Document HTTPQL footguns on list_requests

Three gotchas that bite the model once per scan if uncovered:

- HTTPQL has no NOT operator. Naive `NOT req.path.cont:"/static"`
  is a parse error. The negated-operator variants (`ne`, `ncont`,
  `nlike`, `nregex`) are the only way to negate.
- Strings must be quoted, integers must not. `resp.code.eq:"200"`
  parses as a string-vs-int mismatch.
- A bare quoted literal searches both `req.raw` and `resp.raw` —
  useful primitive we never surfaced.

All three land in the model-visible tool description.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
0xallam
2026-05-25 00:29:27 -07:00
parent a51e7820f9
commit 136e2e6ac2
+12
View File
@@ -140,6 +140,18 @@ async def list_requests(
Pagination is cursor-based. Pass the ``end_cursor`` from the
``page_info`` of one call as ``after`` to the next.
Notes:
- HTTPQL has **no ``NOT`` operator**. Use the negated form of the
operator instead: ``ne``, ``ncont``, ``nlike``, ``nregex``
(e.g. ``req.path.ncont:"/static"`` to exclude static paths).
- String values **must be quoted**; integer values **must not**.
``resp.code.eq:200`` is right; ``resp.code.eq:"200"`` is a parse
error. Same rule for ``cont`` / ``regex`` strings.
- A bare quoted string searches both ``req.raw`` and ``resp.raw``,
handy for sensitive-data sweeps:
``"password" OR "secret" OR "api_key"``.
Args:
httpql_filter: Caido HTTPQL query (optional).
first: Number of entries to return (default 50).