: "boolean", shortFlag: "V" },
     quiet: { type: "boolean", default: false, shortFlag: "q" },
     noInput: { type: "boolean", default: false },
-    noColor: { type: "boolean", default: false }
+    noColor: { type: "boolean", default: false },
+    cloud: { type: "boolean", default: false }
   }
 });
 var [command, subcommand, action] = cli.input;
@@ -717,12 +754,12 @@ function parseAttachmentUrls() {
 }
 async function handleConfigsList(org) {
   if (jsonMode) {
-    const { listConfigsJson } = await import("./list-json-WTMYLZGY.js");
+    const { listConfigsJson } = await import("./list-json-LEKCCWQU.js");
     await listConfigsJson({ org });
     return;
   }
   const { render } = await import("ink");
-  const { default: ConfigsList } = await import("./list-GEMCFDD5.js");
+  const { default: ConfigsList } = await import("./list-5ENZAOFL.js");
   const { default: React } = await import("react");
   render(React.createElement(ConfigsList, { org }));
 }
@@ -820,7 +857,7 @@ async function main() {
     case "detections": {
       const org = await resolveOrg();
       if (subcommand === "healthcheck") {
-        const { runDetectionsHealthcheck } = await import("./healthcheck-KAONRGSS.js");
+        const { runDetectionsHealthcheck } = await import("./healthcheck-AQUXVKAO.js");
         await runDetectionsHealthcheck({
           org,
           source: cli.flags.source,
@@ -835,7 +872,7 @@ async function main() {
         break;
       }
       if (subcommand === "validate") {
-        const { runDetectionsValidate } = await import("./validate-BJFEKI2N.js");
+        const { runDetectionsValidate } = await import("./validate-27RUCN7R.js");
         await runDetectionsValidate({
           org,
           source: cli.flags.source,
@@ -850,7 +887,7 @@ async function main() {
         break;
       }
       if (subcommand === "drift") {
-        const { runDetectionsDrift } = await import("./drift-DZ6A7JL5.js");
+        const { runDetectionsDrift } = await import("./drift-VOKQJ36G.js");
         await runDetectionsDrift({
           org,
           source: cli.flags.source,
@@ -864,7 +901,7 @@ async function main() {
         break;
       }
       if (subcommand === "run") {
-        const { runDetectionsRun } = await import("./run-43CC5AXR.js");
+        const { runDetectionsRun } = await import("./run-OT2X46GT.js");
         await runDetectionsRun({
           org,
           configId: cli.flags.configId,
@@ -883,7 +920,7 @@ async function main() {
           break;
         }
         if (action === "run") {
-          const { runDetectionsRun } = await import("./run-43CC5AXR.js");
+          const { runDetectionsRun } = await import("./run-OT2X46GT.js");
           await runDetectionsRun({
             org,
             configId: cli.flags.configId,
@@ -901,7 +938,7 @@ async function main() {
             throw new Error("detections configs update requires --config-id");
           }
           const configPatch = getConfigPatchFromSetFlags();
-          const { runDetectionsConfigsUpdate } = await import("./configs-update-RPN32YTL.js");
+          const { runDetectionsConfigsUpdate } = await import("./configs-update-VROBC2HI.js");
           await runDetectionsConfigsUpdate({
             org,
             configId: cli.flags.configId,
@@ -928,7 +965,7 @@ async function main() {
     case "metrics": {
       const org = await resolveOrg();
       if (subcommand === "summary") {
-        const { runMetricsSummary } = await import("./summary-6NCA7PDP.js");
+        const { runMetricsSummary } = await import("./summary-JOCABBCO.js");
         await runMetricsSummary({
           org,
           from: cli.flags.from,
@@ -940,7 +977,7 @@ async function main() {
         break;
       }
       if (subcommand === "found") {
-        const { runMetricsFound } = await import("./found-AOPBSLRD.js");
+        const { runMetricsFound } = await import("./found-A5HRTJCJ.js");
         await runMetricsFound({
           org,
           from: cli.flags.from,
@@ -957,7 +994,7 @@ async function main() {
         if (!by || !["day", "type", "brand"].includes(by)) {
           throw new Error("metrics breakdown requires --by <day|type|brand>");
         }
-        const { runMetricsBreakdown } = await import("./breakdown-EBSACUST.js");
+        const { runMetricsBreakdown } = await import("./breakdown-AX6QNTQH.js");
