@chainpatrol/cli 0.8.0 → 0.10.0

package/CHANGELOG.md

@@ -1,5 +1,33 @@
 # @chainpatrol/cli
 
+## 0.10.0
+
+### Minor Changes
+
+- 034096d: `chainpatrol asset check` now accepts multiple assets in a single
+  invocation — either as positional arguments
+  (`chainpatrol asset check a.example b.example c.example`) or via
+  repeated `--asset` flags. Lookups run in parallel (concurrency 10) and
+  the JSON output for bulk calls is
+  `{ results: [...], summary: { checked, blocked, allowed, unknown, errored } }`.
+  Single-asset JSON keeps the existing flat shape for back-compat. The
+  bundled `/chainpatrol` Claude Code skill is updated to call out the bulk
+  form so agents stop falling back to per-asset shell loops (or refusing
+  the request) when asked to check many domains at once.
+
+## 0.9.0
+
+### Minor Changes
+
+- e2658e3: Add `chainpatrol asset check <content>` — look up a single URL, domain, or
+  crypto address against the ChainPatrol blocklist and external feeds and
+  return the aggregated status (`BLOCKED`, `ALLOWED`, or `UNKNOWN`) plus a
+  per-source breakdown. Supports `--json`, `--output markdown`, and
+  `--output csv` for agent/script use, and works with both device-code login
+  and `CHAINPATROL_API_KEY` env-var auth. The bundled `/chainpatrol` Claude
+  Code skill is updated to document the new command and to trigger on
+  phrases like "is this URL blocked" / "check this asset".
+
 ## 0.8.0
 
 ### Minor Changes

package/README.md

@@ -12,6 +12,7 @@ npm install -g chainpatrol
 
 ```bash
 chainpatrol login
+chainpatrol asset check https://phish.example
 chainpatrol configs list --org my-org
 chainpatrol --json configs list --org my-org
 chainpatrol detections healthcheck --org my-org --run
@@ -38,6 +39,31 @@ chainpatrol detections drift --org my-org --explain --output markdown
 chainpatrol queues snapshot --all --output csv
 ```
 
+### Asset commands
+
+```bash
+# look up a single asset against the ChainPatrol blocklist and external feeds
+chainpatrol asset check https://phish.example
+
+# bulk: check many assets in one call (parallel, concurrency=10)
+chainpatrol asset check a.example b.example c.example
+
+# repeated --asset is equivalent to positional args
+chainpatrol asset check --asset a.example --asset b.example
+
+# pipe a file of one-domain-per-line via xargs into a single CLI call
+xargs -a domains.txt chainpatrol --json asset check
+
+# JSON output for automation (single-asset returns flat shape; bulk returns
+# { results: [...], summary: { checked, blocked, allowed, unknown, errored } })
+chainpatrol --json asset check 0xabc123...
