@chainpatrol/cli 0.9.0 → 0.11.0

package/CHANGELOG.md

@@ -1,5 +1,41 @@
 # @chainpatrol/cli
 
+## 0.11.0
+
+### Minor Changes
+
+- 21e4455: Add `chainpatrol takedowns list` and `chainpatrol metrics organization`
+  commands so agents can pull per-takedown detail and org-scoped metrics
+  from the CLI instead of stopping at `queues snapshot`'s aggregate
+  counts.
+
+  `takedowns list` wraps `POST /takedowns/list` with filters for status,
+  asset type, liveness, date range, search, sort, and pagination, and
+  emits the standard human/json/markdown/csv shapes. `metrics
+organization` wraps the documented `GET /organization/metrics`
+  endpoint, complementing the existing `metrics summary`/`found`/
+  `breakdown` subcommands.
+
+  Both endpoints now also accept a user-session bearer token (pass
+  `--org <slug>`) in addition to an API key, so customer-success operators
+  logged in via `chainpatrol login` can use them without provisioning a
+  key.
+
+## 0.10.0
+
+### Minor Changes
+
+- 034096d: `chainpatrol asset check` now accepts multiple assets in a single
+  invocation — either as positional arguments
+  (`chainpatrol asset check a.example b.example c.example`) or via
+  repeated `--asset` flags. Lookups run in parallel (concurrency 10) and
+  the JSON output for bulk calls is
+  `{ results: [...], summary: { checked, blocked, allowed, unknown, errored } }`.
+  Single-asset JSON keeps the existing flat shape for back-compat. The
+  bundled `/chainpatrol` Claude Code skill is updated to call out the bulk
+  form so agents stop falling back to per-asset shell loops (or refusing
+  the request) when asked to check many domains at once.
+
 ## 0.9.0
 
 ### Minor Changes

package/README.md

@@ -22,7 +22,9 @@ chainpatrol metrics found --org my-org --this-week
 chainpatrol reports create --org my-org --title "Phishing report" --asset "https://phish.example:BLOCKED"
 chainpatrol reports list --org my-org --limit 10
 chainpatrol metrics breakdown --org my-org --by type --from 2026-01-01 --to 2026-01-08
+chainpatrol metrics organization --org my-org --from 2026-01-01 --to 2026-02-01
 chainpatrol queues snapshot --all --output markdown
+chainpatrol takedowns list --org my-org --takedown-status TODO,IN_PROGRESS --per-page 50
 chainpatrol presets run cs-weekly-health --org my-org --output json
 ```
 
@@ -45,11 +47,23 @@ chainpatrol queues snapshot --all --output csv
 # look up a single asset against the ChainPatrol blocklist and external feeds
 chainpatrol asset check https://phish.example
 
-# JSON output for automation (returns status, per-source breakdown, watchStatus)
+# bulk: check many assets in one call (parallel, concurrency=10)
+chainpatrol asset check a.example b.example c.example
+
+# repeated --asset is equivalent to positional args
+chainpatrol asset check --asset a.example --asset b.example
+
+# pipe a file of one-domain-per-line via xargs into a single CLI call
+xargs -a domains.txt chainpatrol --json asset check
+
+# JSON output for automation (single-asset returns flat shape; bulk returns
+# { results: [...], summary: { checked, blocked, allowed, unknown, errored } })
 chainpatrol --json asset check 0xabc123...
+chainpatrol --json asset check a.example b.example c.example
 
-# markdown summary
+# markdown / csv summary tables
 chainpatrol asset check phish.example --output markdown
+chainpatrol asset check a.example b.example --output csv
 ```
 
 ### Detection commands

package/dist/{breakdown-63FAOVL7.js → breakdown-MM5GSZKV.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import "./chunk-EGWK6SRQ.js";
 import "./chunk-TFCNKBRC.js";
 import "./chunk-U73SABXK.js";