         await runMetricsBreakdown({
           org,
           by,
@@ -977,7 +1014,7 @@ async function main() {
     case "reports": {
       if (subcommand === "list") {
         const org = await resolveOrg();
-        const { runReportsList } = await import("./list-MWDFCHMJ.js");
+        const { runReportsList } = await import("./list-CVFXTKNX.js");
         await runReportsList({
           org,
           limit: cli.flags.limit,
@@ -993,7 +1030,7 @@ async function main() {
       }
       if (subcommand === "create") {
         const org = await tryResolveOrg();
-        const { runReportsCreate } = await import("./create-QP3M7EZM.js");
+        const { runReportsCreate } = await import("./create-XTCUNT2C.js");
         await runReportsCreate({
           org,
           title: cli.flags.title,
@@ -1017,7 +1054,7 @@ async function main() {
     }
     case "queues": {
       if (subcommand === "snapshot") {
-        const { runQueuesSnapshot } = await import("./snapshot-E3TPZOKT.js");
+        const { runQueuesSnapshot } = await import("./snapshot-4QR4I67P.js");
         await runQueuesSnapshot({
           org: cli.flags.org,
           all: cli.flags.all,
@@ -1033,9 +1070,29 @@ async function main() {
         subcommand ? `Unknown subcommand: queues ${subcommand}${hint ? `. Did you mean "queues ${hint}"?` : ""}` : "Usage: chainpatrol queues snapshot [--org <slug>|--all]"
       );
     }
+    case "orgs": {
+      if (subcommand === "list") {
+        const { runOrgsList } = await import("./list-CGRHTFAS.js");
+        await runOrgsList({
+          query: cli.flags.query,
+          subscriptionStatus: cli.flags.subscriptionStatus,
+          serviceActive: cli.flags.serviceActive,
+          serviceInactive: cli.flags.serviceInactive,
+          serviceAutomated: cli.flags.serviceAutomated,
+          serviceManual: cli.flags.serviceManual,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat
+        });
+        break;
+      }
+      const hint = subcommand ? suggest(subcommand, ["list"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: orgs ${subcommand}${hint ? `. Did you mean "orgs ${hint}"?` : ""}` : "Usage: chainpatrol orgs list [--subscription-status <list>] [--service-active <list>] [--service-automated <list>] ..."
+      );
+    }
     case "healthchecks": {
       if (subcommand === "list") {
-        const { runHealthchecksList } = await import("./list-UW63DIKX.js");
+        const { runHealthchecksList } = await import("./list-PLZ67PNY.js");
         await runHealthchecksList({
           json: jsonMode,
           outputFormat: cliContext.outputFormat
@@ -1049,7 +1106,7 @@ async function main() {
           thresholds.minResults = cli.flags.minResults;
         if (cli.flags.lookbackHours !== void 0)
           thresholds.lookbackHours = cli.flags.lookbackHours;
-        const { runHealthchecksRun } = await import("./run-64SBCL4R.js");
+        const { runHealthchecksRun } = await import("./run-MS5SA5YL.js");
         await runHealthchecksRun({
           org,
           id: action,
@@ -1067,7 +1124,7 @@ async function main() {
     }
     case "presets": {
       if (subcommand === "list") {
-        const { runPresetsList } = await import("./list-LN6NOZIJ.js");
+        const { runPresetsList } = await import("./list-EYRN5JYC.js");
         await runPresetsList({ outputFormat: cliContext.outputFormat });
         break;
       }
@@ -1078,7 +1135,7 @@ async function main() {
           );
         }
         const org = await resolveOrg();
-        const { runPresetsRun } = await import("./run-MH5RYPWA.js");
+        const { runPresetsRun } = await import("./run-YHDUUP66.js");
         await runPresetsRun({
           presetId: action,
           org,
@@ -1095,12 +1152,12 @@ async function main() {
     case "setup":
     case "install":
     case "i": {
-      const { setupSkill } = await import("./setup-skill-NQIZBJMR.js");
-      setupSkill({ json: jsonMode });
+      const { setupSkill } = await import("./setup-skill-J7PZYVCE.js");
+      setupSkill({ json: jsonMode, cloud: cli.flags.cloud });
       break;
     }
     case "uninstall": {
-      const { uninstallSkill } = await import("./setup-skill-NQIZBJMR.js");
+      const { uninstallSkill } = await import("./setup-skill-J7PZYVCE.js");
       uninstallSkill({ json: jsonMode });
       break;
     }