+chainpatrol --json asset check a.example b.example c.example
+
+# markdown / csv summary tables
+chainpatrol asset check phish.example --output markdown
+chainpatrol asset check a.example b.example --output csv
+```
+
 ### Detection commands
 
 ```bash

package/dist/{breakdown-DXSN7KUF.js → breakdown-63FAOVL7.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/check-7QDINQPT.js

@@ -0,0 +1,203 @@
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-RIKR2WFT.js";
+import "./chunk-EGWK6SRQ.js";
+import "./chunk-TFCNKBRC.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/asset/check.ts
+var DEFAULT_CONCURRENCY = 10;
+function statusLine(result) {
+  const watchTag = result.watchStatus ? ` watch=${result.watchStatus}` : "";
+  const reasonTag = result.reason ? ` reason=${result.reason}` : "";
+  return `${result.status} (source=${result.source}${reasonTag}${watchTag})`;
+}
+async function runWithConcurrency(items, worker, concurrency) {
+  const results = new Array(items.length);
+  let cursor = 0;
+  const workers = new Array(Math.min(concurrency, items.length)).fill(null).map(async () => {
+    while (true) {
+      const index = cursor;
+      cursor += 1;
+      if (index >= items.length) return;
+      results[index] = await worker(items[index]);
+    }
+  });
+  await Promise.all(workers);
+  return results;
+}
+async function runAssetCheck(options) {
+  const contents = (options.contents ?? []).map((value) => value.trim()).filter((value) => value.length > 0);
+  if (contents.length === 0) {
+    throw new CliExitError(
+      "asset check requires at least one asset. Example: chainpatrol asset check https://example.com",
+      ExitCode.USAGE
+    );
+  }
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const client = options.apiClient ?? createApiClient();
+  const perAssetResults = await runWithConcurrency(
+    contents,
+    async (content) => {
+      try {
+        const result = await client.assetCheck({ content });
+        return { content, ok: true, result };
+      } catch (err) {
+        return {
+          content,
+          ok: false,
+          error: err instanceof Error ? err.message : String(err)
+        };
+      }
+    },
+    DEFAULT_CONCURRENCY
+  );
+  const summary = {
+    checked: perAssetResults.length,
+    blocked: perAssetResults.filter((r) => r.ok && r.result.status === "BLOCKED").length,
+    allowed: perAssetResults.filter((r) => r.ok && r.result.status === "ALLOWED").length,
+    unknown: perAssetResults.filter((r) => r.ok && r.result.status === "UNKNOWN").length,
+    errored: perAssetResults.filter((r) => !r.ok).length
+  };
+  const isSingle = contents.length === 1;
+  const jsonPayload = isSingle ? buildSingleJsonPayload(perAssetResults[0], options.explain) : {
+    results: perAssetResults.map(toJsonRow),
+    summary,
+    explanation: options.explain ? "Bulk asset check ran the public asset/check endpoint for each input in parallel (concurrency=10). Each row reports the aggregated ChainPatrol status plus the per-source breakdown." : void 0
+  };
+  const markdown = isSingle ? buildSingleMarkdown(perAssetResults[0]) : [
+    `# Asset Check (${summary.checked})`,
+    "",
+    `- Blocked: ${summary.blocked}`,
+    `- Allowed: ${summary.allowed}`,
+    `- Unknown: ${summary.unknown}`,
+    ...summary.errored > 0 ? [`- Errored: ${summary.errored}`] : [],
+    "",
+    "| Content | Status | Source | Reason | Watch |",
+    "| --- | --- | --- | --- | --- |",
+    ...perAssetResults.map(toMarkdownRow)
+  ].join("\n");
+  const csv = toCsvRows(perAssetResults.map(toCsvRow));
+  printOutput({
+    outputFormat,
+    json: jsonPayload,
+    markdown,
+    csv,
+    human: () => {
+      for (const entry of perAssetResults) {
+        if (entry.ok) {
+          console.log(`${entry.content} -> ${statusLine(entry.result)}`);
+        } else {
+          console.log(`${entry.content} -> ERROR: ${entry.error}`);
+        }
+      }
+      if (isSingle && perAssetResults[0].ok) {
+        const sources = perAssetResults[0].result.sources;
+        if (sources.length > 0) {
+          console.log("Sources:");
+          for (const entry of sources) {
+            console.log(`  - ${entry.source}: ${entry.status}`);
+          }
+        }
+        if (perAssetResults[0].result.message) {
+          console.log(`Message: ${perAssetResults[0].result.message}`);
+        }
+        if (perAssetResults[0].result.code) {
+          console.log(`Code: ${perAssetResults[0].result.code}`);
+        }
+      } else {
+        console.log(
+          `Summary: ${summary.checked} checked \u2014 blocked=${summary.blocked} allowed=${summary.allowed} unknown=${summary.unknown}${summary.errored > 0 ? ` errored=${summary.errored}` : ""}`
+        );
+      }
+      if (options.explain) {
+        console.log(
+          "Status is the aggregated verdict across ChainPatrol and external feeds; see the per-source rows for the underlying signals."