package/dist/check-GDKUHVQI.js

@@ -0,0 +1,203 @@
+import {
+  CliExitError,
+  ExitCode
+} from "./chunk-E2LAMILJ.js";
+import {
+  printOutput,
+  toCsvRows
+} from "./chunk-VFT3TD3E.js";
+import {
+  createApiClient
+} from "./chunk-SX3L6NKR.js";
+import "./chunk-EGWK6SRQ.js";
+import "./chunk-TFCNKBRC.js";
+import "./chunk-U73SABXK.js";
+
+// src/commands/asset/check.ts
+var DEFAULT_CONCURRENCY = 10;
+function statusLine(result) {
+  const watchTag = result.watchStatus ? ` watch=${result.watchStatus}` : "";
+  const reasonTag = result.reason ? ` reason=${result.reason}` : "";
+  return `${result.status} (source=${result.source}${reasonTag}${watchTag})`;
+}
+async function runWithConcurrency(items, worker, concurrency) {
+  const results = new Array(items.length);
+  let cursor = 0;
+  const workers = new Array(Math.min(concurrency, items.length)).fill(null).map(async () => {
+    while (true) {
+      const index = cursor;
+      cursor += 1;
+      if (index >= items.length) return;
+      results[index] = await worker(items[index]);
+    }
+  });
+  await Promise.all(workers);
+  return results;
+}
+async function runAssetCheck(options) {
+  const contents = (options.contents ?? []).map((value) => value.trim()).filter((value) => value.length > 0);
+  if (contents.length === 0) {
+    throw new CliExitError(
+      "asset check requires at least one asset. Example: chainpatrol asset check https://example.com",
+      ExitCode.USAGE
+    );
+  }
+  const outputFormat = options.outputFormat ?? (options.json ? "json" : "human");
+  const client = options.apiClient ?? createApiClient();
+  const perAssetResults = await runWithConcurrency(
+    contents,
+    async (content) => {
+      try {
+        const result = await client.assetCheck({ content });
+        return { content, ok: true, result };
+      } catch (err) {
+        return {
+          content,
+          ok: false,
+          error: err instanceof Error ? err.message : String(err)
+        };
+      }
+    },
+    DEFAULT_CONCURRENCY
+  );
+  const summary = {
+    checked: perAssetResults.length,
+    blocked: perAssetResults.filter((r) => r.ok && r.result.status === "BLOCKED").length,
+    allowed: perAssetResults.filter((r) => r.ok && r.result.status === "ALLOWED").length,
+    unknown: perAssetResults.filter((r) => r.ok && r.result.status === "UNKNOWN").length,
+    errored: perAssetResults.filter((r) => !r.ok).length
+  };
+  const isSingle = contents.length === 1;
+  const jsonPayload = isSingle ? buildSingleJsonPayload(perAssetResults[0], options.explain) : {
+    results: perAssetResults.map(toJsonRow),
+    summary,
+    explanation: options.explain ? "Bulk asset check ran the public asset/check endpoint for each input in parallel (concurrency=10). Each row reports the aggregated ChainPatrol status plus the per-source breakdown." : void 0
+  };
+  const markdown = isSingle ? buildSingleMarkdown(perAssetResults[0]) : [
+    `# Asset Check (${summary.checked})`,
+    "",
+    `- Blocked: ${summary.blocked}`,
+    `- Allowed: ${summary.allowed}`,
+    `- Unknown: ${summary.unknown}`,
+    ...summary.errored > 0 ? [`- Errored: ${summary.errored}`] : [],
+    "",
+    "| Content | Status | Source | Reason | Watch |",
+    "| --- | --- | --- | --- | --- |",
+    ...perAssetResults.map(toMarkdownRow)
+  ].join("\n");
+  const csv = toCsvRows(perAssetResults.map(toCsvRow));
+  printOutput({
+    outputFormat,
+    json: jsonPayload,
+    markdown,
+    csv,
+    human: () => {
+      for (const entry of perAssetResults) {
+        if (entry.ok) {
+          console.log(`${entry.content} -> ${statusLine(entry.result)}`);
+        } else {
+          console.log(`${entry.content} -> ERROR: ${entry.error}`);
+        }
+      }
+      if (isSingle && perAssetResults[0].ok) {
+        const sources = perAssetResults[0].result.sources;
+        if (sources.length > 0) {
+          console.log("Sources:");
+          for (const entry of sources) {
+            console.log(`  - ${entry.source}: ${entry.status}`);
+          }
+        }
+        if (perAssetResults[0].result.message) {
+          console.log(`Message: ${perAssetResults[0].result.message}`);
+        }
+        if (perAssetResults[0].result.code) {
+          console.log(`Code: ${perAssetResults[0].result.code}`);
+        }
+      } else {
+        console.log(
+          `Summary: ${summary.checked} checked \u2014 blocked=${summary.blocked} allowed=${summary.allowed} unknown=${summary.unknown}${summary.errored > 0 ? ` errored=${summary.errored}` : ""}`
+        );
+      }
+      if (options.explain) {
+        console.log(
+          "Status is the aggregated verdict across ChainPatrol and external feeds; see the per-source rows for the underlying signals."
+        );
+      }
+    }
+  });
+  if (summary.errored > 0) {
+    throw new CliExitError(
+      `asset check: ${summary.errored} of ${summary.checked} request(s) failed.`,
+      ExitCode.UNKNOWN
+    );
+  }
+}
+function buildSingleJsonPayload(entry, explain) {
+  if (!entry.ok) {
+    return {
+      content: entry.content,
+      error: entry.error,
+      explanation: explain ? "asset check failed for this asset. Inspect the error message and retry." : void 0
+    };
+  }
+  return {
+    content: entry.content,
+    ...entry.result,
+    explanation: explain ? "Asset check aggregates ChainPatrol records and external sources to classify a domain, URL, or crypto address as BLOCKED, ALLOWED, or UNKNOWN." : void 0
+  };
+}
+function buildSingleMarkdown(entry) {
+  if (!entry.ok) {
+    return [`# Asset Check: ${entry.content}`, "", `- Error: ${entry.error}`].join("\n");
+  }
+  const result = entry.result;
+  return [
+    `# Asset Check: ${entry.content}`,
+    "",
+    `- Status: **${result.status}**`,
+    `- Source: ${result.source}`,
+    ...result.reason ? [`- Reason: ${result.reason}`] : [],
+    ...result.watchStatus ? [`- Watch status: ${result.watchStatus}`] : [],
+    ...result.message ? [`- Message: ${result.message}`] : [],
+    ...result.code ? [`- Code: ${result.code}`] : [],
+    "",
+    "## Per-source results",
+    "",
+    ...result.sources.map((entry2) => `- ${entry2.source}: ${entry2.status}`)
+  ].join("\n");
+}
+function toJsonRow(entry) {
+  if (!entry.ok) {
+    return { content: entry.content, error: entry.error };
+  }
+  return { content: entry.content, ...entry.result };
+}
+function toMarkdownRow(entry) {
+  if (!entry.ok) {
+    return `| ${entry.content} | ERROR | \u2014 | ${entry.error.replace(/\|/g, "\\|")} | \u2014 |`;
+  }
+  const r = entry.result;
+  return `| ${entry.content} | ${r.status} | ${r.source} | ${r.reason ?? ""} | ${r.watchStatus ?? ""} |`;
+}
+function toCsvRow(entry) {
+  if (!entry.ok) {
+    return {
+      content: entry.content,
+      status: "ERROR",
+      source: "",
+      reason: entry.error,
+      watchStatus: ""
+    };
+  }
+  const r = entry.result;
+  return {
+    content: entry.content,
+    status: r.status,
+    source: r.source,
+    reason: r.reason ?? "",
+    watchStatus: r.watchStatus ?? ""
+  };
+}
+export {
+  runAssetCheck
+};

