@chainpatrol/cli 0.7.0 → 0.9.0

package/CHANGELOG.md

@@ -1,5 +1,32 @@
 # @chainpatrol/cli
 
+## 0.9.0
+
+### Minor Changes
+
+- e2658e3: Add `chainpatrol asset check <content>` — look up a single URL, domain, or
+  crypto address against the ChainPatrol blocklist and external feeds and
+  return the aggregated status (`BLOCKED`, `ALLOWED`, or `UNKNOWN`) plus a
+  per-source breakdown. Supports `--json`, `--output markdown`, and
+  `--output csv` for agent/script use, and works with both device-code login
+  and `CHAINPATROL_API_KEY` env-var auth. The bundled `/chainpatrol` Claude
+  Code skill is updated to document the new command and to trigger on
+  phrases like "is this URL blocked" / "check this asset".
+
+## 0.8.0
+
+### Minor Changes
+
+- 11d074f: Support non-interactive authentication via the `CHAINPATROL_API_KEY` env
+  var. When set, the CLI sends it as the `x-api-key` header on API calls and
+  skips the device-code login flow entirely. `chainpatrol login` reports
+  "already authenticated via env var" instead of polling, and
+  `chainpatrol logout` refuses to no-op (it tells you to unset the env var).
+  Stored Better Auth bearer credentials are still used as a fallback when
+  the env var is unset. Headless service accounts (e.g. agent42) should mint
+  a USER-type API key via `/staff/api-keys` and set
+  `CHAINPATROL_API_KEY=cp_live_…` in their deployment env.
+
 ## 0.7.0
 
 ### Minor Changes

package/README.md

@@ -12,6 +12,7 @@ npm install -g chainpatrol
 
 ```bash
 chainpatrol login
+chainpatrol asset check https://phish.example
 chainpatrol configs list --org my-org
 chainpatrol --json configs list --org my-org
 chainpatrol detections healthcheck --org my-org --run
@@ -38,6 +39,19 @@ chainpatrol detections drift --org my-org --explain --output markdown
 chainpatrol queues snapshot --all --output csv
 ```
 
+### Asset commands
+
+```bash
+# look up a single asset against the ChainPatrol blocklist and external feeds
+chainpatrol asset check https://phish.example
+
+# JSON output for automation (returns status, per-source breakdown, watchStatus)
+chainpatrol --json asset check 0xabc123...
+
+# markdown summary
+chainpatrol asset check phish.example --output markdown
+```
+
 ### Detection commands
 
 ```bash

package/dist/{breakdown-AX6QNTQH.js → breakdown-63FAOVL7.js}

@@ -4,8 +4,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/check-YZRIAUOK.js

@@ -0,0 +1,85 @@
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
+import "./chunk-TFCNKBRC.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/asset/check.ts
+function statusLine(result) {
+  const watchTag = result.watchStatus ? ` watch=${result.watchStatus}` : "";
+  const reasonTag = result.reason ? ` reason=${result.reason}` : "";
+  return `${result.status} (source=${result.source}${reasonTag}${watchTag})`;
+}
+async function runAssetCheck(options) {
+  const content = options.content?.trim();
+  if (!content) {
+    throw new CliExitError(
+      "asset check requires an asset. Example: chainpatrol asset check https://example.com",
+      ExitCode.USAGE
+    );
+  }
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const client = options.apiClient ?? createApiClient();
+  const result = await client.assetCheck({ content });
+  printOutput({
+    outputFormat,
+    json: {
+      content,
+      ...result,
+      explanation: options.explain ? "Asset check aggregates ChainPatrol records and external sources to classify a domain, URL, or crypto address as BLOCKED, ALLOWED, or UNKNOWN." : void 0
+    },
+    markdown: [
+      `# Asset Check: ${content}`,
+      "",
+      `- Status: **${result.status}**`,
+      `- Source: ${result.source}`,
+      ...result.reason ? [`- Reason: ${result.reason}`] : [],
+      ...result.watchStatus ? [`- Watch status: ${result.watchStatus}`] : [],
+      ...result.message ? [`- Message: ${result.message}`] : [],
+      ...result.code ? [`- Code: ${result.code}`] : [],
+      "",
+      "## Per-source results",
+      "",
+      ...result.sources.map((entry) => `- ${entry.source}: ${entry.status}`)
+    ].join("\n"),
+    csv: toCsvRows(
+      result.sources.map((entry) => ({
+        content,
+        source: entry.source,
+        status: entry.status
+      }))
+    ),
+    human: () => {
+      console.log(`${content} -> ${statusLine(result)}`);
+      if (result.message) {
+        console.log(`Message: ${result.message}`);
+      }
+      if (result.code) {
+        console.log(`Code: ${result.code}`);
+      }
+      if (result.sources.length > 0) {
+        console.log("Sources:");
+        for (const entry of result.sources) {
+          console.log(`  - ${entry.source}: ${entry.status}`);
+        }
+      }
+      if (options.explain) {
+        console.log(
+          "Status is the aggregated verdict across ChainPatrol and external feeds; see the per-source rows for the underlying signals."
