ghost-dragon 4.2.1

package/dist/brain/router/verify.js

@@ -0,0 +1,111 @@
+/**
+ * Verified hard-reasoning path (ROUTER-BLUEPRINT.md §2).
+ *
+ * Ollama exposes no logits, so confidence = ANSWER-AGREEMENT: sample the reasoner
+ * N times at spread temperatures, extract each final answer, and majority-vote.
+ * The agreement ratio is the router's confidence signal (→ later: escalate if low).
+ * For code/security candidates we additionally run EXECUTION-based verification
+ * (see execute.ts) and use pass/fail as a hard reward.
+ *
+ * optillm: if DRAGON_OPTILLM_URL is set we treat it as a drop-in OpenAI-compatible
+ * test-time-scaling proxy and let IT do the scaling in one call (you run optillm
+ * pointed at Ollama). Otherwise we do best-of-N here — self-contained, no extra
+ * service, which suits the 8 GB local-first box.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ */
+import { executeVerify } from './execute.js';
+const OLLAMA = (base) => base.replace(/\/v1\/?$/, '').replace(/\/+$/, '');
+export function toOllamaMessages(system, messages) {
+    const out = [{ role: 'system', content: system }];
+    for (const m of messages) {
+        if (m.role === 'tool')
+            out.push({ role: 'user', content: `[observed] ${m.toolName ?? 'tool'} → ${m.content}`.slice(0, 1200) });
+        else
+            out.push({ role: m.role === 'assistant' ? 'assistant' : 'user', content: m.content });
+    }
+    return out;
+}
+export async function ollamaChat(base, model, messages, temperature, maxTokens, signal) {
+    const res = await fetch(OLLAMA(base) + '/api/chat', {
+        method: 'POST',
+        headers: { 'content-type': 'application/json' },
+        body: JSON.stringify({ model, messages, stream: false, options: { temperature, top_p: 0.95, num_predict: maxTokens } }),
+        signal,
+    });
+    if (!res.ok)
+        throw new Error(`reasoner HTTP ${res.status}`);
+    const data = (await res.json());
+    return data.message?.content ?? '';
+}
+async function openaiChat(base, model, messages, temperature, maxTokens, signal) {
+    const res = await fetch(base.replace(/\/+$/, '') + '/chat/completions', {
+        method: 'POST',
+        headers: { 'content-type': 'application/json', authorization: 'Bearer optillm' },
+        body: JSON.stringify({ model, messages, temperature, top_p: 0.95, max_tokens: maxTokens, stream: false }),
+        signal,
+    });
+    if (!res.ok)
+        throw new Error(`optillm HTTP ${res.status}`);
+    const data = (await res.json());
+    return data.choices?.[0]?.message?.content ?? '';
+}
+export function extractAnswer(text) {
+    const boxed = [...text.matchAll(/\\boxed\{([^}]*)\}/g)];
+    if (boxed.length)
+        return boxed[boxed.length - 1][1].trim();
+    const ans = [...text.matchAll(/(?:final answer|answer)\s*(?:is|:|=)\s*([^\n.]+)/gi)];
+    if (ans.length)
+        return ans[ans.length - 1][1].trim().replace(/\.$/, '');
+    const nums = text.match(/-?\d[\d,]*\.?\d*/g);
+    return nums ? nums[nums.length - 1].replace(/,/g, '') : null;
+}
+const norm = (a) => (a || '').toLowerCase().replace(/\s+/g, '').replace(/\.$/, '');
+/** Run the reasoner with test-time scaling. Returns the chosen turn + how confident. */
+export async function verifyReasoning(localBaseURL, model, t, votes) {
+    const maxTokens = t.maxTokens ?? 2048;
+    const messages = toOllamaMessages(t.system, t.messages);
+    const optillm = process.env.DRAGON_OPTILLM_URL;
+    let chosen;
+    let meta;
+    if (optillm) {
+        chosen = await openaiChat(optillm, process.env.DRAGON_OPTILLM_MODEL || model, messages, 0.7, maxTokens, t.signal);
+        meta = { via: 'optillm', votes: 1, agreement: null };
+    }
+    else {
+        const temps = [0.3, 0.6, 0.8, 1.0, 1.1, 0.5, 0.9].slice(0, Math.max(1, votes));
+        while (temps.length < votes)
+            temps.push(0.7);
+        const samples = [];
+        for (const temp of temps) {
+            try {
+                samples.push(await ollamaChat(localBaseURL, model, messages, temp, maxTokens, t.signal));
+            }
+            catch { /* a failed sample just doesn't vote */ }
+        }
+        if (!samples.length)
+            throw new Error('reasoner produced no samples');
+        const dist = {};
+        const byNorm = {}; // normalized answer → a full sample text
+        for (const s of samples) {
+            const a = extractAnswer(s);
+            const key = norm(a);
+            if (!key)
+                continue;
+            dist[key] = (dist[key] || 0) + 1;
+            if (!byNorm[key])
+                byNorm[key] = s;
+        }
+        const winner = Object.entries(dist).sort((a, b) => b[1] - a[1])[0];
+        chosen = winner ? byNorm[winner[0]] : samples[0]; // no extractable answer → first sample
+        meta = {
+            via: 'self-consistency', votes: samples.length,
+            agreement: winner ? winner[1] / samples.length : 0, distribution: dist,
+        };
+    }
+    // Execution-based verification for code/security candidates (opt-in + sandboxed).
+    meta.exec = await executeVerify(chosen, t.signal);
+    t.onDelta?.(chosen);
+    return { turn: { text: chosen, toolCalls: [] }, meta };
+}
+//# sourceMappingURL=verify.js.map