package/dist/{chunk-BJISZ3CY.js → chunk-37KYJWB3.js}

@@ -8,7 +8,7 @@ import {
 } from "./chunk-VFT3TD3E.js";
 import {
   createApiClient
-} from "./chunk-RIKR2WFT.js";
+} from "./chunk-SX3L6NKR.js";
 import {
   DateTime
 } from "./chunk-TFCNKBRC.js";

package/dist/{chunk-P4L4N5LM.js → chunk-EPKNZRX6.js}

@@ -1,7 +1,7 @@
 import {
   installCompletions,
   uninstallCompletions
-} from "./chunk-Z76CUWSS.js";
+} from "./chunk-YXRFUYA6.js";
 
 // src/commands/setup-skill.ts
 import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync2, existsSync as existsSync2, readFileSync as readFileSync3, rmSync } from "fs";
@@ -312,7 +312,7 @@ so the same background+tail pattern works without \`--json\`. Prefer
 chainpatrol logout
 \`\`\`
 
-### \`asset check\` \u2014 Check a single asset against the blocklist
+### \`asset check\` \u2014 Check one or many assets against the blocklist
 
 Look up a URL, domain, or crypto address and return its aggregated status
 (\`BLOCKED\`, \`ALLOWED\`, or \`UNKNOWN\`) plus a per-source breakdown
@@ -320,24 +320,53 @@ Look up a URL, domain, or crypto address and return its aggregated status
 polkadot-phishing). Works whether you're authenticated via device-code
 login or via a \`CHAINPATROL_API_KEY\` env var.
 
