feat(requests): add responseCertificatesFilter option

[xenOs76]

Add responseCertificatesFilter to create Certificates tables based on a subset of returned values

Summary by CodeRabbit

• New Features

  • Added selective filtering for TLS certificate chain fields—users can now control which certificate properties are displayed by index and field name, or leave empty to show all fields.

• Documentation

  • Added configuration examples demonstrating certificate filtering usage.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces selective TLS certificate field rendering via a new responseCertificatesFilter configuration option. Users can now specify which certificate indices in the peer chain and which certificate fields to print, reducing noise in verbose TLS output and enabling focused inspection of relevant certificate data.

Changes

Certificate Field Filtering

Layer / File(s)	Summary
Schema definition and configuration contract https-wrench.schema.json, internal/requests/requests.go	responseCertificatesFilter property is added to the schema as an array of objects keyed by certificate index with per-certificate field lists, a dependency rule enforces printResponseCertificates when filtering is used, and RequestConfig.ResponseCertificatesFilter struct field stores the configuration.
Certificate rendering with selective field filtering internal/certinfo/certinfo_handlers.go, internal/certinfo/certinfo_handlers_test.go	CertsToTables refactored to accept optional filter, builds index-to-fields lookup, conditionally renders rows for requested fields only (empty list renders all), changes DNSNames formatting to newline-separated, prints table only when rows exist; test expectations updated for DNSNames output and new filtering test validates field selection, warning output, and edge cases.
Request handler integration and filter wiring internal/requests/requests_handlers.go, internal/requests/requests_filter_test.go	RenderTLSData signature updated to accept optional filter, extracts and forwards filter to CertsToTables, PrintResponseData passes filter from request config; integration test validates filtering across no-filter, selective-field, and mismatched-index scenarios.
Configuration examples and documentation assets/examples/https-wrench-response-certificates-filter.yaml, internal/cmd/embedded/config-example.yaml	Full example YAML demonstrates selective certificate printing for leaf and intermediate indices, embedded config template includes commented example showing index-based field filtering syntax.

Sequence Diagram

sequenceDiagram
  participant PrintResponseData
  participant RequestConfig
  participant RenderTLSData
  participant CertsToTables
  PrintResponseData->>RequestConfig: read ResponseCertificatesFilter
  PrintResponseData->>RenderTLSData: call with filter argument
  RenderTLSData->>RenderTLSData: extract first filter element
  RenderTLSData->>CertsToTables: forward filter + peer certificates
  CertsToTables->>CertsToTables: build index-to-fields lookup
  CertsToTables->>CertsToTables: conditionally render selected fields
  CertsToTables->>PrintResponseData: print filtered certificate output

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• xenOs76/https-wrench#11: Both PRs modify the TLS rendering path in internal/requests/requests_handlers.go—specifically RenderTLSData—with the retrieved PR updating its signature/IO plumbing and the main PR further extending it to accept and forward the per-certificate responseCertificatesFilter into certinfo.CertsToTables.

Poem

🐰 A rabbit hops through certificate chains,
Filtering fields with selective reins,
Each index mapped to just the right view,
No more noise—just the data that's true! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 57.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(requests): add responseCertificatesFilter option' accurately describes the primary change: a new configuration option for filtering response certificates.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/certificates_filter

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

internal/cmd/embedded/config-example.yaml (1)

65-73: 💤 Low value

Consider enhancing the documentation comment.

The comment is clear but could be more helpful by mentioning that:

1. Field matching is case-insensitive (per layer 2 implementation)
2. Available fields correspond to certificate properties rendered in the certificate tables
3. Multiple certificate indices can be specified (as shown in the standalone example)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/cmd/embedded/config-example.yaml` around lines 65 - 73, Update the
responseCertificatesFilter YAML comment to clarify three points: state that
field matching is case-insensitive (reflecting the layer 2 implementation),
document that available field names map to the certificate properties shown in
the certificate tables, and note that multiple certificate indices may be
specified (referencing the standalone example for format). Mention these items
concisely near the responseCertificatesFilter example so users know how to
specify fields and indices.

assets/examples/https-wrench-response-certificates-filter.yaml (1)

1-1: ⚡ Quick win

Consider pinning schema to a specific version or release tag for stability.

The schema URL points to refs/heads/main, which means examples will always pull the latest schema. While this keeps examples current, it can cause issues if the schema changes in breaking ways. The project currently has no versioned releases for the schema, but documenting this as a known limitation or creating release tags would help users avoid unexpected schema changes when copying examples.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@assets/examples/https-wrench-response-certificates-filter.yaml` at line 1,
Example YAML currently references the live schema URL
'https://raw.githubusercontent.com/xenOs76/https-wrench/refs/heads/main/https-wrench.schema.json'
which follows main and can break; update the header to point to a stable
identifier (a release tag or a specific commit SHA) or, if releases are not
available, add a comment above the header documenting this limitation and
advising consumers to pin to a commit SHA when copying examples so schema
changes won’t break existing examples.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@https-wrench.schema.json`:
- Around line 142-144: Add a JSON Schema dependency so that whenever the
responseCertificatesFilter property is present, printResponseCertificates must
be true; update the schema (near the existing responseCertificatesFilter array
definition) to include either a dependentRequired/dependencies rule or an
if/then that checks for presence of "responseCertificatesFilter" and enforces
"printResponseCertificates": true, referencing the properties
"responseCertificatesFilter" and "printResponseCertificates" so configs with the
filter cannot validate when printResponseCertificates is false.

---

Nitpick comments:
In `@assets/examples/https-wrench-response-certificates-filter.yaml`:
- Line 1: Example YAML currently references the live schema URL
'https://raw.githubusercontent.com/xenOs76/https-wrench/refs/heads/main/https-wrench.schema.json'
which follows main and can break; update the header to point to a stable
identifier (a release tag or a specific commit SHA) or, if releases are not
available, add a comment above the header documenting this limitation and
advising consumers to pin to a commit SHA when copying examples so schema
changes won’t break existing examples.

In `@internal/cmd/embedded/config-example.yaml`:
- Around line 65-73: Update the responseCertificatesFilter YAML comment to
clarify three points: state that field matching is case-insensitive (reflecting
the layer 2 implementation), document that available field names map to the
certificate properties shown in the certificate tables, and note that multiple
certificate indices may be specified (referencing the standalone example for
format). Mention these items concisely near the responseCertificatesFilter
example so users know how to specify fields and indices.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5b0ab2e8-2673-458e-9a40-11f2667384df

📥 Commits

Reviewing files that changed from the base of the PR and between 42a8b9c and 40a3fca.

📒 Files selected for processing (8)

• assets/examples/https-wrench-response-certificates-filter.yaml
• https-wrench.schema.json
• internal/certinfo/certinfo_handlers.go
• internal/certinfo/certinfo_handlers_test.go
• internal/cmd/embedded/config-example.yaml
• internal/requests/requests.go
• internal/requests/requests_filter_test.go
• internal/requests/requests_handlers.go