+        );
+      }
+    }
+  });
+}
+export {
+  runAssetCheck
+};

package/dist/{chunk-AGXMZFUU.js → chunk-BJISZ3CY.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
+} from "./chunk-RIKR2WFT.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";

package/dist/{chunk-EEG7T6WT.js → chunk-EGWK6SRQ.js}

@@ -139,6 +139,7 @@ function clearCredentials() {
   }
 }
 function isLoggedIn() {
+  if (hasApiKeyEnv()) return true;
   try {
     getValidCredentials();
     return true;
@@ -146,6 +147,9 @@ function isLoggedIn() {
     return false;
   }
 }
+function hasApiKeyEnv() {
+  return Boolean(process.env.CHAINPATROL_API_KEY?.trim());
+}
 function getValidCredentials() {
   const creds = getCredentials();
   const expiresMs = new Date(creds.expiresAt).getTime();
@@ -280,6 +284,7 @@ export {
   storeCredentials,
   clearCredentials,
   isLoggedIn,
+  hasApiKeyEnv,
   getValidCredentials,
   fetchUserEmail,
   requestDeviceCode,

package/dist/{chunk-ZN3VMRWG.js → chunk-P4L4N5LM.js}

@@ -1,7 +1,7 @@
 import {
   installCompletions,
   uninstallCompletions
-} from "./chunk-IUZB3DQW.js";
+} from "./chunk-Z76CUWSS.js";
 
 // src/commands/setup-skill.ts
 import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync2, existsSync as existsSync2, readFileSync as readFileSync3, rmSync } from "fs";
@@ -196,7 +196,9 @@ description: |
   "org healthcheck", "organization health check", "audit my org",
   "what's wrong with org", "review org setup", "list orgs", "list organizations",
   "orgs with takedowns off", "automation off across orgs",
-  "which customers have X enabled", "service toggles by org".
+  "which customers have X enabled", "service toggles by org",
+  "is this URL blocked", "is this domain blocked", "is this address blocked",
+  "check this asset", "asset check", "lookup asset status".
 allowed-tools:
   - Bash
   - Read
@@ -310,6 +312,32 @@ so the same background+tail pattern works without \`--json\`. Prefer
 chainpatrol logout
 \`\`\`
 
+### \`asset check\` \u2014 Check a single asset against the blocklist
+
+Look up a URL, domain, or crypto address and return its aggregated status
+(\`BLOCKED\`, \`ALLOWED\`, or \`UNKNOWN\`) plus a per-source breakdown
+(ChainPatrol + external feeds like eth-phishing-detect, phishfort, seal,
+polkadot-phishing). Works whether you're authenticated via device-code
+login or via a \`CHAINPATROL_API_KEY\` env var.
+
+\`\`\`bash
+chainpatrol asset check https://phish.example
+chainpatrol asset check 0xabc123...