+        );
+      }
+    }
+  });
+  if (summary.errored > 0) {
+    throw new CliExitError(
+      `asset check: ${summary.errored} of ${summary.checked} request(s) failed.`,
+      ExitCode.UNKNOWN
+    );
+  }
+}
+function buildSingleJsonPayload(entry, explain) {
+  if (!entry.ok) {
+    return {
+      content: entry.content,
+      error: entry.error,
+      explanation: explain ? "asset check failed for this asset. Inspect the error message and retry." : void 0
+    };
+  }
+  return {
+    content: entry.content,
+    ...entry.result,
+    explanation: explain ? "Asset check aggregates ChainPatrol records and external sources to classify a domain, URL, or crypto address as BLOCKED, ALLOWED, or UNKNOWN." : void 0
+  };
+}
+function buildSingleMarkdown(entry) {
+  if (!entry.ok) {
+    return [`# Asset Check: ${entry.content}`, "", `- Error: ${entry.error}`].join("\n");
+  }
+  const result = entry.result;
+  return [
+    `# Asset Check: ${entry.content}`,
+    "",
+    `- Status: **${result.status}**`,
+    `- Source: ${result.source}`,
+    ...result.reason ? [`- Reason: ${result.reason}`] : [],
+    ...result.watchStatus ? [`- Watch status: ${result.watchStatus}`] : [],
+    ...result.message ? [`- Message: ${result.message}`] : [],
+    ...result.code ? [`- Code: ${result.code}`] : [],
+    "",
+    "## Per-source results",
+    "",
+    ...result.sources.map((entry2) => `- ${entry2.source}: ${entry2.status}`)
+  ].join("\n");
+}
+function toJsonRow(entry) {
+  if (!entry.ok) {
+    return { content: entry.content, error: entry.error };
+  }
+  return { content: entry.content, ...entry.result };
+}
+function toMarkdownRow(entry) {
+  if (!entry.ok) {
+    return `| ${entry.content} | ERROR | \u2014 | ${entry.error.replace(/\|/g, "\\|")} | \u2014 |`;
+  }
+  const r = entry.result;
+  return `| ${entry.content} | ${r.status} | ${r.source} | ${r.reason ?? ""} | ${r.watchStatus ?? ""} |`;
+}
+function toCsvRow(entry) {
+  if (!entry.ok) {
+    return {
+      content: entry.content,
+      status: "ERROR",
+      source: "",
+      reason: entry.error,
+      watchStatus: ""
+    };
+  }
+  const r = entry.result;
+  return {
+    content: entry.content,
+    status: r.status,
+    source: r.source,
+    reason: r.reason ?? "",
+    watchStatus: r.watchStatus ?? ""
+  };
+}
+export {
+  runAssetCheck
+};

package/dist/{chunk-XIHOCIYM.js → chunk-BJISZ3CY.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";

package/dist/{chunk-ZN3VMRWG.js → chunk-R2DZGMGT.js}

@@ -1,7 +1,7 @@
 import {
   installCompletions,
   uninstallCompletions
-} from "./chunk-IUZB3DQW.js";
+} from "./chunk-Z76CUWSS.js";
 
 // src/commands/setup-skill.ts
 import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync2, existsSync as existsSync2, readFileSync as readFileSync3, rmSync } from "fs";
@@ -196,7 +196,9 @@ description: |
   "org healthcheck", "organization health check", "audit my org",
   "what's wrong with org", "review org setup", "list orgs", "list organizations",
   "orgs with takedowns off", "automation off across orgs",
-  "which customers have X enabled", "service toggles by org".
