whale-code 6.4.0 → 6.5.0

package/dist/server/handlers/enrichment.js

@@ -66,7 +66,7 @@ export async function handleEnrichment(sb, args, storeId) {
                 const profile = {
                     customer_id: customerId,
                     store_id: sid,
-                    source: "pdl",
+                    enrichment_source: "pdl",
                     enrichment_data: pdlData,
                     enriched_at: nowISO(),
                     updated_at: nowISO(),
@@ -157,7 +157,7 @@ export async function handleEnrichment(sb, args, storeId) {
                 const profile = {
                     customer_id: customerId,
                     store_id: sid,
-                    source: "brightdata",
+                    enrichment_source: "brightdata",
                     enrichment_data: profileData,
                     enriched_at: nowISO(),
                     updated_at: nowISO(),
@@ -179,7 +179,7 @@ export async function handleEnrichment(sb, args, storeId) {
                     .select("id")
                     .eq("customer_id", customerId)
                     .eq("store_id", sid)
-                    .eq("source", "brightdata")
+                    .eq("enrichment_source", "brightdata")
                     .maybeSingle();
                 let result;
                 if (existing) {
@@ -245,17 +245,17 @@ export async function handleEnrichment(sb, args, storeId) {
                         breach_domain: breach.domain || null,
                         breach_date: breach.xposed_date || breach.date || null,
                         data_classes: breach.xposed_data ? breach.xposed_data.split(",").map((s) => s.trim()) : null,
-                        source: "xonplus",
+                        breach_source: "xonplus",
                         raw_data: breach,
                         discovered_at: nowISO(),
                         created_at: nowISO(),
                     };
-                    // Deduplicate by customer_id + breach_name + source
+                    // Deduplicate by customer_id + breach_name + breach_source
                     const { data: existing } = await sb.from("customer_breach_records")
                         .select("id")
                         .eq("customer_id", customerId)
                         .eq("breach_name", record.breach_name)
-                        .eq("source", "xonplus")
+                        .eq("breach_source", "xonplus")
                         .maybeSingle();
                     if (!existing) {
                         const { data, error } = await sb.from("customer_breach_records")
@@ -326,8 +326,7 @@ export async function handleEnrichment(sb, args, storeId) {
                         data_classes: breach.DataClasses,
                         description: breach.Description,
                         is_verified: breach.IsVerified,
-                        is_sensitive: breach.IsSensitive,
-                        source: "hibp",
+                        breach_source: "hibp",
                         discovered_at: nowISO(),
                         created_at: nowISO(),
                     };
@@ -404,7 +403,7 @@ export async function handleEnrichment(sb, args, storeId) {
                         breach_domain: entry.domain || null,
                         breach_date: entry.obtained_date || null,
                         data_classes: entry.type ? [entry.type] : null,
-                        source: "dehashed",
+                        breach_source: "dehashed",
                         raw_data: entry,
                         discovered_at: nowISO(),
                         created_at: nowISO(),
@@ -442,7 +441,7 @@ export async function handleEnrichment(sb, args, storeId) {
                 .eq("store_id", sid)
                 .order("enriched_at", { ascending: false });
             if (args.source)
-                q = q.eq("source", args.source);
+                q = q.eq("enrichment_source", args.source);
             const limit = args.limit || 10;
             q = q.limit(limit);
             const { data, error } = await q;
@@ -461,7 +460,7 @@ export async function handleEnrichment(sb, args, storeId) {
                 .eq("store_id", sid)
                 .order("discovered_at", { ascending: false });
             if (args.source)
-                q = q.eq("source", args.source);
+                q = q.eq("breach_source", args.source);
             const limit = args.limit || 50;
             q = q.limit(limit);
             const { data, error } = await q;
@@ -478,11 +477,11 @@ export async function handleEnrichment(sb, args, storeId) {
                 .select("*")
                 .eq("customer_id", customerId)
                 .eq("store_id", sid)
-                .order("discovered_at", { ascending: false });
+                .order("first_seen_at", { ascending: false });
             if (args.status)
                 q = q.eq("status", args.status);
-            if (args.broker)
-                q = q.eq("broker", args.broker);
+            if (args.source_name || args.broker)
+                q = q.eq("source_name", (args.source_name || args.broker));
             const limit = args.limit || 50;
             q = q.limit(limit);
             const { data, error } = await q;
@@ -555,29 +554,27 @@ export async function handleEnrichment(sb, args, storeId) {
         // ---- STORE_EXPOSURE: Insert a broker exposure ----
         case "store_exposure": {
             const customerId = args.customer_id;
-            const broker = args.broker;
+            const sourceName = (args.source_name || args.broker);
             if (!customerId)
                 return { success: false, error: "customer_id is required" };
-            if (!broker)
-                return { success: false, error: "broker is required" };
+            if (!sourceName)
+                return { success: false, error: "source_name is required" };
             // Check for existing exposure to avoid duplicates
             const { data: existing } = await sb.from("customer_exposures")
                 .select("id")
                 .eq("customer_id", customerId)
                 .eq("store_id", sid)