+\`\`\`
+
+JSON mode (recommended for automations and agents \u2014 returns full
+\`{ status, source, reason?, sources[], watchStatus? }\`):
+
+\`\`\`bash
+chainpatrol --json asset check https://phish.example
+\`\`\`
+
+Markdown is also supported for sharing in docs / chat:
+
+\`\`\`bash
+chainpatrol asset check phish.example --output markdown
+\`\`\`
+
 ### \`configs list\` \u2014 List detection configurations
 
 Requires authentication and an organization slug.

package/dist/{chunk-EBJMOX3Q.js → chunk-PZV55KAR.js}

@@ -1,17 +1,22 @@
 import {
   fetchUserEmail,
   getCredentials,
+  hasApiKeyEnv,
   isLoggedIn,
   pollForToken,
   requestDeviceCode,
   storeCredentials
-} from "./chunk-EEG7T6WT.js";
+} from "./chunk-EGWK6SRQ.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";
 
 // src/lib/login-flow.ts
 async function runLoginFlow(emit) {
+  if (hasApiKeyEnv()) {
+    emit({ type: "already_logged_in", email: null });
+    return true;
+  }
   if (isLoggedIn()) {
     const creds = getCredentials();
     emit({ type: "already_logged_in", email: creds.email ?? null });

package/dist/{chunk-LLWKCA3H.js → chunk-RIKR2WFT.js}

@@ -1,6 +1,6 @@
 import {
   getValidCredentials
-} from "./chunk-EEG7T6WT.js";
+} from "./chunk-EGWK6SRQ.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";
@@ -18,20 +18,32 @@ function parseIsoDate(value) {
   return dt.toJSDate();
 }
 var REQUEST_TIMEOUT_MS = 3e4;
+function defaultGetCredential() {
+  const envKey = process.env.CHAINPATROL_API_KEY;
+  if (envKey && envKey.trim().length > 0) {
+    return { kind: "api-key", value: envKey.trim() };
+  }
+  return { kind: "bearer", value: getValidCredentials().accessToken };
+}
 function createApiClient(options) {
   const config = getConfig();
   const apiUrl = options?.apiUrl ?? config.apiUrl;
-  const getToken = options?.getToken ?? (() => getValidCredentials().accessToken);
+  const getCredential = options?.getCredential ?? (options?.getToken ? () => ({ kind: "bearer", value: options.getToken() }) : defaultGetCredential);
   async function request(path, body) {
-    const token = getToken();
+    const credential = getCredential();
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (credential.kind === "api-key") {
+      headers["x-api-key"] = credential.value;
+    } else {
+      headers["Authorization"] = `Bearer ${credential.value}`;
+    }
     let res;
     try {
       res = await fetch(`${apiUrl}/api/v2${path}`, {
         method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${token}`
-        },
+        headers,
         body: JSON.stringify(body),
         signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
       });
@@ -83,6 +95,9 @@ function createApiClient(options) {
     return await res.json();
   }
   return {
+    assetCheck(input) {
+      return request("/asset/check", input);
+    },
     listDetectionConfigs(slug) {
       return request("/detection/configs/list", { slug });
     },

package/dist/{chunk-IUZB3DQW.js → chunk-Z76CUWSS.js}

@@ -16,6 +16,7 @@ _chainpatrol() {
   commands=(
     'login:Authenticate with ChainPatrol'
     'logout:Clear stored credentials'
+    'asset:Check asset status against ChainPatrol'
     'configs:Manage detection configs'
     'detections:Validate and run detection configs'
     'metrics:Query organization metrics'
@@ -56,6 +57,11 @@ _chainpatrol() {
     _arguments -s $global_flags
   elif (( CURRENT == 3 )); then
     case "\${words[2]}" in
+      asset)
+        local -a asset_subcommands
+        asset_subcommands=('check:Check asset status against ChainPatrol')
+        _describe 'subcommand' asset_subcommands
+        ;;
       configs)
         local -a subcommands
         subcommands=('list:List detection configurations')
@@ -118,13 +124,17 @@ var BASH_COMPLETION = `_chainpatrol() {
   COMPREPLY=()
   cur="\${COMP_WORDS[COMP_CWORD]}"
   prev="\${COMP_WORDS[COMP_CWORD-1]}"
-  commands="login logout configs detections metrics reports queues presets setup uninstall completions help"
+  commands="login logout asset configs detections metrics reports queues presets setup uninstall completions help"
 