+  "which customers have X enabled", "service toggles by org",
+  "is this URL blocked", "is this domain blocked", "is this address blocked",
+  "check this asset", "asset check", "lookup asset status".
 allowed-tools:
   - Bash
   - Read
@@ -310,6 +312,61 @@ so the same background+tail pattern works without \`--json\`. Prefer
 chainpatrol logout
 \`\`\`
 
+### \`asset check\` \u2014 Check one or many assets against the blocklist
+
+Look up a URL, domain, or crypto address and return its aggregated status
+(\`BLOCKED\`, \`ALLOWED\`, or \`UNKNOWN\`) plus a per-source breakdown
+(ChainPatrol + external feeds like eth-phishing-detect, phishfort, seal,
+polkadot-phishing). Works whether you're authenticated via device-code
+login or via a \`CHAINPATROL_API_KEY\` env var.
+
+Single asset:
+
+\`\`\`bash
+chainpatrol asset check https://phish.example
+chainpatrol asset check 0xabc123...
+\`\`\`
+
+#### Bulk checks (preferred for >1 asset)
+
+Pass multiple assets in a single invocation \u2014 the CLI runs them in
+parallel (concurrency 10) and returns one row per asset. **Do this
+instead of looping the CLI in a shell \`for\` loop**: one process, one
+auth handshake, parallel HTTP. Use either positional args or repeated
+\`--asset\`:
+
+\`\`\`bash
+# positional form
+chainpatrol asset check a.example b.example c.example
+
+# repeated --asset (handy when content has spaces or special chars)
+chainpatrol asset check --asset a.example --asset b.example
+
+# from a file of one-asset-per-line (use xargs to splat into one call)
+xargs -a domains.txt chainpatrol asset check
+\`\`\`
+
+JSON mode is the agent-friendly default \u2014 single-asset JSON keeps the
+flat \`{ content, status, source, reason?, sources[], watchStatus? }\`
+shape; multi-asset JSON returns \`{ results: [...], summary: { checked,
+blocked, allowed, unknown, errored } }\`:
+
+\`\`\`bash
+chainpatrol --json asset check https://phish.example
+chainpatrol --json asset check a.example b.example c.example
+\`\`\`
+
+Markdown / CSV are also available for sharing in docs / chat:
+
+\`\`\`bash
+chainpatrol asset check phish.example --output markdown
+chainpatrol asset check a.example b.example --output csv
+\`\`\`
+
+If any individual lookup fails, the CLI still prints results for the
+successful ones, then exits non-zero so failures aren't silently
+swallowed.
+
 ### \`configs list\` \u2014 List detection configurations
 
 Requires authentication and an organization slug.

package/dist/{chunk-F6D645LF.js → chunk-RIKR2WFT.js}

@@ -95,6 +95,9 @@ function createApiClient(options) {
     return await res.json();
   }
   return {
+    assetCheck(input) {
+      return request("/asset/check", input);
+    },
     listDetectionConfigs(slug) {
       return request("/detection/configs/list", { slug });
     },

package/dist/{chunk-IUZB3DQW.js → chunk-Z76CUWSS.js}

@@ -16,6 +16,7 @@ _chainpatrol() {
   commands=(
     'login:Authenticate with ChainPatrol'
     'logout:Clear stored credentials'
+    'asset:Check asset status against ChainPatrol'
     'configs:Manage detection configs'
     'detections:Validate and run detection configs'
     'metrics:Query organization metrics'
@@ -56,6 +57,11 @@ _chainpatrol() {
     _arguments -s $global_flags
   elif (( CURRENT == 3 )); then
     case "\${words[2]}" in
+      asset)
+        local -a asset_subcommands
+        asset_subcommands=('check:Check asset status against ChainPatrol')
+        _describe 'subcommand' asset_subcommands
+        ;;
       configs)
         local -a subcommands
         subcommands=('list:List detection configurations')
@@ -118,13 +124,17 @@ var BASH_COMPLETION = `_chainpatrol() {
   COMPREPLY=()
   cur="\${COMP_WORDS[COMP_CWORD]}"
   prev="\${COMP_WORDS[COMP_CWORD-1]}"
-  commands="login logout configs detections metrics reports queues presets setup uninstall completions help"
+  commands="login logout asset configs detections metrics reports queues presets setup uninstall completions help"
 
   case "\${prev}" in
     chainpatrol)
       COMPREPLY=( $(compgen -W "\${commands}" -- "\${cur}") )
