Skip to main content
Glama
deenesjakoruzh
rad-security

RAD Security

Official
by rad-security
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Remote

radql_query_builder

Build RadQL queries programmatically from structured conditions to construct complex filter or stats queries for security data analysis in Kubernetes and cloud environments.

Instructions

Helper tool to build RadQL queries programmatically from structured conditions. Useful when you need to construct complex filter or stats queries from structured inputs.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
data_typeYesThe data type to build a query for
conditionsNoFilter conditions to combine into a RadQL query
logicNoLogical operator to combine conditionsAND
aggregationNoAggregation function to apply
aggregate_fieldNoField to aggregate (omit for count(*))
group_byNoFields to group by
time_groupNoTime-based grouping interval for datetime fields

Implementation Reference

  • src/index.ts:637-642 (registration)
    Registration of the 'radql_query_builder' tool in the MCP server, defining its name, description, and input schema.
    {
  name: "radql_query_builder",
  description:
    "Helper tool to build RadQL queries programmatically from structured conditions. Useful when you need to construct complex filter or stats queries from structured inputs.",
  inputSchema: zodToJsonSchema(radql.RadQLQueryBuilderSchema),
},
  • src/index.ts:1574-1583 (handler)
    MCP tool dispatch handler that parses arguments using the schema and calls the buildRadQLQuery function.
    case "radql_query_builder": {
  const args = radql.RadQLQueryBuilderSchema.parse(
    request.params.arguments
  );
  const response = radql.buildRadQLQuery(args);
  return {
    content: [
      { type: "text", text: JSON.stringify(response, null, 2) },
    ],
  };
  • src/operations/radql.ts:73-99 (schema)
    Zod schema defining the input parameters for the radql_query_builder tool.
    export const RadQLQueryBuilderSchema = z.object({
  data_type: z.string()
    .describe("The data type to build a query for"),

  conditions: z.array(z.object({
    field: z.string(),
    operator: z.enum([":", "=", "!=", "!:", "<>", ">", ">=", "<", "<=", "contains", "starts_with", "ends_with"]),
    value: z.union([z.string(), z.number(), z.boolean()]),
    negate: z.boolean().optional()
  })).optional()
    .describe("Filter conditions to combine into a RadQL query"),

  logic: z.enum(["AND", "OR"]).optional().default("AND")
    .describe("Logical operator to combine conditions"),

  aggregation: z.enum(["count", "sum", "avg", "min", "max", "median"]).optional()
    .describe("Aggregation function to apply"),

  aggregate_field: z.string().optional()
    .describe("Field to aggregate (omit for count(*))"),

  group_by: z.array(z.string()).optional()
    .describe("Fields to group by"),

  time_group: z.enum(["second", "minute", "hour", "day", "month", "year"]).optional()
    .describe("Time-based grouping interval for datetime fields")
});
  • src/operations/radql.ts:334-432 (handler)
    Core handler function that implements the tool logic: constructs RadQL filters_query and stats_query from structured conditions, handling operators, quoting rules for special cases (dates, hyphens, wildcards), aggregations, and grouping.
    export function buildRadQLQuery(
  args: z.infer<typeof RadQLQueryBuilderSchema>
): { filters_query?: string; stats_query?: string } {
  const result: { filters_query?: string; stats_query?: string } = {};

  if (args.conditions && args.conditions.length > 0) {
    const conditions = args.conditions.map(cond => {
      let query = "";

      if (cond.negate) {
        query += "NOT ";
      }

      query += cond.field;