+Single asset:
+
 \`\`\`bash
 chainpatrol asset check https://phish.example
 chainpatrol asset check 0xabc123...
 \`\`\`
 
-JSON mode (recommended for automations and agents \u2014 returns full
-\`{ status, source, reason?, sources[], watchStatus? }\`):
+#### Bulk checks (preferred for >1 asset)
+
+Pass multiple assets in a single invocation \u2014 the CLI runs them in
+parallel (concurrency 10) and returns one row per asset. **Do this
+instead of looping the CLI in a shell \`for\` loop**: one process, one
+auth handshake, parallel HTTP. Use either positional args or repeated
+\`--asset\`:
+
+\`\`\`bash
+# positional form
+chainpatrol asset check a.example b.example c.example
+
+# repeated --asset (handy when content has spaces or special chars)
+chainpatrol asset check --asset a.example --asset b.example
+
+# from a file of one-asset-per-line (use xargs to splat into one call)
+xargs -a domains.txt chainpatrol asset check
+\`\`\`
+
+JSON mode is the agent-friendly default \u2014 single-asset JSON keeps the
+flat \`{ content, status, source, reason?, sources[], watchStatus? }\`
+shape; multi-asset JSON returns \`{ results: [...], summary: { checked,
+blocked, allowed, unknown, errored } }\`:
 
 \`\`\`bash
 chainpatrol --json asset check https://phish.example
+chainpatrol --json asset check a.example b.example c.example
 \`\`\`
 
-Markdown is also supported for sharing in docs / chat:
+Markdown / CSV are also available for sharing in docs / chat:
 
 \`\`\`bash
 chainpatrol asset check phish.example --output markdown
+chainpatrol asset check a.example b.example --output csv
 \`\`\`
 
+If any individual lookup fails, the CLI still prints results for the
+successful ones, then exits non-zero so failures aren't silently
+swallowed.
+
 ### \`configs list\` \u2014 List detection configurations
 
 Requires authentication and an organization slug.

package/dist/{chunk-RIKR2WFT.js → chunk-SX3L6NKR.js}

@@ -17,6 +17,26 @@ function parseIsoDate(value) {
   }
   return dt.toJSDate();
 }
+function parseIsoDateString(value) {
+  return parseIsoDate(value)?.toISOString();
+}
+var TAKEDOWN_STATUSES = [
+  "TODO",
+  "IN_PROGRESS",
+  "COMPLETED",
+  "CANCELLED",
+  "PENDING_RETRACTION",
+  "RETRACTION_SENT",
+  "RETRACTED",
+  "PENDING_INPUT"
+];
+var LIVENESS_STATUSES = ["UNKNOWN", "ALIVE", "DEAD"];
+var TAKEDOWN_SORT_KEYS = [
+  "updatedAt",
+  "createdAt",
+  "takedownStatus",
+  "takedownUpdatedAt"
+];
 var REQUEST_TIMEOUT_MS = 3e4;
 function defaultGetCredential() {
   const envKey = process.env.CHAINPATROL_API_KEY;
@@ -29,16 +49,49 @@ function createApiClient(options) {
   const config = getConfig();
   const apiUrl = options?.apiUrl ?? config.apiUrl;
   const getCredential = options?.getCredential ?? (options?.getToken ? () => ({ kind: "bearer", value: options.getToken() }) : defaultGetCredential);
-  async function request(path, body) {
+  function buildAuthHeaders() {
     const credential = getCredential();
-    const headers = {
-      "Content-Type": "application/json"
-    };
+    const headers = {};
     if (credential.kind === "api-key") {
       headers["x-api-key"] = credential.value;
     } else {
       headers["Authorization"] = `Bearer ${credential.value}`;
     }
+    return headers;
+  }
+  async function requestGet(path, query) {
+    const headers = buildAuthHeaders();
+    const search = new URLSearchParams();
+    for (const [key, value] of Object.entries(query)) {
+      if (value !== void 0 && value !== "") {
+        search.set(key, value);
+      }
+    }
+    const queryString = search.toString();
+    const url = `${apiUrl}/api/v2${path}${queryString ? `?${queryString}` : ""}`;
+    let res;
+    try {
+      res = await fetch(url, {
+        method: "GET",
+        headers,
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
+      });
+    } catch (err) {
+      if (err instanceof DOMException && err.name === "TimeoutError") {
+        throw new Error(
+          "Request timed out. Check your network connection and try again."
+        );
+      }
+      if (err instanceof TypeError && err.code === "ECONNREFUSED") {
+        throw new Error(`Cannot connect to ${apiUrl}. Is the server running?`);
+      }
+      throw new Error("Network error. Check your internet connection and try again.");
+    }
+    return handleResponse(res);
+  }
+  async function request(path, body) {
+    const headers = buildAuthHeaders();
+    headers["Content-Type"] = "application/json";
     let res;
     try {
       res = await fetch(`${apiUrl}/api/v2${path}`, {
@@ -58,6 +111,9 @@ function createApiClient(options) {
       }
       throw new Error("Network error. Check your internet connection and try again.");
     }
+    return handleResponse(res);
+  }
+  async function handleResponse(res) {
     if (!res.ok) {
       let errorMessageFromResponse = null;
       try {
@@ -157,6 +213,28 @@ function createApiClient(options) {
         reportedByCustomer: input.reportedByCustomer
       });
     },
+    listTakedowns(input) {
+      return request("/takedowns/list", {
+        organizationSlug: input.organizationSlug,
+        query: input.query,
+        startDate: parseIsoDateString(input.startDate),
+        endDate: parseIsoDateString(input.endDate),
+        assetType: input.assetType,
+        takedownStatus: input.takedownStatus,
+        livenessStatus: input.livenessStatus,
+        sorting: input.sorting,
+        per_page: input.perPage,
+        next_page: input.nextPage
+      });
+    },
+    getOrganizationMetrics(input) {
+      return requestGet("/organization/metrics", {
+        organizationSlug: input.organizationSlug,
+        brandSlug: input.brandSlug,
+        startDate: parseIsoDateString(input.startDate),
+        endDate: parseIsoDateString(input.endDate)
+      });
+    },
     listHealthchecks() {
       return request("/healthchecks/list", {});
     },
@@ -170,5 +248,8 @@ function createApiClient(options) {
 }
 