       return 0
       ;;
+    asset)
+      COMPREPLY=( $(compgen -W "check" -- "\${cur}") )
+      return 0
+      ;;
     configs)
       COMPREPLY=( $(compgen -W "list" -- "\${cur}") )
       return 0

package/dist/cli.js

@@ -13,8 +13,8 @@ import {
   getCliVersion,
   isSkillInstalled,
   readInstalledSkillVersion
-} from "./chunk-ZN3VMRWG.js";
-import "./chunk-IUZB3DQW.js";
+} from "./chunk-R2DZGMGT.js";
+import "./chunk-Z76CUWSS.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";
@@ -91,6 +91,29 @@ var HELP = {
     description: "Clear stored credentials from this machine.",
     usage: "chainpatrol logout"
   },
+  asset: {
+    description: "Check whether one or more assets are BLOCKED, ALLOWED, or UNKNOWN.",
+    usage: "chainpatrol asset check <content> [<content> ...]",
+    examples: [
+      "chainpatrol asset check https://phish.example",
+      "chainpatrol asset check a.example b.example c.example",
+      "chainpatrol --json asset check 0xabc123\u2026"
+    ]
+  },
+  "asset check": {
+    description: "Look up one or more assets (URL, domain, or crypto address) against the ChainPatrol blocklist and external feeds. Returns the aggregated status plus a per-source breakdown. Multiple assets can be passed as positional arguments or via repeated --asset; they are checked in parallel (concurrency 10).",
+    usage: "chainpatrol asset check <content> [<content> ...]",
+    options: [
+      "--asset <content>     Asset content (repeatable; alternative to positional args)"
+    ],
+    examples: [
+      "chainpatrol asset check https://phish.example",
+      "chainpatrol asset check a.example b.example c.example --json",
+      "chainpatrol asset check --asset a.example --asset b.example --output csv",
+      "chainpatrol asset check phish.example --output markdown",
+      "chainpatrol --json asset check 0xabc123\u2026"
+    ]
+  },
   configs: {
     description: "Manage detection configs for an organization.",
     usage: "chainpatrol configs <list>",
@@ -391,6 +414,7 @@ function getTopLevelHelp() {
     "  Commands",
     "    login         Authenticate with ChainPatrol",
     "    logout        Clear stored credentials",
+    "    asset         Check asset status against ChainPatrol",
     "    configs       Manage detection configs",
     "    detections    Validate, run, update detection configs",
     "    healthchecks  List and run organization healthchecks",
@@ -561,6 +585,7 @@ function printVersionMessages(messages) {
 var COMMANDS = [
   "login",
   "logout",
+  "asset",
   "configs",
   "detections",
   "healthchecks",
@@ -754,12 +779,12 @@ function parseAttachmentUrls() {
 }
 async function handleConfigsList(org) {
   if (jsonMode) {
-    const { listConfigsJson } = await import("./list-json-DWHMAA6S.js");
+    const { listConfigsJson } = await import("./list-json-CEPGVUGF.js");
     await listConfigsJson({ org });
     return;
   }
   const { render } = await import("ink");
-  const { default: ConfigsList } = await import("./list-6ELSECNR.js");
+  const { default: ConfigsList } = await import("./list-IA4CSOIY.js");
   const { default: React } = await import("react");
   render(React.createElement(ConfigsList, { org }));
 }
@@ -854,10 +879,29 @@ async function main() {
       }
       throw new Error("Usage: chainpatrol configs list");
     }
+    case "asset": {
+      if (subcommand === "check") {
+        const positionals = cli.input.slice(2);
+        const flagAssets = parseAssetInputs();
+        const contents = [...positionals, ...flagAssets];
+        const { runAssetCheck } = await import("./check-7QDINQPT.js");
+        await runAssetCheck({
+          contents,
+          json: jsonMode,
+          outputFormat: cliContext.outputFormat,
+          explain: cliContext.explain
+        });
+        break;
+      }
+      const hint = subcommand ? suggest(subcommand, ["check"]) : null;
+      throw new Error(
+        subcommand ? `Unknown subcommand: asset ${subcommand}${hint ? `. Did you mean "asset ${hint}"?` : ""}` : "Usage: chainpatrol asset check <content> [<content> ...]"