package/dist/brain/types.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Brain abstraction — the reasoning layer behind the Dragon agent.
+ *
+ * A Brain runs ONE model turn: given the system prompt, the running message
+ * history, and the available tool specs, it streams text deltas and returns the
+ * assembled text plus any tool calls the model wants executed. The agent loop
+ * (src/agent/loop.ts) owns the loop; the Brain owns only "talk to the model".
+ *
+ * Tool calls are normalized to a single shape across providers so the loop is
+ * provider-agnostic — Anthropic content blocks and OpenAI `tool_calls` both map
+ * onto {id,name,arguments}.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ */
+export interface ToolSpec {
+    name: string;
+    description: string;
+    /** JSON Schema for the arguments object. */
+    parameters: Record<string, unknown>;
+}
+export interface ToolCall {
+    id: string;
+    name: string;
+    arguments: Record<string, unknown>;
+}
+export type Role = 'user' | 'assistant' | 'tool';
+export interface BrainMessage {
+    role: Role;
+    /** Natural-language text (assistant prose, user input, or a tool result string). */
+    content: string;
+    /** Present on assistant turns that requested tools. */
+    toolCalls?: ToolCall[];
+    /** Present on role:'tool' — links the result to the assistant's call. */
+    toolCallId?: string;
+    toolName?: string;
+}
+export interface BrainTurn {
+    text: string;
+    toolCalls: ToolCall[];
+}
+export interface TurnOpts {
+    system: string;
+    messages: BrainMessage[];
+    tools: ToolSpec[];
+    onDelta?: (s: string) => void;
+    signal?: AbortSignal;
+    maxTokens?: number;
+}
+export interface Brain {
+    /** provider id: 'claude' | 'openai' | 'local' */
+    id: string;
+    model: string;
+    turn(opts: TurnOpts): Promise<BrainTurn>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/brain/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/brain/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,EAAE,MAAM,CAAA;IACnB,4CAA4C;IAC5C,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACpC;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC;AAED,MAAM,MAAM,IAAI,GAAG,MAAM,GAAG,WAAW,GAAG,MAAM,CAAA;AAEhD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,IAAI,CAAA;IACV,oFAAoF;IACpF,OAAO,EAAE,MAAM,CAAA;IACf,uDAAuD;IACvD,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAA;IACtB,yEAAyE;IACzE,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,QAAQ,EAAE,CAAA;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,YAAY,EAAE,CAAA;IACxB,KAAK,EAAE,QAAQ,EAAE,CAAA;IACjB,OAAO,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,IAAI,CAAA;IAC7B,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,KAAK;IACpB,iDAAiD;IACjD,EAAE,EAAE,MAAM,CAAA;IACV,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,CAAA;CACzC"}