package/dist/{configs-update-RPN32YTL.js → configs-update-VROBC2HI.js}

@@ -7,7 +7,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{create-QP3M7EZM.js → create-XTCUNT2C.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{drift-DZ6A7JL5.js → drift-VOKQJ36G.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{found-AOPBSLRD.js → found-A5HRTJCJ.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import {
   DateTime

package/dist/{healthcheck-KAONRGSS.js → healthcheck-AQUXVKAO.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-GEMCFDD5.js → list-5ENZAOFL.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-JCMWDZYY.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import {
   AuthCorruptedError,
   AuthExpiredError,

package/dist/list-CGRHTFAS.js

@@ -0,0 +1,182 @@
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-LLWKCA3H.js";
+import "./chunk-EEG7T6WT.js";
+import "./chunk-TFCNKBRC.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/orgs/list.ts
+var VALID_SUBSCRIPTION_STATUSES = /* @__PURE__ */ new Set([
+  "PROSPECT",
+  "TRIAL",
+  "ACTIVE",
+  "INTEGRATION"
+]);
+var DUAL_SERVICES = ["reporting", "reviewing", "protection", "takedowns"];
+var SINGLE_SERVICES = ["detection", "darkWebMonitoring"];
+var ALL_SERVICES = [...DUAL_SERVICES, ...SINGLE_SERVICES];
+function splitCsv(value) {
+  if (!value) return [];
+  return value.split(",").map((part) => part.trim()).filter(Boolean);
+}
+function parseSubscriptionStatuses(raw) {
+  const parts = splitCsv(raw);
+  if (parts.length === 0) return void 0;
+  const result = [];
+  for (const part of parts) {
+    const upper = part.toUpperCase();
+    if (!VALID_SUBSCRIPTION_STATUSES.has(upper)) {
+      throw new CliExitError(
+        `Unknown subscription status: '${part}'. Valid values: ${Array.from(VALID_SUBSCRIPTION_STATUSES).join(", ")}.`,
+        ExitCode.USAGE
+      );
+    }
+    result.push(upper);
+  }
+  return result;
+}
+function parseServiceList(raw, flagName) {
+  const parts = splitCsv(raw);
+  const result = [];
+  for (const part of parts) {
+    if (!ALL_SERVICES.includes(part)) {
+      throw new CliExitError(
+        `Unknown service '${part}' in --${flagName}. Valid services: ${ALL_SERVICES.join(", ")}.`,
+        ExitCode.USAGE
+      );
+    }
+    result.push(part);
+  }
+  return result;
+}
+function requireDualService(service, flagName) {
+  if (!DUAL_SERVICES.includes(service)) {
+    throw new CliExitError(
+      `Service '${service}' does not have an automation toggle and can't be used with --${flagName}. Use --service-active / --service-inactive instead.`,
+      ExitCode.USAGE
+    );
+  }
+  return service;
+}
+function buildServicesFilter(options) {
+  const filters = {};
+  const activeSetBy = /* @__PURE__ */ new Map();
+  const automatedSetBy = /* @__PURE__ */ new Map();
+  function setActive(service, active, flagName) {
+    const previous = activeSetBy.get(service);
+    if (previous && previous !== flagName) {
+      throw new CliExitError(
+        `Conflicting flags for service '${service}': --${previous} and --${flagName} can't both be passed.`,
+        ExitCode.USAGE
+      );
+    }
+    activeSetBy.set(service, flagName);
+    const existing = filters[service] ?? {};
+    filters[service] = { ...existing, active };
+  }
+  function setAutomated(service, automated, flagName) {
+    const previous = automatedSetBy.get(service);
+    if (previous && previous !== flagName) {
+      throw new CliExitError(
+        `Conflicting flags for service '${service}': --${previous} and --${flagName} can't both be passed.`,
+        ExitCode.USAGE
+      );
+    }
+    automatedSetBy.set(service, flagName);
+    const existing = filters[service] ?? {};
+    filters[service] = { ...existing, automated };
+  }
+  for (const service of parseServiceList(options.serviceActive, "service-active")) {
+    setActive(service, true, "service-active");
+  }
+  for (const service of parseServiceList(options.serviceInactive, "service-inactive")) {
+    setActive(service, false, "service-inactive");
+  }
+  for (const service of parseServiceList(options.serviceAutomated, "service-automated")) {
+    setAutomated(
+      requireDualService(service, "service-automated"),
+      true,
+      "service-automated"
+    );
+  }
+  for (const service of parseServiceList(options.serviceManual, "service-manual")) {
+    setAutomated(requireDualService(service, "service-manual"), false, "service-manual");
+  }
+  return Object.keys(filters).length > 0 ? filters : void 0;
+}
+function summarizeServices(org) {
+  const parts = [];
+  for (const service of DUAL_SERVICES) {
+    const entry = org.services[service];
+    if (!entry.active) continue;
+    parts.push(`${service}=${entry.automated ? "auto" : "manual"}`);
+  }
+  for (const service of SINGLE_SERVICES) {
+    if (org.services[service].active) parts.push(service);
+  }
+  return parts.length > 0 ? parts.join(" ") : "(no services enabled)";
+}
+async function runOrgsList(options) {
+  const client = options.apiClient ?? createApiClient();
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const input = {
+    query: options.query ?? "",
+    subscriptionStatus: parseSubscriptionStatuses(options.subscriptionStatus),
+    services: buildServicesFilter(options)
+  };
+  const result = await client.getUserOrgs(input);
+  const organizations = result.organizations;
+  printOutput({
+    outputFormat,
+    json: result,
+    markdown: [
+      `# Organizations (${organizations.length})`,
+      "",
+      ...organizations.map(
+        (org) => `- \`${org.slug}\` \u2014 ${org.name} \u2014 ${org.subscriptionStatus} \u2014 ${summarizeServices(org)}`
+      )
+    ].join("\n"),
+    csv: toCsvRows(
+      organizations.map((org) => ({
+        slug: org.slug,
+        name: org.name,
+        subscriptionStatus: org.subscriptionStatus,
+        reportingActive: org.services.reporting.active,
+        reportingAutomated: org.services.reporting.automated,
+        reviewingActive: org.services.reviewing.active,
+        reviewingAutomated: org.services.reviewing.automated,
+        protectionActive: org.services.protection.active,
+        protectionAutomated: org.services.protection.automated,
+        takedownsActive: org.services.takedowns.active,
+        takedownsAutomated: org.services.takedowns.automated,
+        detectionActive: org.services.detection.active,
+        darkWebMonitoringActive: org.services.darkWebMonitoring.active
+      }))
+    ),
+    human: () => {
+      if (organizations.length === 0) {
+        console.log("No organizations matched the filter.");
+        return;
+      }
+      console.log(`Found ${organizations.length} organization(s):`);
+      const slugWidth = Math.max(...organizations.map((org) => org.slug.length), 4);
+      const nameWidth = Math.max(...organizations.map((org) => org.name.length), 4);
+      for (const org of organizations) {
+        console.log(
+          `  ${org.slug.padEnd(slugWidth)}  ${org.name.padEnd(nameWidth)}  ${org.subscriptionStatus.padEnd(11)}  ${summarizeServices(org)}`
+        );
+      }
+    }
+  });
+}
+export {
+  runOrgsList
+};