+      );
+    }
     case "detections": {
       const org = await resolveOrg();
       if (subcommand === "healthcheck") {
-        const { runDetectionsHealthcheck } = await import("./healthcheck-XTQN64DB.js");
+        const { runDetectionsHealthcheck } = await import("./healthcheck-C3AIMUJT.js");
         await runDetectionsHealthcheck({
           org,
           source: cli.flags.source,
@@ -872,7 +916,7 @@ async function main() {
         break;
       }
       if (subcommand === "validate") {
-        const { runDetectionsValidate } = await import("./validate-RI7YKHKH.js");
+        const { runDetectionsValidate } = await import("./validate-5DVPSXJP.js");
         await runDetectionsValidate({
           org,
           source: cli.flags.source,
@@ -887,7 +931,7 @@ async function main() {
         break;
       }
       if (subcommand === "drift") {
-        const { runDetectionsDrift } = await import("./drift-WJD2Z5ZB.js");
+        const { runDetectionsDrift } = await import("./drift-Q3VG3XG3.js");
         await runDetectionsDrift({
           org,
           source: cli.flags.source,
@@ -901,7 +945,7 @@ async function main() {
         break;
       }
       if (subcommand === "run") {
-        const { runDetectionsRun } = await import("./run-4S244KUM.js");
+        const { runDetectionsRun } = await import("./run-YTWNQD5X.js");
         await runDetectionsRun({
           org,
           configId: cli.flags.configId,
@@ -920,7 +964,7 @@ async function main() {
           break;
         }
         if (action === "run") {
-          const { runDetectionsRun } = await import("./run-4S244KUM.js");
+          const { runDetectionsRun } = await import("./run-YTWNQD5X.js");
           await runDetectionsRun({
             org,
             configId: cli.flags.configId,
@@ -938,7 +982,7 @@ async function main() {
             throw new Error("detections configs update requires --config-id");
           }
           const configPatch = getConfigPatchFromSetFlags();
-          const { runDetectionsConfigsUpdate } = await import("./configs-update-BBENU2PG.js");
+          const { runDetectionsConfigsUpdate } = await import("./configs-update-2IOSKZH5.js");
           await runDetectionsConfigsUpdate({
             org,
             configId: cli.flags.configId,
@@ -965,7 +1009,7 @@ async function main() {
     case "metrics": {
       const org = await resolveOrg();
       if (subcommand === "summary") {
-        const { runMetricsSummary } = await import("./summary-JYDAPBYX.js");
+        const { runMetricsSummary } = await import("./summary-NQDZQEOD.js");
         await runMetricsSummary({
           org,
           from: cli.flags.from,
@@ -977,7 +1021,7 @@ async function main() {
         break;
       }
       if (subcommand === "found") {
-        const { runMetricsFound } = await import("./found-4UY3IC5T.js");
+        const { runMetricsFound } = await import("./found-22B7RZT5.js");
         await runMetricsFound({
           org,
           from: cli.flags.from,
@@ -994,7 +1038,7 @@ async function main() {
         if (!by || !["day", "type", "brand"].includes(by)) {
           throw new Error("metrics breakdown requires --by <day|type|brand>");
         }
-        const { runMetricsBreakdown } = await import("./breakdown-DXSN7KUF.js");
+        const { runMetricsBreakdown } = await import("./breakdown-63FAOVL7.js");
         await runMetricsBreakdown({
           org,
           by,
@@ -1014,7 +1058,7 @@ async function main() {
     case "reports": {