package/dist/brain/types.js

@@ -0,0 +1,16 @@
+/**
+ * Brain abstraction — the reasoning layer behind the Dragon agent.
+ *
+ * A Brain runs ONE model turn: given the system prompt, the running message
+ * history, and the available tool specs, it streams text deltas and returns the
+ * assembled text plus any tool calls the model wants executed. The agent loop
+ * (src/agent/loop.ts) owns the loop; the Brain owns only "talk to the model".
+ *
+ * Tool calls are normalized to a single shape across providers so the loop is
+ * provider-agnostic — Anthropic content blocks and OpenAI `tool_calls` both map
+ * onto {id,name,arguments}.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/brain/worker.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Worker brain — Ghost Protocol's Cloudflare Workers AI (Llama 3.3 70B) as the
+ * agent's reasoning brain. The free, zero-key fallback: no API key, just
+ * `dragon login`. Tools still execute locally in the CLI; this only does
+ * inference, via POST /api/v1/cli/brain (one turn, non-streaming).
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ */
+import type { Brain, BrainTurn } from './types.js';
+/** The raw JSON shape the /api/v1/cli/brain endpoint returns. */
+export interface WorkerResponse {
+    response?: string;
+    tool_calls?: {
+        name?: string;
+        arguments?: unknown;
+    }[];
+}
+/**
+ * Normalize the Cloudflare brain's (Llama 3.3, fp8) raw JSON into a BrainTurn.
+ * Deliberately tolerant — the fp8 tool-caller is flaky: arguments arrive as a
+ * JSON string OR an object OR not at all, tool_calls can be nameless/garbage,
+ * and `response` can be missing. Every one of those degrades gracefully instead
+ * of throwing into the agent loop. (Pure → unit-tested in test/brain.test.ts.)
+ */
+export declare function normalizeWorkerTurn(data: WorkerResponse): BrainTurn;
+export declare function makeWorkerBrain(): Brain;
+//# sourceMappingURL=worker.d.ts.map

package/dist/brain/worker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"worker.d.ts","sourceRoot":"","sources":["../../src/brain/worker.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,KAAK,EAAE,SAAS,EAAY,MAAM,YAAY,CAAA;AAM5D,iEAAiE;AACjE,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,EAAE,CAAA;CACtD;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,cAAc,GAAG,SAAS,CAUnE;AAED,wBAAgB,eAAe,IAAI,KAAK,CA8BvC"}