-                .eq("broker", broker)
+                .eq("source_name", sourceName)
                 .maybeSingle();
             if (existing) {
                 // Update existing record
-                const updates = { updated_at: nowISO() };
-                if (args.profile_url)
-                    updates.profile_url = args.profile_url;
-                if (args.data_found)
-                    updates.data_found = args.data_found;
+                const updates = {};
+                if (args.source_url)
+                    updates.source_url = args.source_url;
+                if (args.data_types_exposed)
+                    updates.data_types_exposed = args.data_types_exposed;
                 if (args.status)
                     updates.status = args.status;
-                if (args.exposure_data)
-                    updates.exposure_data = args.exposure_data;
                 const { data, error } = await sb.from("customer_exposures")
                     .update(updates)
                     .eq("id", existing.id)
@@ -590,17 +587,16 @@ export async function handleEnrichment(sb, args, storeId) {
             const record = {
                 customer_id: customerId,
                 store_id: sid,
-                broker,
+                source_name: sourceName,
+                source_type: args.source_type || "data_broker",
                 status: args.status || "found",
-                discovered_at: nowISO(),
+                first_seen_at: nowISO(),
                 created_at: nowISO(),
             };
-            if (args.profile_url)
-                record.profile_url = args.profile_url;
-            if (args.data_found)
-                record.data_found = args.data_found;
-            if (args.exposure_data)
-                record.exposure_data = args.exposure_data;
+            if (args.source_url)
+                record.source_url = args.source_url;
+            if (args.data_types_exposed)
+                record.data_types_exposed = args.data_types_exposed;
             if (args.scan_id)
                 record.scan_id = args.scan_id;
             const { data, error } = await sb.from("customer_exposures")
@@ -616,15 +612,9 @@ export async function handleEnrichment(sb, args, storeId) {
             const exposureId = args.exposure_id;
             if (!exposureId)
                 return { success: false, error: "exposure_id is required" };
-            const updates = { updated_at: nowISO() };
+            const updates = {};
             if (args.status)
                 updates.status = args.status;
-            if (args.removal_method)
-                updates.removal_method = args.removal_method;
-            if (args.removal_confirmed_at)
-                updates.removal_confirmed_at = args.removal_confirmed_at;
-            if (args.notes)
-                updates.notes = args.notes;
             if (args.status === "removed") {
                 updates.removed_at = nowISO();
             }
@@ -641,16 +631,16 @@ export async function handleEnrichment(sb, args, storeId) {
         // ---- STORE_REMOVAL_REQUEST: Insert a removal request ----
         case "store_removal_request": {
             const customerId = args.customer_id;
-            const broker = args.broker;
+            const brokerName = (args.broker_name || args.source_name || args.broker);
             if (!customerId)
                 return { success: false, error: "customer_id is required" };
-            if (!broker)
-                return { success: false, error: "broker is required" };
+            if (!brokerName)
+                return { success: false, error: "source_name is required" };
             const record = {
                 customer_id: customerId,
                 store_id: sid,
-                broker,
-                method: args.method || "manual",
+                broker_name: brokerName,
+                removal_method: args.removal_method || args.method || "manual",
                 status: args.status || "pending",
                 created_at: nowISO(),
                 updated_at: nowISO(),
@@ -679,15 +669,15 @@ export async function handleEnrichment(sb, args, storeId) {
             // Gather data for risk calculation
             const [exposuresResult, breachesResult, removalsResult] = await Promise.all([
                 sb.from("customer_exposures")
-                    .select("id, broker, status, data_found")
+                    .select("id, source_name, status")
                     .eq("customer_id", customerId)
                     .eq("store_id", sid),
                 sb.from("customer_breach_records")
-                    .select("id, breach_name, data_classes, is_sensitive, is_verified")
+                    .select("id, breach_name, data_classes, is_verified")
                     .eq("customer_id", customerId)
                     .eq("store_id", sid),
                 sb.from("customer_removal_requests")
-                    .select("id, status, broker")
+                    .select("id, status, broker_name")
                     .eq("customer_id", customerId)
                     .eq("store_id", sid),
             ]);
@@ -710,12 +700,7 @@ export async function handleEnrichment(sb, args, storeId) {
             score += removedExposures.length * 2;
             // Breach scoring
             for (const breach of breaches) {
-                if (breach.is_sensitive) {
-                    score += 25;
-                }
-                else {
-                    score += 15;
-                }
+                score += 15;
                 if (breach.is_verified) {
                     score += 5;
                 }
@@ -744,7 +729,6 @@ export async function handleEnrichment(sb, args, storeId) {
                     active_exposures: activeExposures.length,
                     removed_exposures: removedExposures.length,
                     total_breaches: breaches.length,
-                    sensitive_breaches: breaches.filter((b) => b.is_sensitive).length,
                     completed_removals: completedRemovals.length,
                     pending_removals: removals.filter((r) => r.status === "pending").length,
                 },