package/dist/{list-MWDFCHMJ.js → list-CVFXTKNX.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-LN6NOZIJ.js → list-EYRN5JYC.js}

@@ -1,12 +1,12 @@
 import {
   PRESETS
-} from "./chunk-PIYOWGBZ.js";
+} from "./chunk-AGXMZFUU.js";
 import "./chunk-E2LAMILJ.js";
 import {
   printOutput,
   toCsvRows
 } from "./chunk-VFT3TD3E.js";
-import "./chunk-MXUZR2BV.js";
+import "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-UW63DIKX.js → list-PLZ67PNY.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-json-WTMYLZGY.js → list-json-LEKCCWQU.js}

@@ -1,6 +1,6 @@
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{run-64SBCL4R.js → run-MS5SA5YL.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{run-43CC5AXR.js → run-OT2X46GT.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{run-MH5RYPWA.js → run-YHDUUP66.js}

@@ -1,13 +1,13 @@
 import {
   getPresetDefinition,
   runPreset
-} from "./chunk-PIYOWGBZ.js";
+} from "./chunk-AGXMZFUU.js";
 import {
   CliExitError,
   ExitCode
 } from "./chunk-E2LAMILJ.js";
 import "./chunk-VFT3TD3E.js";
-import "./chunk-MXUZR2BV.js";
+import "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{setup-skill-NQIZBJMR.js → setup-skill-J7PZYVCE.js}

@@ -6,7 +6,7 @@ import {
   readInstalledSkillVersion,
   setupSkill,
   uninstallSkill
-} from "./chunk-BSK4YHFA.js";
+} from "./chunk-ZN3VMRWG.js";
 import "./chunk-IUZB3DQW.js";
 export {
   getBundledSkillContent,

package/dist/{snapshot-E3TPZOKT.js → snapshot-4QR4I67P.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{summary-6NCA7PDP.js → summary-JOCABBCO.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{validate-BJFEKI2N.js → validate-27RUCN7R.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-MXUZR2BV.js";
+} from "./chunk-LLWKCA3H.js";
 import "./chunk-EEG7T6WT.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/package.json

@@ -2,7 +2,7 @@
   "name": "@chainpatrol/cli",
   "description": "The official ChainPatrol CLI — terminal interface for threat detection",
   "author": "Umar Ahmed <umar@chainpatrol.io>",
-  "version": "0.5.0",
+  "version": "0.7.0",
   "license": "UNLICENSED",
   "homepage": "https://chainpatrol.com/docs/cli",
   "keywords": [