package/dist/brain/worker.js

@@ -0,0 +1,71 @@
+/**
+ * Worker brain — Ghost Protocol's Cloudflare Workers AI (Llama 3.3 70B) as the
+ * agent's reasoning brain. The free, zero-key fallback: no API key, just
+ * `dragon login`. Tools still execute locally in the CLI; this only does
+ * inference, via POST /api/v1/cli/brain (one turn, non-streaming).
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ */
+import { resolveAuth } from '../auth.js';
+function safeParse(s) {
+    try {
+        return JSON.parse(s);
+    }
+    catch {
+        return {};
+    }
+}
+/**
+ * Normalize the Cloudflare brain's (Llama 3.3, fp8) raw JSON into a BrainTurn.
+ * Deliberately tolerant — the fp8 tool-caller is flaky: arguments arrive as a
+ * JSON string OR an object OR not at all, tool_calls can be nameless/garbage,
+ * and `response` can be missing. Every one of those degrades gracefully instead
+ * of throwing into the agent loop. (Pure → unit-tested in test/brain.test.ts.)
+ */
+export function normalizeWorkerTurn(data) {
+    const text = data.response ?? '';
+    const toolCalls = (data.tool_calls ?? [])
+        .filter((c) => c && c.name)
+        .map((c, i) => ({
+        id: `wc_${i}`,
+        name: String(c.name),
+        arguments: typeof c.arguments === 'string' ? safeParse(c.arguments) : (c.arguments ?? {}),
+    }));
+    return { text, toolCalls };
+}
+export function makeWorkerBrain() {
+    return {
+        id: 'worker',
+        model: 'cloudflare:llama-3.3-70b',
+        async turn(t) {
+            const { apiBase, headers, mode } = resolveAuth();
+            if (mode === 'none')
+                throw new Error('the Cloudflare brain needs sign-in — run `dragon login` (or use `--brain local`).');
+            let res;
+            try {
+                res = await fetch(`${apiBase}/api/v1/cli/brain`, {
+                    method: 'POST',
+                    headers: { 'content-type': 'application/json', ...headers },
+                    body: JSON.stringify({ system: t.system, messages: t.messages, tools: t.tools, max_tokens: t.maxTokens ?? 1024 }),
+                    signal: t.signal,
+                });
+            }
+            catch (e) {
+                if (e?.name === 'AbortError')
+                    throw e;
+                throw new Error(`can't reach the Cloudflare brain at ${apiBase} — ${e instanceof Error ? e.message : String(e)}.`);
+            }
+            if (res.status === 401)
+                throw new Error('not signed in — run `dragon login`.');
+            if (res.status === 429)
+                throw new Error('daily quota reached on the Cloudflare brain — try tomorrow, or `--brain claude`/`--brain local`.');
+            if (!res.ok)
+                throw new Error(`Cloudflare brain HTTP ${res.status}: ${(await res.text().catch(() => '')).slice(0, 200)}`);
+            const turn = normalizeWorkerTurn((await res.json()));
+            if (turn.text && t.onDelta)
+                t.onDelta(turn.text); // non-streaming endpoint → emit the whole answer once
+            return turn;
+        },
+    };
+}
+//# sourceMappingURL=worker.js.map

package/dist/commands/ai.d.ts

@@ -0,0 +1,24 @@
+/**
+ * dragon ai — Bridge the dragon stack to AI clients (Claude Code,
+ * Codex, Copilot CLI, Aider, Cursor, etc.)
+ *
+ *   ai context <target>       — Print a compact context dump suitable
+ *                               for splicing into any LLM system prompt
+ *   ai mcp-config              — Print Claude Desktop MCP JSON config
+ *   ai brief <target>          — Print engagement brief Markdown
+ *   ai prompt <target>         — Print operator-ready prompt with
+ *                               memory context + suggested actions
+ *
+ * Designed so an operator running Claude Code in another window can do:
+ *
+ *   $ dragon ai prompt upalis.com | claude
+ *
+ * and Claude picks up the engagement context immediately.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * Author: Ryan Sebastian <ryan@ghosts.lk>
+ */
+import type { Command } from 'commander';
+import type { DragonConfig } from '../config.js';
+export declare function registerAiCommands(program: Command, config: DragonConfig): void;
+//# sourceMappingURL=ai.d.ts.map

package/dist/commands/ai.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai.d.ts","sourceRoot":"","sources":["../../src/commands/ai.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAgBhD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,QAyGxE"}