      // Map operator to RadQL syntax
      if (cond.operator === "contains") {
        // Quote wildcard values if they contain special characters
        const needsQuoting = typeof cond.value === "string" && (
          cond.value.includes("-") || cond.value.includes(" ") || cond.value.includes(":")
        );
        const valueStr = needsQuoting ? `"*${cond.value}*"` : `*${cond.value}*`;
        query += `:${valueStr}`;
      } else if (cond.operator === "starts_with") {
        const needsQuoting = typeof cond.value === "string" && (
          cond.value.includes("-") || cond.value.includes(" ") || cond.value.includes(":")
        );
        const valueStr = needsQuoting ? `"${cond.value}*"` : `${cond.value}*`;
        query += `:${valueStr}`;
      } else if (cond.operator === "ends_with") {
        const needsQuoting = typeof cond.value === "string" && (
          cond.value.includes("-") || cond.value.includes(" ") || cond.value.includes(":")
        );
        const valueStr = needsQuoting ? `"*${cond.value}"` : `*${cond.value}`;
        query += `:${valueStr}`;
      } else {
        // Quote string values to handle dates, hyphens, and special characters
        // The RadQL parser requires quoting for:
        // - Dates/timestamps (contain hyphens): "2024-01-01"
        // - UUIDs (contain hyphens): "550e8400-e29b-41d4-a716-446655440000"
        // - Strings with special characters: colons, spaces, etc.
        // - Any value that's not a simple alphanumeric string
        const value = cond.value;
        let valueStr: string;

        if (typeof value === "string") {
          // Check if the string needs quoting
          // Quote if it contains: spaces, hyphens, colons, or other special chars
          // Or if it looks like a date/timestamp
          const needsQuoting =
            value.includes(" ") ||
            value.includes("-") ||
            value.includes(":") ||
            value.includes("(") ||
            value.includes(")") ||
            /^\d{4}-\d{2}-\d{2}/.test(value) ||
            /[<>=!]/.test(value);

          valueStr = needsQuoting ? `"${value}"` : value;
        } else {
          valueStr = String(value);
        }

        query += `${cond.operator}${valueStr}`;
      }

      return query;
    });

    result.filters_query = conditions.join(` ${args.logic} `);
  }

  if (args.aggregation) {
    let statsQuery = "";

    if (args.aggregation === "count") {
      statsQuery = args.aggregate_field ? `count(${args.aggregate_field})` : "count()";
    } else {
      if (!args.aggregate_field) {
        throw new Error(`${args.aggregation} requires an aggregate_field`);
      }
      statsQuery = `${args.aggregation}(${args.aggregate_field})`;
    }

    if (args.group_by && args.group_by.length > 0) {
      const groupByFields = args.group_by.map(field => {
        if (args.time_group && (field.includes("_at") || field.includes("timestamp") || field.includes("time"))) {
          return `${args.time_group}(${field})`;
        }
        return field;
      });
      statsQuery += ` by ${groupByFields.join(", ")}`;
    }

    result.stats_query = statsQuery;
  }

  return result;
}

Tool Definition Quality

B3.2/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It states the tool is a 'Helper tool' for 'building' queries, which implies it's a read-only, non-destructive operation that generates query strings. However, it doesn't disclose important behavioral traits such as whether it validates inputs, returns errors for invalid conditions, or outputs a query string versus an executable object. For a tool with 7 parameters and no annotations, this is a significant gap.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise and front-loaded, consisting of two sentences that directly state the tool's purpose and utility. There's no wasted verbiage or redundancy. However, it could be slightly more structured by explicitly mentioning key parameters or output format.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (7 parameters, no annotations, no output schema), the description is minimally adequate. It clarifies the tool's role as a query builder, which distinguishes it from execution tools in the sibling list. However, it lacks details on behavioral traits, output format (e.g., whether it returns a query string or structured object), and explicit guidance on when to use versus siblings. With no output schema, the description should ideally explain the return value.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds minimal parameter semantics beyond the schema. It mentions 'structured conditions' and 'complex filter or stats queries,' which loosely map to the 'conditions' and 'aggregation' parameters. However, with 100% schema description coverage, the schema already documents all 7 parameters thoroughly, including enums and defaults. The description doesn't add meaningful details about parameter interactions or usage examples, so the baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'build RadQL queries programmatically from structured conditions.' It specifies the verb ('build') and resource ('RadQL queries'), and mentions use cases ('complex filter or stats queries'). However, it doesn't explicitly differentiate from sibling tools like 'radql_query' or 'radql_batch_query', which appear to execute queries rather than build them.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides implied usage guidance: 'Useful when you need to construct complex filter or stats queries from structured inputs.' This suggests it's for constructing queries, not executing them. However, it doesn't explicitly state when to use this tool versus alternatives like 'radql_query' (which likely executes queries) or 'radql_batch_query', nor does it mention prerequisites or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rad-security/mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server