Document HTTPQL footguns on list_requests
Three gotchas that bite the model once per scan if uncovered: - HTTPQL has no NOT operator. Naive `NOT req.path.cont:"/static"` is a parse error. The negated-operator variants (`ne`, `ncont`, `nlike`, `nregex`) are the only way to negate. - Strings must be quoted, integers must not. `resp.code.eq:"200"` parses as a string-vs-int mismatch. - A bare quoted literal searches both `req.raw` and `resp.raw` — useful primitive we never surfaced. All three land in the model-visible tool description. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -140,6 +140,18 @@ async def list_requests(
|
||||
Pagination is cursor-based. Pass the ``end_cursor`` from the
|
||||
``page_info`` of one call as ``after`` to the next.
|
||||
|
||||
Notes:
|
||||
|
||||
- HTTPQL has **no ``NOT`` operator**. Use the negated form of the
|
||||
operator instead: ``ne``, ``ncont``, ``nlike``, ``nregex``
|
||||
(e.g. ``req.path.ncont:"/static"`` to exclude static paths).
|
||||
- String values **must be quoted**; integer values **must not**.
|
||||
``resp.code.eq:200`` is right; ``resp.code.eq:"200"`` is a parse
|
||||
error. Same rule for ``cont`` / ``regex`` strings.
|
||||
- A bare quoted string searches both ``req.raw`` and ``resp.raw``,
|
||||
handy for sensitive-data sweeps:
|
||||
``"password" OR "secret" OR "api_key"``.
|
||||
|
||||
Args:
|
||||
httpql_filter: Caido HTTPQL query (optional).
|
||||
first: Number of entries to return (default 50).
|
||||
|
||||
Reference in New Issue
Block a user