package/dist/commands/ai.js

@@ -0,0 +1,137 @@
+/**
+ * dragon ai — Bridge the dragon stack to AI clients (Claude Code,
+ * Codex, Copilot CLI, Aider, Cursor, etc.)
+ *
+ *   ai context <target>       — Print a compact context dump suitable
+ *                               for splicing into any LLM system prompt
+ *   ai mcp-config              — Print Claude Desktop MCP JSON config
+ *   ai brief <target>          — Print engagement brief Markdown
+ *   ai prompt <target>         — Print operator-ready prompt with
+ *                               memory context + suggested actions
+ *
+ * Designed so an operator running Claude Code in another window can do:
+ *
+ *   $ dragon ai prompt upalis.com | claude
+ *
+ * and Claude picks up the engagement context immediately.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * Author: Ryan Sebastian <ryan@ghosts.lk>
+ */
+import { fetchJSON, label, error, info } from '../utils.js';
+import chalk from 'chalk';
+function api(config, path) {
+    const port = config.products.pentest.controlPort ?? 4091;
+    return `http://localhost:${port}${path}`;
+}
+export function registerAiCommands(program, config) {
+    const ai = program.command('ai').description('Bridge the dragon stack to AI clients');
+    // --- context ---
+    ai.command('context <target>')
+        .description('Print compact context for splicing into an LLM system prompt')
+        .action(async (target) => {
+        try {
+            const port = config.products.pentest.controlPort ?? 4091;
+            const res = await fetch(`http://localhost:${port}/v1/memory/target/${encodeURIComponent(target)}/context`);
+            if (!res.ok) {
+                error(`HTTP ${res.status}`);
+                return;
+            }
+            process.stdout.write(await res.text());
+        }
+        catch (e) {
+            error(String(e));
+        }
+    });
+    // --- prompt ---
+    ai.command('prompt <target>')
+        .description('Operator-ready prompt block: identity + memory + suggested actions')
+        .action(async (target) => {
+        try {
+            const port = config.products.pentest.controlPort ?? 4091;
+            const [ctxR, sugR] = await Promise.all([
+                fetch(`http://localhost:${port}/v1/memory/target/${encodeURIComponent(target)}/context`),
+                fetchJSON(api(config, `/v1/memory/target/${encodeURIComponent(target)}/copilot`)),
+            ]);
+            const ctx = ctxR.ok ? await ctxR.text() : "# No prior memory.";
+            process.stdout.write([
+                "You are operating inside Ghost Protocol's offensive-security stack.",
+                "Target context follows. Cite scan_ids when referring to prior findings.",
+                "",
+                "---",
+                "",
+                ctx,
+                "",
+                "## Suggested next actions",
+                "",
+                ...sugR.suggestions.map((s) => `- **${s.title}** — ${s.rationale}\n  Command: \`${s.command}\``),
+                "",
+                "---",
+                "",
+                "When the operator asks a question, prefer concrete actions from above.",
+                "Never invent findings; if memory is empty, say so and propose a baseline scan.",
+                "",
+            ].join("\n"));
+        }
+        catch (e) {
+            error(String(e));
+        }
+    });
+    // --- brief ---
+    ai.command('brief <target>')
+        .description('Print engagement-brief Markdown for paste into any client')
+        .action(async (target) => {
+        try {
+            const port = config.products.pentest.controlPort ?? 4091;
+            const res = await fetch(`http://localhost:${port}/v1/memory/target/${encodeURIComponent(target)}/brief`);
+            if (!res.ok) {
+                error(`HTTP ${res.status}`);
+                return;
+            }
+            process.stdout.write(await res.text());
+        }
+        catch (e) {
+            error(String(e));
+        }
+    });
+    // --- mcp-config ---
+    ai.command('mcp-config')
+        .description('Print Claude Desktop MCP server configuration')
+        .option('--name <name>', 'Server profile name', 'dragon-stack')
+        .action((opts) => {
+        const cfg = {
+            mcpServers: {
+                "phantom-memory": {
+                    command: "phantom-memory-mcp",
+                    env: { PD_CONTROL_API: `http://localhost:${config.products.pentest.controlPort ?? 4091}` },
+                },
+                "dragonkeep": {
+                    command: "dragonkeep-mcp",
+                },
+                "dragonnet": {
+                    command: "dragonnet-mcp",
+                    env: { DRAGONNET_API: `http://localhost:${config.products.net.apiPort ?? 4080}` },
+                },
+            },
+        };
+        console.log(label('Dragon AI'), `MCP config for ${chalk.bold(opts.name)}:\n`);
+        console.log(JSON.stringify(cfg, null, 2));
+        console.log();
+        info('Linux: paste into ~/.config/Claude/claude_desktop_config.json');
+        info('macOS: ~/Library/Application Support/Claude/claude_desktop_config.json');
+        info('Restart Claude Desktop after editing.');
+    });
+    // --- skills ---
+    ai.command('skills')
+        .description('Print Claude Code skill paths and an install hint')
+        .action(() => {
+        const skills = [
+            "scan", "memory", "osint", "chronicle", "triage",
+        ];
+        console.log(label('Dragon AI'), 'Claude Code skills available:\n');
+        skills.forEach((s) => console.log(`  /${s.padEnd(12)}  ~/.claude/skills/dragon-${s}/SKILL.md`));
+        console.log();
+        info('These are pre-installed in ~/.copilot/skills/ — symlinked into ~/.claude/skills/.');
+    });
+}
+//# sourceMappingURL=ai.js.map