   case "\${prev}" in
     chainpatrol)
       COMPREPLY=( $(compgen -W "\${commands}" -- "\${cur}") )
       return 0
       ;;
+    asset)
+      COMPREPLY=( $(compgen -W "check" -- "\${cur}") )
+      return 0
+      ;;
     configs)
       COMPREPLY=( $(compgen -W "list" -- "\${cur}") )
       return 0

package/dist/cli.js

@@ -13,8 +13,8 @@ import {
   getCliVersion,
   isSkillInstalled,
   readInstalledSkillVersion
-} from "./chunk-ZN3VMRWG.js";
-import "./chunk-IUZB3DQW.js";
+} from "./chunk-P4L4N5LM.js";
+import "./chunk-Z76CUWSS.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";
@@ -91,6 +91,23 @@ var HELP = {
     description: "Clear stored credentials from this machine.",
     usage: "chainpatrol logout"
   },
+  asset: {
+    description: "Check whether an asset is BLOCKED, ALLOWED, or UNKNOWN.",
+    usage: "chainpatrol asset check <content>",
+    examples: [
+      "chainpatrol asset check https://phish.example",
+      "chainpatrol --json asset check 0xabc123\u2026"
+    ]
+  },
+  "asset check": {
+    description: "Look up an asset (URL, domain, or crypto address) against the ChainPatrol blocklist and external feeds. Returns the aggregated status plus a per-source breakdown.",
+    usage: "chainpatrol asset check <content>",
+    examples: [
+      "chainpatrol asset check https://phish.example",
+      "chainpatrol asset check phish.example --output markdown",
+      "chainpatrol --json asset check 0xabc123\u2026"
+    ]
+  },
   configs: {
     description: "Manage detection configs for an organization.",
     usage: "chainpatrol configs <list>",
@@ -391,6 +408,7 @@ function getTopLevelHelp() {
     "  Commands",
     "    login         Authenticate with ChainPatrol",
     "    logout        Clear stored credentials",
+    "    asset         Check asset status against ChainPatrol",
     "    configs       Manage detection configs",
     "    detections    Validate, run, update detection configs",
     "    healthchecks  List and run organization healthchecks",
@@ -561,6 +579,7 @@ function printVersionMessages(messages) {
 var COMMANDS = [
   "login",
   "logout",
+  "asset",
   "configs",
   "detections",
   "healthchecks",
@@ -754,12 +773,12 @@ function parseAttachmentUrls() {
 }
 async function handleConfigsList(org) {
   if (jsonMode) {
-    const { listConfigsJson } = await import("./list-json-LEKCCWQU.js");
+    const { listConfigsJson } = await import("./list-json-CEPGVUGF.js");
     await listConfigsJson({ org });
     return;
   }
   const { render } = await import("ink");
-  const { default: ConfigsList } = await import("./list-5ENZAOFL.js");
+  const { default: ConfigsList } = await import("./list-IA4CSOIY.js");
   const { default: React } = await import("react");
   render(React.createElement(ConfigsList, { org }));
 }
@@ -814,14 +833,14 @@ async function main() {
         );
       }
       if (jsonMode) {
-        const { loginJson } = await import("./login-json-XGMXT5VJ.js");
+        const { loginJson } = await import("./login-json-MPLXCSP4.js");
         await loginJson();
       } else if (!process.stdout.isTTY) {
-        const { loginPlain } = await import("./login-plain-CWKOUZKE.js");
+        const { loginPlain } = await import("./login-plain-NIJDS3D2.js");
         await loginPlain();
       } else {
         const { render } = await import("ink");
-        const { default: Login } = await import("./login-C66GRR3Y.js");
+        const { default: Login } = await import("./login-AMEXCOGT.js");
         const { default: React } = await import("react");
         render(React.createElement(Login));
       }
@@ -829,11 +848,11 @@ async function main() {
     }
     case "logout": {
       if (jsonMode) {
-        const { logoutJson } = await import("./logout-json-4GIJZJ46.js");
+        const { logoutJson } = await import("./logout-json-ACXBI6PN.js");
         await logoutJson();
       } else {
         const { render } = await import("ink");
-        const { default: Logout } = await import("./logout-LA7VEKON.js");