       if (subcommand === "list") {
         const org = await resolveOrg();
-        const { runReportsList } = await import("./list-BVUG6RUF.js");
+        const { runReportsList } = await import("./list-AYHDFSQG.js");
         await runReportsList({
           org,
           limit: cli.flags.limit,
@@ -1030,7 +1074,7 @@ async function main() {
       }
       if (subcommand === "create") {
         const org = await tryResolveOrg();
-        const { runReportsCreate } = await import("./create-SXPAFMPT.js");
+        const { runReportsCreate } = await import("./create-EWS3SFCH.js");
         await runReportsCreate({
           org,
           title: cli.flags.title,
@@ -1054,7 +1098,7 @@ async function main() {
     }
     case "queues": {
       if (subcommand === "snapshot") {
-        const { runQueuesSnapshot } = await import("./snapshot-MEOOARL3.js");
+        const { runQueuesSnapshot } = await import("./snapshot-C5MZWJTW.js");
         await runQueuesSnapshot({
           org: cli.flags.org,
           all: cli.flags.all,
@@ -1072,7 +1116,7 @@ async function main() {
     }
     case "orgs": {
       if (subcommand === "list") {
-        const { runOrgsList } = await import("./list-IJS66PYW.js");
+        const { runOrgsList } = await import("./list-SDBLGBVW.js");
         await runOrgsList({
           query: cli.flags.query,
           subscriptionStatus: cli.flags.subscriptionStatus,
@@ -1092,7 +1136,7 @@ async function main() {
     }
     case "healthchecks": {
       if (subcommand === "list") {
-        const { runHealthchecksList } = await import("./list-2PBVBN5K.js");
+        const { runHealthchecksList } = await import("./list-DNRWKM5O.js");
         await runHealthchecksList({
           json: jsonMode,
           outputFormat: cliContext.outputFormat
@@ -1106,7 +1150,7 @@ async function main() {
           thresholds.minResults = cli.flags.minResults;
         if (cli.flags.lookbackHours !== void 0)
           thresholds.lookbackHours = cli.flags.lookbackHours;
-        const { runHealthchecksRun } = await import("./run-M25F7TWI.js");
+        const { runHealthchecksRun } = await import("./run-AQMJRFGL.js");
         await runHealthchecksRun({
           org,
           id: action,
@@ -1124,7 +1168,7 @@ async function main() {
     }
     case "presets": {
       if (subcommand === "list") {
-        const { runPresetsList } = await import("./list-BGI7IZ55.js");
+        const { runPresetsList } = await import("./list-HFWSMLGJ.js");
         await runPresetsList({ outputFormat: cliContext.outputFormat });
         break;
       }
@@ -1135,7 +1179,7 @@ async function main() {
           );
         }
         const org = await resolveOrg();
-        const { runPresetsRun } = await import("./run-3W7LSPX2.js");
+        const { runPresetsRun } = await import("./run-WJGHJPXN.js");
         await runPresetsRun({
           presetId: action,
           org,
@@ -1152,17 +1196,17 @@ async function main() {
     case "setup":
     case "install":
     case "i": {
-      const { setupSkill } = await import("./setup-skill-J7PZYVCE.js");
+      const { setupSkill } = await import("./setup-skill-BLJLRCXL.js");
       setupSkill({ json: jsonMode, cloud: cli.flags.cloud });
       break;
     }
     case "uninstall": {
-      const { uninstallSkill } = await import("./setup-skill-J7PZYVCE.js");
+      const { uninstallSkill } = await import("./setup-skill-BLJLRCXL.js");
       uninstallSkill({ json: jsonMode });
       break;
     }
     case "completions": {
