# QUILL -- 10,284 cybersecurity entries from 49 sources
# No auth. No rate limit. Search results include direct `url` fields to drill down.

## Quick Start

  GET https://quilsec.com/api/v1/search?q=certutil            -- keyword search
  GET https://quilsec.com/api/v1/semantic?q=privilege+escalation+linux  -- natural language search
  GET https://quilsec.com/api/v1/sources                      -- list all 49 data sources

## Critical Rules

- Results include a `url` field. USE IT to fetch full entries. Do NOT construct URLs.
- Source names are CASE-SENSITIVE ("LOLBAS" not "lolbas", "GTFOBins" not "gtfobins").
- If search returns 0 results, check the `hints` array in the response for recovery suggestions.
- Agents are auto-served markdown. Use `Accept: application/json` to force JSON.

## Endpoints

GET /api/v1/search?q=QUERY     -- keyword search (params: source, platform, category, limit, offset, full)
GET /api/v1/semantic?q=QUERY   -- natural language search via BM25 (params: source, platform, limit)
GET /api/v1/entries/{source}/{tool}  -- single entry detail (use `url` from search results)
GET /api/v1/entries            -- browse/filter (params: source, platform, category, limit, offset, full)
GET /api/v1/source/{source}    -- all entries from one source (params: limit, offset, full)
GET /api/v1/sources            -- list all sources with names, descriptions, entry counts
GET /api/v1/stats              -- aggregate statistics
GET /api/v1/platforms          -- list valid platform values
GET /api/v1/categories         -- list all category tags
GET /api/v1/openapi.json       -- full OpenAPI 3.1 spec

## Response Schema (slim, default)

Each result: { url, source_project, tool_name, platform, description, categories }

## Response Schema (full, ?full=true or single entry)

{ url, source_project, tool_name, platform, description, native_purpose, known_behaviors[], command_examples[], indicators[], categories[], similar_tools[], references[], raw_data }

## Workflow

1. Search: `/api/v1/search?q=mshta.exe` or `/api/v1/semantic?q=how to persist on windows`
2. Pick a result and follow its `url` field for full detail
3. If 0 results, check `hints` array or try the other search endpoint

## Discovery

  /llms.txt                  -- full docs (for deep context)
  /.well-known/agents.json   -- machine-readable capability manifest
  /api/v1/openapi.json       -- OpenAPI 3.1 spec