+        const { default: Logout } = await import("./logout-T6Q4IVPU.js");
         const { default: React } = await import("react");
         render(React.createElement(Logout));
       }
@@ -854,10 +873,28 @@ async function main() {
       }
       throw new Error("Usage: chainpatrol configs list");
     }
+    case "asset": {
+      if (subcommand === "check") {
+        const positional = cli.input[2];
+        const content = positional ?? cli.flags.asset;
+        const { runAssetCheck } = await import("./check-YZRIAUOK.js");
+        await runAssetCheck({
+          content,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain
+        });
+        break;
+      }
+      const hint = subcommand ? suggest(subcommand, ["check"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: asset ${subcommand}${hint ? `. Did you mean "asset ${hint}"?` : ""}` : "Usage: chainpatrol asset check <content>"
+      );
+    }
     case "detections": {
       const org = await resolveOrg();
       if (subcommand === "healthcheck") {
-        const { runDetectionsHealthcheck } = await import("./healthcheck-AQUXVKAO.js");
+        const { runDetectionsHealthcheck } = await import("./healthcheck-C3AIMUJT.js");
         await runDetectionsHealthcheck({
           org,
           source: cli.flags.source,
@@ -872,7 +909,7 @@ async function main() {
         break;
       }
       if (subcommand === "validate") {
-        const { runDetectionsValidate } = await import("./validate-27RUCN7R.js");
+        const { runDetectionsValidate } = await import("./validate-5DVPSXJP.js");
         await runDetectionsValidate({
           org,
           source: cli.flags.source,
@@ -887,7 +924,7 @@ async function main() {
         break;
       }
       if (subcommand === "drift") {
-        const { runDetectionsDrift } = await import("./drift-VOKQJ36G.js");
+        const { runDetectionsDrift } = await import("./drift-Q3VG3XG3.js");
         await runDetectionsDrift({
           org,
           source: cli.flags.source,
@@ -901,7 +938,7 @@ async function main() {
         break;
       }
       if (subcommand === "run") {
-        const { runDetectionsRun } = await import("./run-OT2X46GT.js");
+        const { runDetectionsRun } = await import("./run-YTWNQD5X.js");
         await runDetectionsRun({
           org,
           configId: cli.flags.configId,
@@ -920,7 +957,7 @@ async function main() {
           break;
         }
         if (action === "run") {
-          const { runDetectionsRun } = await import("./run-OT2X46GT.js");
+          const { runDetectionsRun } = await import("./run-YTWNQD5X.js");
           await runDetectionsRun({
             org,
             configId: cli.flags.configId,
@@ -938,7 +975,7 @@ async function main() {
             throw new Error("detections configs update requires --config-id");
           }
           const configPatch = getConfigPatchFromSetFlags();
-          const { runDetectionsConfigsUpdate } = await import("./configs-update-VROBC2HI.js");
+          const { runDetectionsConfigsUpdate } = await import("./configs-update-2IOSKZH5.js");
           await runDetectionsConfigsUpdate({
             org,
             configId: cli.flags.configId,
@@ -965,7 +1002,7 @@ async function main() {
     case "metrics": {
       const org = await resolveOrg();
       if (subcommand === "summary") {
-        const { runMetricsSummary } = await import("./summary-JOCABBCO.js");
+        const { runMetricsSummary } = await import("./summary-NQDZQEOD.js");
         await runMetricsSummary({
           org,
           from: cli.flags.from,
@@ -977,7 +1014,7 @@ async function main() {
         break;
       }
       if (subcommand === "found") {
-        const { runMetricsFound } = await import("./found-A5HRTJCJ.js");
+        const { runMetricsFound } = await import("./found-22B7RZT5.js");
         await runMetricsFound({
           org,
           from: cli.flags.from,
@@ -994,7 +1031,7 @@ async function main() {
         if (!by || !["day", "type", "brand"].includes(by)) {
           throw new Error("metrics breakdown requires --by <day|type|brand>");