-      const { printCompletions } = await import("./completions-EGQIARFC.js");
+      const { printCompletions } = await import("./completions-D6SOLU2D.js");
       printCompletions(subcommand);
       break;
     }

package/dist/{completions-EGQIARFC.js → completions-D6SOLU2D.js}

@@ -3,7 +3,7 @@ import {
   installCompletions,
   printCompletions,
   uninstallCompletions
-} from "./chunk-IUZB3DQW.js";
+} from "./chunk-Z76CUWSS.js";
 export {
   getCompletionScript,
   installCompletions,

package/dist/{configs-update-BBENU2PG.js → configs-update-2IOSKZH5.js}

@@ -7,7 +7,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{create-SXPAFMPT.js → create-EWS3SFCH.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{drift-WJD2Z5ZB.js → drift-Q3VG3XG3.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{found-4UY3IC5T.js → found-22B7RZT5.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import {
   DateTime

package/dist/{healthcheck-XTQN64DB.js → healthcheck-C3AIMUJT.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-BVUG6RUF.js → list-AYHDFSQG.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-2PBVBN5K.js → list-DNRWKM5O.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-BGI7IZ55.js → list-HFWSMLGJ.js}

@@ -1,12 +1,12 @@
 import {
   PRESETS
-} from "./chunk-XIHOCIYM.js";
+} from "./chunk-BJISZ3CY.js";
 import "./chunk-E2LAMILJ.js";
 import {
   printOutput,
   toCsvRows
 } from "./chunk-VFT3TD3E.js";
-import "./chunk-F6D645LF.js";
+import "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-6ELSECNR.js → list-IA4CSOIY.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-JCMWDZYY.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import {
   AuthCorruptedError,
   AuthExpiredError,

package/dist/{list-IJS66PYW.js → list-SDBLGBVW.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{list-json-DWHMAA6S.js → list-json-CEPGVUGF.js}

@@ -1,6 +1,6 @@
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{run-M25F7TWI.js → run-AQMJRFGL.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{run-3W7LSPX2.js → run-WJGHJPXN.js}

@@ -1,13 +1,13 @@
 import {
   getPresetDefinition,
   runPreset
-} from "./chunk-XIHOCIYM.js";
+} from "./chunk-BJISZ3CY.js";
 import {
   CliExitError,
   ExitCode
 } from "./chunk-E2LAMILJ.js";
 import "./chunk-VFT3TD3E.js";
-import "./chunk-F6D645LF.js";
+import "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{run-4S244KUM.js → run-YTWNQD5X.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{setup-skill-J7PZYVCE.js → setup-skill-BLJLRCXL.js}

@@ -6,8 +6,8 @@ import {
   readInstalledSkillVersion,
   setupSkill,
   uninstallSkill
-} from "./chunk-ZN3VMRWG.js";
-import "./chunk-IUZB3DQW.js";
+} from "./chunk-R2DZGMGT.js";
+import "./chunk-Z76CUWSS.js";
 export {
   getBundledSkillContent,
   getBundledSkillVersion,

package/dist/{snapshot-MEOOARL3.js → snapshot-C5MZWJTW.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{summary-JYDAPBYX.js → summary-NQDZQEOD.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/{validate-RI7YKHKH.js → validate-5DVPSXJP.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-F6D645LF.js";
+} from "./chunk-RIKR2WFT.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/package.json

@@ -2,7 +2,7 @@
   "name": "@chainpatrol/cli",
   "description": "The official ChainPatrol CLI — terminal interface for threat detection",
   "author": "Umar Ahmed <umar@chainpatrol.io>",
-  "version": "0.8.0",
+  "version": "0.10.0",
   "license": "UNLICENSED",
   "homepage": "https://chainpatrol.com/docs/cli",
   "keywords": [