 export {
+  TAKEDOWN_STATUSES,
+  LIVENESS_STATUSES,
+  TAKEDOWN_SORT_KEYS,
   createApiClient
 };

package/dist/{chunk-Z76CUWSS.js → chunk-YXRFUYA6.js}

@@ -22,6 +22,7 @@ _chainpatrol() {
     'metrics:Query organization metrics'
     'reports:Create and list reports from terminal'
     'queues:Snapshot operations queues'
+    'takedowns:List individual takedown records'
     'presets:Run saved workflows'
     'setup:Install Claude Code skill and shell completions'
     'uninstall:Remove Claude Code skill and shell completions'
@@ -84,6 +85,7 @@ _chainpatrol() {
           'summary:Show metrics summary'
           'found:Show found threats count'
           'breakdown:Show metrics breakdown'
+          'organization:Get organization metrics (official endpoint)'
         )
         _describe 'subcommand' metrics_subcommands
         ;;
@@ -100,6 +102,11 @@ _chainpatrol() {
         queues_subcommands=('snapshot:Show queue snapshot')
         _describe 'subcommand' queues_subcommands
         ;;
+      takedowns)
+        local -a takedowns_subcommands
+        takedowns_subcommands=('list:List individual takedown records')
+        _describe 'subcommand' takedowns_subcommands
+        ;;
       presets)
         local -a presets_subcommands
         presets_subcommands=(
@@ -124,7 +131,7 @@ var BASH_COMPLETION = `_chainpatrol() {
   COMPREPLY=()
   cur="\${COMP_WORDS[COMP_CWORD]}"
   prev="\${COMP_WORDS[COMP_CWORD-1]}"
-  commands="login logout asset configs detections metrics reports queues presets setup uninstall completions help"
+  commands="login logout asset configs detections metrics reports queues takedowns presets setup uninstall completions help"
 
   case "\${prev}" in
     chainpatrol)
@@ -144,7 +151,7 @@ var BASH_COMPLETION = `_chainpatrol() {
       return 0
       ;;
     metrics)
-      COMPREPLY=( $(compgen -W "summary found breakdown" -- "\${cur}") )
+      COMPREPLY=( $(compgen -W "summary found breakdown organization" -- "\${cur}") )
       return 0
       ;;
     reports)
@@ -155,6 +162,10 @@ var BASH_COMPLETION = `_chainpatrol() {
       COMPREPLY=( $(compgen -W "snapshot" -- "\${cur}") )
       return 0
       ;;
+    takedowns)
+      COMPREPLY=( $(compgen -W "list" -- "\${cur}") )
+      return 0
+      ;;
     presets)
       COMPREPLY=( $(compgen -W "list run" -- "\${cur}") )
       return 0