         }
-        const { runMetricsBreakdown } = await import("./breakdown-AX6QNTQH.js");
+        const { runMetricsBreakdown } = await import("./breakdown-63FAOVL7.js");
         await runMetricsBreakdown({
           org,
           by,
@@ -1014,7 +1051,7 @@ async function main() {
     case "reports": {
       if (subcommand === "list") {
         const org = await resolveOrg();
-        const { runReportsList } = await import("./list-CVFXTKNX.js");
+        const { runReportsList } = await import("./list-AYHDFSQG.js");
         await runReportsList({
           org,
           limit: cli.flags.limit,
@@ -1030,7 +1067,7 @@ async function main() {
       }
       if (subcommand === "create") {
         const org = await tryResolveOrg();
-        const { runReportsCreate } = await import("./create-XTCUNT2C.js");
+        const { runReportsCreate } = await import("./create-EWS3SFCH.js");
         await runReportsCreate({
           org,
           title: cli.flags.title,
@@ -1054,7 +1091,7 @@ async function main() {
     }
     case "queues": {
       if (subcommand === "snapshot") {
-        const { runQueuesSnapshot } = await import("./snapshot-4QR4I67P.js");
+        const { runQueuesSnapshot } = await import("./snapshot-C5MZWJTW.js");
         await runQueuesSnapshot({
           org: cli.flags.org,
           all: cli.flags.all,
@@ -1072,7 +1109,7 @@ async function main() {
     }
     case "orgs": {
       if (subcommand === "list") {
-        const { runOrgsList } = await import("./list-CGRHTFAS.js");
+        const { runOrgsList } = await import("./list-SDBLGBVW.js");
         await runOrgsList({
           query: cli.flags.query,
           subscriptionStatus: cli.flags.subscriptionStatus,
@@ -1092,7 +1129,7 @@ async function main() {
     }
     case "healthchecks": {
       if (subcommand === "list") {
-        const { runHealthchecksList } = await import("./list-PLZ67PNY.js");
+        const { runHealthchecksList } = await import("./list-DNRWKM5O.js");
         await runHealthchecksList({
           json: jsonMode,
           outputFormat: cliContext.outputFormat
@@ -1106,7 +1143,7 @@ async function main() {
           thresholds.minResults = cli.flags.minResults;
         if (cli.flags.lookbackHours !== void 0)
           thresholds.lookbackHours = cli.flags.lookbackHours;
-        const { runHealthchecksRun } = await import("./run-MS5SA5YL.js");
+        const { runHealthchecksRun } = await import("./run-AQMJRFGL.js");
         await runHealthchecksRun({
           org,
           id: action,
@@ -1124,7 +1161,7 @@ async function main() {
     }
     case "presets": {
       if (subcommand === "list") {
-        const { runPresetsList } = await import("./list-EYRN5JYC.js");
+        const { runPresetsList } = await import("./list-HFWSMLGJ.js");
         await runPresetsList({ outputFormat: cliContext.outputFormat });
         break;
       }
@@ -1135,7 +1172,7 @@ async function main() {
           );
         }
         const org = await resolveOrg();
-        const { runPresetsRun } = await import("./run-YHDUUP66.js");
+        const { runPresetsRun } = await import("./run-WJGHJPXN.js");
         await runPresetsRun({
           presetId: action,
           org,
@@ -1152,17 +1189,17 @@ async function main() {
     case "setup":
     case "install":
     case "i": {
-      const { setupSkill } = await import("./setup-skill-J7PZYVCE.js");
+      const { setupSkill } = await import("./setup-skill-DR4KGQMG.js");
       setupSkill({ json: jsonMode, cloud: cli.flags.cloud });
       break;
     }
     case "uninstall": {
-      const { uninstallSkill } = await import("./setup-skill-J7PZYVCE.js");
+      const { uninstallSkill } = await import("./setup-skill-DR4KGQMG.js");
       uninstallSkill({ json: jsonMode });
       break;
     }
     case "completions": {
-      const { printCompletions } = await import("./completions-EGQIARFC.js");
+      const { printCompletions } = await import("./completions-D6SOLU2D.js");
       printCompletions(subcommand);
       break;