package/dist/commands/alerts.d.ts

@@ -0,0 +1,19 @@
+/**
+ * dragon alerts — Webhook alert pipeline (Slack / Discord / generic)
+ *
+ *   alerts list
+ *   alerts add <url> --label NAME --kind slack|discord|generic
+ *   alerts remove <id>
+ *   alerts test                — fire a test event to every webhook
+ *
+ * Backed by PhantomDragon Control's /v1/alerts/webhooks endpoints. Any
+ * defensive Critical/High finding (DragonKeep → Phantom Memory) auto-
+ * fan-outs to every webhook that has on_critical / on_high enabled.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * Author: Ryan Sebastian <ryan@ghosts.lk>
+ */
+import type { Command } from 'commander';
+import type { DragonConfig } from '../config.js';
+export declare function registerAlertsCommands(program: Command, config: DragonConfig): void;
+//# sourceMappingURL=alerts.d.ts.map

package/dist/commands/alerts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"alerts.d.ts","sourceRoot":"","sources":["../../src/commands/alerts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAmChD,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,QA8E5E"}

package/dist/commands/alerts.js

@@ -0,0 +1,114 @@
+/**
+ * dragon alerts — Webhook alert pipeline (Slack / Discord / generic)
+ *
+ *   alerts list
+ *   alerts add <url> --label NAME --kind slack|discord|generic
+ *   alerts remove <id>
+ *   alerts test                — fire a test event to every webhook
+ *
+ * Backed by PhantomDragon Control's /v1/alerts/webhooks endpoints. Any
+ * defensive Critical/High finding (DragonKeep → Phantom Memory) auto-
+ * fan-outs to every webhook that has on_critical / on_high enabled.
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * Author: Ryan Sebastian <ryan@ghosts.lk>
+ */
+import { fetchJSON, label, success, error, info, table } from '../utils.js';
+import chalk from 'chalk';
+function api(config, path) {
+    const port = config.products.pentest.controlPort ?? 4091;
+    return `http://localhost:${port}${path}`;
+}
+async function postJSON(url, body) {
+    const res = await fetch(url, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(body),
+    });
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}: ${await res.text()}`);
+    return res.json();
+}
+async function del(url) {
+    const res = await fetch(url, { method: 'DELETE' });
+    if (!res.ok)
+        throw new Error(`HTTP ${res.status}`);
+}
+export function registerAlertsCommands(program, config) {
+    const alerts = program
+        .command('alerts')
+        .description('Webhook alert pipeline (Slack / Discord / generic)');
+    alerts
+        .command('list')
+        .description('List configured webhooks')
+        .action(async () => {
+        try {
+            const d = await fetchJSON(api(config, '/v1/alerts/webhooks'));
+            if (d.webhooks.length === 0) {
+                info('No webhooks configured. Try: dragon alerts add <url> --label slack');
+                return;
+            }
+            console.log(label('Alerts'), 'Webhooks:\n');
+            table(d.webhooks.map((w) => ({
+                ID: w.id,
+                Label: w.label,
+                Kind: w.kind,
+                'Crit/High/Scan': `${w.on_critical ? '✓' : '·'}${w.on_high ? '✓' : '·'}${w.on_scan_complete ? '✓' : '·'}`,
+                Enabled: w.enabled ? 'yes' : 'no',
+                URL: w.url.slice(0, 50),
+            })));
+        }
+        catch (e) {
+            error(String(e));
+        }
+    });
+    alerts
+        .command('add <url>')
+        .description('Register a new webhook')
+        .option('--label <label>', 'Display label', 'webhook')
+        .option('--kind <kind>', 'slack | discord | generic', 'generic')
+        .option('--on-high', 'Also fire on HIGH (default: CRITICAL only)')
+        .option('--on-scan-complete', 'Fire on scan completion events')
+        .action(async (url, opts) => {
+        try {
+            const created = await postJSON(api(config, '/v1/alerts/webhooks'), {
+                label: opts.label,
+                url,
+                kind: opts.kind,
+                on_critical: true,
+                on_high: !!opts.onHigh,
+                on_scan_complete: !!opts.onScanComplete,
+                enabled: true,
+            });
+            success(`Registered webhook ${chalk.bold(created.id)} (${created.kind})`);
+        }
+        catch (e) {
+            error(String(e));
+        }
+    });
+    alerts
+        .command('remove <id>')
+        .description('Delete a webhook')
+        .action(async (id) => {
+        try {
+            await del(api(config, `/v1/alerts/webhooks/${encodeURIComponent(id)}`));
+            success(`Removed webhook ${id}`);
+        }
+        catch (e) {
+            error(String(e));
+        }
+    });
+    alerts
+        .command('test')
+        .description('Fire a test CRITICAL event to every webhook')
+        .action(async () => {
+        try {
+            const r = await postJSON(api(config, '/v1/alerts/test'), {});
+            success(`Fired to ${r.fired} of ${r.webhooks_total} webhook(s)`);
+        }
+        catch (e) {
+            error(String(e));
+        }
+    });
+}
+//# sourceMappingURL=alerts.js.map

