From bfd971bbc8d35685f18f4b9dd3a52f04f8b4f77f Mon Sep 17 00:00:00 2001
From: s <s@db.org.ai>
Date: Sat, 20 Dec 2025 02:45:32 -0500
Subject: feat: add moon logs search command and filename filter support for
 stealer logs

---
 cmd/moon.go | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 cmd/moon.go

(limited to 'cmd/moon.go')

diff --git a/cmd/moon.go b/cmd/moon.go
new file mode 100644
index 0000000..512fb7e
--- /dev/null
+++ b/cmd/moon.go
@@ -0,0 +1,74 @@
+package cmd
+
+import (
+	"fmt"
+
+	"git.db.org.ai/dborg/internal/formatter"
+	"git.db.org.ai/dborg/internal/models"
+	"github.com/spf13/cobra"
+)
+
+var moonCmd = &cobra.Command{
+	Use:   "moon [query]",
+	Short: "Search moon logs",
+	Long:  `Search moon logs with various filters. Requires admin API key.`,
+	Args:  cobra.ExactArgs(1),
+	RunE:  runMoon,
+}
+
+func init() {
+	rootCmd.AddCommand(moonCmd)
+
+	moonCmd.Flags().StringP("filename", "F", "", "Filter by filename")
+	moonCmd.Flags().IntP("max_hits", "n", 10, "Maximum number of hits to return")
+	moonCmd.Flags().StringP("sort_by", "s", "", "Sort by field (ingest_timestamp or date_posted)")
+	moonCmd.Flags().StringP("ingest_start_date", "i", "", "Ingest timestamp start date")
+	moonCmd.Flags().StringP("ingest_end_date", "e", "", "Ingest timestamp end date")
+	moonCmd.Flags().StringP("posted_start_date", "p", "", "Date posted start date")
+	moonCmd.Flags().StringP("posted_end_date", "D", "", "Date posted end date")
+	moonCmd.Flags().StringP("format", "f", "json", "Response format (json or custom like 'ulp', 'up', 'pul')")
+}
+
+func runMoon(cmd *cobra.Command, args []string) error {
+	c, err := newClient()
+	if err != nil {
+		return err
+	}
+
+	params := &models.MoonParams{
+		Query: args[0],
+	}
+	params.Filename, _ = cmd.Flags().GetString("filename")
+	params.MaxHits, _ = cmd.Flags().GetInt("max_hits")
+	sortBy, _ := cmd.Flags().GetString("sort_by")
+	if sortBy != "" && sortBy != "ingest_timestamp" && sortBy != "date_posted" {
+		return fmt.Errorf("invalid sort_by value: must be 'ingest_timestamp' or 'date_posted'")
+	}
+	params.SortBy = sortBy
+	params.IngestStartDate, _ = cmd.Flags().GetString("ingest_start_date")
+	params.IngestEndDate, _ = cmd.Flags().GetString("ingest_end_date")
+	params.PostedStartDate, _ = cmd.Flags().GetString("posted_start_date")
+	params.PostedEndDate, _ = cmd.Flags().GetString("posted_end_date")
+	params.Format, _ = cmd.Flags().GetString("format")
+
+	response, err := c.SearchMoonLogs(params)
+	if err != nil {
+		return err
+	}
+
+	if err := checkError(response.Error); err != nil {
+		return err
+	}
+
+	if params.Format != "json" {
+		fmt.Println(response.Message)
+		return nil
+	}
+
+	output, err := formatter.FormatMoonResults(response, IsJSONOutput())
+	if err != nil {
+		return err
+	}
+	printOutput(output)
+	return nil
+}
-- 
cgit v1.2.3