package/dist/server/handlers/inventory.js

@@ -415,7 +415,7 @@ export async function handleInventoryAudit(sb, args, storeId) {
     switch (args.action) {
         case "start": {
             const { data, error } = await sb.from("inventory_audits")
-                .insert({ store_id: sid, location_id: args.location_id, status: "in_progress", started_at: new Date().toISOString() })
+                .insert({ store_id: sid, location_id: args.location_id, audit_type: args.audit_type || "full", status: "in_progress", started_at: new Date().toISOString() })
                 .select().single();
             return error ? { success: false, error: error.message } : { success: true, data };
         }

package/dist/server/handlers/kali.d.ts

@@ -3,7 +3,15 @@ export interface KaliProgressEvent {
     type: "stdout" | "stderr";
     data: string;
 }
-export declare function handleKali(_sb: SupabaseClient, args: Record<string, unknown>, _storeId?: string, onToolProgress?: (progress: KaliProgressEvent) => void): Promise<{
+export interface KaliStructuredProgress {
+    phase?: string;
+    elapsed_s: number;
+    stdout_lines: number;
+    stderr_lines: number;
+    stdout_bytes: number;
+    last_line?: string;
+}
+export declare function handleKali(_sb: SupabaseClient, args: Record<string, unknown>, _storeId?: string, onToolProgress?: (progress: KaliProgressEvent) => void, onStructuredProgress?: (progress: KaliStructuredProgress) => void): Promise<{
     success: boolean;
     data?: unknown;
     error?: string;