package/dist/commands/billing.d.ts

@@ -0,0 +1,13 @@
+/**
+ * dragon billing — License management (Paddle / DragonSeal)
+ *
+ *   billing licenses         — list active product licences
+ *   billing check <product>  — quick check whether <product> is licensed
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * Author: Ryan Sebastian <ryan@ghosts.lk>
+ */
+import type { Command } from 'commander';
+import type { DragonConfig } from '../config.js';
+export declare function registerBillingCommands(program: Command, config: DragonConfig): void;
+//# sourceMappingURL=billing.d.ts.map

package/dist/commands/billing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"billing.d.ts","sourceRoot":"","sources":["../../src/commands/billing.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAShD,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,QAsC7E"}

package/dist/commands/billing.js

@@ -0,0 +1,55 @@
+/**
+ * dragon billing — License management (Paddle / DragonSeal)
+ *
+ *   billing licenses         — list active product licences
+ *   billing check <product>  — quick check whether <product> is licensed
+ *
+ * Copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * Author: Ryan Sebastian <ryan@ghosts.lk>
+ */
+import { fetchJSON, label, error, info } from '../utils.js';
+import chalk from 'chalk';
+function api(config, path) {
+    const port = config.products.pentest.controlPort ?? 4091;
+    return `http://localhost:${port}${path}`;
+}
+export function registerBillingCommands(program, config) {
+    const billing = program.command('billing').description('License management — Paddle / DragonSeal');
+    billing.command('licenses')
+        .description('Active product licences on this host')
+        .option('--email <email>', 'Restrict to a specific operator email')
+        .action(async (opts) => {
+        try {
+            const params = new URLSearchParams();
+            if (opts.email)
+                params.set('email', opts.email);
+            const d = await fetchJSON(api(config, `/v1/billing/licenses?${params}`));
+            if (d.licenses.length === 0) {
+                info('No active licences. Free tier active for every product.');
+                return;
+            }
+            console.log(label('Licenses'), 'Active products:\n');
+            d.licenses.forEach((p) => console.log(`  ${chalk.green('●')} ${p}`));
+        }
+        catch (e) {
+            error(String(e));
+        }
+    });
+    billing.command('check <product>')
+        .description('Check whether <product> is licensed')
+        .option('--email <email>', 'Restrict to a specific operator email')
+        .action(async (product, opts) => {
+        try {
+            const params = new URLSearchParams({ product });
+            if (opts.email)
+                params.set('email', opts.email);
+            const d = await fetchJSON(api(config, `/v1/billing/check?${params}`));
+            const sym = d.licensed ? chalk.green('✓ licensed') : chalk.yellow('· free tier');
+            console.log(`${product.padEnd(28)} ${sym}`);
+        }
+        catch (e) {
+            error(String(e));
+        }
+    });
+}
+//# sourceMappingURL=billing.js.map