     }

package/dist/{completions-EGQIARFC.js → completions-D6SOLU2D.js}

@@ -3,7 +3,7 @@ import {
   installCompletions,
   printCompletions,
   uninstallCompletions
-} from "./chunk-IUZB3DQW.js";
+} from "./chunk-Z76CUWSS.js";
 export {
   getCompletionScript,
   installCompletions,

package/dist/{configs-update-VROBC2HI.js → configs-update-2IOSKZH5.js}

@@ -7,8 +7,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{create-XTCUNT2C.js → create-EWS3SFCH.js}

@@ -8,8 +8,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{drift-VOKQJ36G.js → drift-Q3VG3XG3.js}

@@ -8,8 +8,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{found-A5HRTJCJ.js → found-22B7RZT5.js}

@@ -4,8 +4,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";

package/dist/{healthcheck-AQUXVKAO.js → healthcheck-C3AIMUJT.js}

@@ -8,8 +8,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{list-CVFXTKNX.js → list-AYHDFSQG.js}

@@ -8,8 +8,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{list-PLZ67PNY.js → list-DNRWKM5O.js}

@@ -4,8 +4,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{list-EYRN5JYC.js → list-HFWSMLGJ.js}

@@ -1,13 +1,13 @@
 import {
   PRESETS
-} from "./chunk-AGXMZFUU.js";
+} from "./chunk-BJISZ3CY.js";
 import "./chunk-E2LAMILJ.js";
 import {
   printOutput,
   toCsvRows
 } from "./chunk-VFT3TD3E.js";
-import "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+import "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{list-5ENZAOFL.js → list-IA4CSOIY.js}

@@ -4,12 +4,12 @@ import {
 } from "./chunk-JCMWDZYY.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
+} from "./chunk-RIKR2WFT.js";
 import {
   AuthCorruptedError,
   AuthExpiredError,
   AuthNotLoggedInError
-} from "./chunk-EEG7T6WT.js";
+} from "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{list-CGRHTFAS.js → list-SDBLGBVW.js}

@@ -8,8 +8,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{list-json-LEKCCWQU.js → list-json-CEPGVUGF.js}

@@ -1,7 +1,7 @@
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{login-C66GRR3Y.js → login-AMEXCOGT.js}

@@ -5,15 +5,16 @@ import {
 import {
   formatUserCode,
   isHeadlessEnv
-} from "./chunk-EBJMOX3Q.js";
+} from "./chunk-PZV55KAR.js";
 import {
   fetchUserEmail,
   getCredentials,
+  hasApiKeyEnv,
   isLoggedIn,
   pollForToken,
   requestDeviceCode,
   storeCredentials
-} from "./chunk-EEG7T6WT.js";
+} from "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 
@@ -26,6 +27,14 @@ function Login() {
   const { exit } = useApp();
   const [state, setState] = useState({ phase: "checking" });
   useEffect(() => {
+    if (hasApiKeyEnv()) {
+      setState({
+        phase: "already-logged-in",
+        email: "(authenticated via CHAINPATROL_API_KEY)"
+      });
+      setTimeout(() => exit(), 100);
+      return;
+    }
     if (isLoggedIn()) {
       const creds = getCredentials();
       if (creds.email) {

package/dist/{login-json-XGMXT5VJ.js → login-json-MPLXCSP4.js}

@@ -1,8 +1,8 @@
 import {
   isHeadlessEnv,
   runLoginFlow
-} from "./chunk-EBJMOX3Q.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-PZV55KAR.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{login-plain-CWKOUZKE.js → login-plain-NIJDS3D2.js}

@@ -2,8 +2,8 @@ import {
   formatUserCode,
   isHeadlessEnv,
   runLoginFlow
-} from "./chunk-EBJMOX3Q.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-PZV55KAR.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{logout-LA7VEKON.js → logout-T6Q4IVPU.js}

@@ -1,7 +1,8 @@
 import {
   clearCredentials,
+  hasApiKeyEnv,
   isLoggedIn
-} from "./chunk-EEG7T6WT.js";
+} from "./chunk-EGWK6SRQ.js";
 import "./chunk-U73SABXK.js";
 
 // src/commands/logout.tsx
@@ -9,6 +10,14 @@ import { Text, useApp } from "ink";
 import { jsx, jsxs } from "react/jsx-runtime";
 function Logout() {
   const { exit } = useApp();
+  if (hasApiKeyEnv()) {
+    setTimeout(() => exit(), 100);
+    return /* @__PURE__ */ jsxs(Text, { children: [
+      "Authenticated via ",
+      /* @__PURE__ */ jsx(Text, { bold: true, children: "CHAINPATROL_API_KEY" }),
+      "; unset the env var to log out."