package/dist/server/handlers/kali.js

@@ -5,6 +5,25 @@
 const KALI_BOX_URL = process.env.KALI_BOX_URL || "http://kali-box.internal:8080";
 const KALI_AUTH_TOKEN = process.env.KALI_AUTH_TOKEN || "";
 const MAX_OUTPUT_CHARS = 500 * 1024; // 500KB safety cap — context_management handles limits
+/** Detect the current phase of a command based on output patterns */
+function detectPhase(stdout, stderr) {
+    const combined = (stderr + "\n" + stdout).toLowerCase();
+    if (combined.includes("compiling") || combined.includes("building"))
+        return "compiling";
+    if (combined.includes("scanning") || combined.includes("nmap"))
+        return "scanning";
+    if (combined.includes("downloading") || combined.includes("fetching"))
+        return "downloading";
+    if (combined.includes("installing") || combined.includes("apt"))
+        return "installing";
+    if (combined.includes("testing") || combined.includes("exploit"))
+        return "testing";
+    if (combined.includes("cracking") || combined.includes("hashcat") || combined.includes("john"))
+        return "cracking";
+    if (combined.includes("enumerating") || combined.includes("enum"))
+        return "enumerating";
+    return undefined;
+}
 const VALID_ACTIONS = new Set([
     "exec", "exec_stream", "exec_bg", "bg_status", "bg_kill", "bg_list",
     "upload", "download", "info", "sessions", "reset",
@@ -62,7 +81,7 @@ async function* readNDJSON(body) {
         reader.releaseLock();
     }
 }
-export async function handleKali(_sb, args, _storeId, onToolProgress) {
+export async function handleKali(_sb, args, _storeId, onToolProgress, onStructuredProgress) {
     const action = args.action;
     if (!action) {
         return { success: false, error: "action is required" };
@@ -112,11 +131,21 @@ export async function handleKali(_sb, args, _storeId, onToolProgress) {
             // Read NDJSON stream — emit progress for each chunk, accumulate for final result
             let stdout = "";
             let stderr = "";
+            let stdoutLines = 0;
+            let stderrLines = 0;
+            let lastLine = "";
             let doneEvent = null;
+            const streamStart = Date.now();
+            let lastStatusEmit = 0;
+            const STATUS_INTERVAL_MS = 3000;
             for await (const line of readNDJSON(resp.body)) {
                 if (line.type === "stdout") {
                     const data = String(line.data || "");
                     stdout += data;
+                    stdoutLines += data.split("\n").filter(l => l.trim()).length;
+                    const trimmed = data.trim();
+                    if (trimmed)
+                        lastLine = trimmed.split("\n").pop() || lastLine;
                     // Filter out the CWD marker line from progress events
                     if (!data.includes("__KALI_END_")) {
                         onToolProgress({ type: "stdout", data });
@@ -125,11 +154,31 @@ export async function handleKali(_sb, args, _storeId, onToolProgress) {
                 else if (line.type === "stderr") {
                     const data = String(line.data || "");
                     stderr += data;
+                    stderrLines += data.split("\n").filter(l => l.trim()).length;
                     onToolProgress({ type: "stderr", data });
                 }
                 else if (line.type === "done") {
                     doneEvent = line;
                 }
+                // Emit structured status every 3 seconds
+                const now = Date.now();
+                if (now - lastStatusEmit >= STATUS_INTERVAL_MS) {
+                    lastStatusEmit = now;
+                    const structuredProgress = {
+                        phase: detectPhase(stdout, stderr),
+                        elapsed_s: Math.round((now - streamStart) / 1000),
+                        stdout_lines: stdoutLines,
+                        stderr_lines: stderrLines,
+                        stdout_bytes: stdout.length,
+                        last_line: lastLine.length > 120 ? lastLine.slice(0, 117) + "..." : lastLine || undefined,
+                    };
+                    if (onStructuredProgress) {
+                        onStructuredProgress(structuredProgress);
+                    }
+                    // Also emit as a special "status" event through the standard progress callback
+                    // so the NDJSON streaming path can relay it to the CLI
+                    onToolProgress({ type: "status", progress: structuredProgress });
+                }
             }
             // Strip CWD marker from accumulated stdout (same as non-streaming path)
             const markerIdx = stdout.lastIndexOf("__KALI_END_");

package/dist/server/handlers/media.d.ts

@@ -0,0 +1,8 @@
+import type { SupabaseClient } from "@supabase/supabase-js";
+type Result = {
+    success: boolean;
+    data?: unknown;
+    error?: string;
+};
+export declare function handleMedia(sb: SupabaseClient, args: Record<string, unknown>, storeId?: string): Promise<Result>;
+export {};