+    ] });
+  }
   if (!isLoggedIn()) {
     setTimeout(() => exit(), 100);
     return /* @__PURE__ */ jsx(Text, { children: "Not currently logged in." });

package/dist/{logout-json-4GIJZJ46.js → logout-json-ACXBI6PN.js}

@@ -1,11 +1,21 @@
 import {
   clearCredentials,
+  hasApiKeyEnv,
   isLoggedIn
-} from "./chunk-EEG7T6WT.js";
+} from "./chunk-EGWK6SRQ.js";
 import "./chunk-U73SABXK.js";
 
 // src/commands/logout-json.ts
 async function logoutJson() {
+  if (hasApiKeyEnv()) {
+    console.log(
+      JSON.stringify({
+        status: "api_key_env_active",
+        message: "Authenticated via CHAINPATROL_API_KEY; unset the env var to log out."
+      })
+    );
+    return;
+  }
   if (!isLoggedIn()) {
     console.log(JSON.stringify({ status: "not_logged_in" }));
     return;

package/dist/{run-MS5SA5YL.js → run-AQMJRFGL.js}

@@ -8,8 +8,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{run-YHDUUP66.js → run-WJGHJPXN.js}

@@ -1,14 +1,14 @@
 import {
   getPresetDefinition,
   runPreset
-} from "./chunk-AGXMZFUU.js";
+} from "./chunk-BJISZ3CY.js";
 import {
   CliExitError,
   ExitCode
 } from "./chunk-E2LAMILJ.js";
 import "./chunk-VFT3TD3E.js";
-import "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+import "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{run-OT2X46GT.js → run-YTWNQD5X.js}

@@ -8,8 +8,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{setup-skill-J7PZYVCE.js → setup-skill-DR4KGQMG.js}

@@ -6,8 +6,8 @@ import {
   readInstalledSkillVersion,
   setupSkill,
   uninstallSkill
-} from "./chunk-ZN3VMRWG.js";
-import "./chunk-IUZB3DQW.js";
+} from "./chunk-P4L4N5LM.js";
+import "./chunk-Z76CUWSS.js";
 export {
   getBundledSkillContent,
   getBundledSkillVersion,

package/dist/{snapshot-4QR4I67P.js → snapshot-C5MZWJTW.js}

@@ -8,8 +8,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{summary-JOCABBCO.js → summary-NQDZQEOD.js}

@@ -4,8 +4,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/dist/{validate-27RUCN7R.js → validate-5DVPSXJP.js}

@@ -8,8 +8,8 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-LLWKCA3H.js";
-import "./chunk-EEG7T6WT.js";
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";
 

package/package.json

@@ -2,7 +2,7 @@
   "name": "@chainpatrol/cli",
   "description": "The official ChainPatrol CLI — terminal interface for threat detection",
   "author": "Umar Ahmed <umar@chainpatrol.io>",
-  "version": "0.7.0",
+  "version": "0.9.0",
   "license": "UNLICENSED",
   "homepage": "https://chainpatrol.com/docs/cli",
   "keywords": [