threatcode · pull · Feb 23, 2026 · Feb 23, 2026 · Feb 23, 2026
diff --git a/.gemini/settings.json b/.gemini/settings.json
@@ -5,4 +5,4 @@
       "type": "sse"
     }
   }
-}
+}
diff --git a/web/mcp_server.py b/web/mcp_server.py
@@ -567,7 +567,7 @@ async def verify_auth(token: str = "") -> str:
     parser = argparse.ArgumentParser(description="CAPE MCP Server")
     parser.add_argument("--transport", choices=["stdio", "sse", "streamable-http", "http"], default=os.environ.get("CAPE_MCP_TRANSPORT", "stdio"), help="Transport protocol (default: stdio)")
     parser.add_argument("--host", default=os.environ.get("CAPE_MCP_HOST", "127.0.0.1"), help="Host to bind for HTTP/SSE (default: 127.0.0.1)")
-    parser.add_argument("--port", type=int, default=int(os.environ.get("CAPE_MCP_PORT", "8000")), help="Port to bind for HTTP/SSE (default: 8000)")
+    parser.add_argument("--port", type=int, default=int(os.environ.get("CAPE_MCP_PORT", "9004")), help="Port to bind for HTTP/SSE (default:  9004)")
     args = parser.parse_args()
 
     if args.transport in ["sse", "streamable-http", "http"]:

diff --git a/web/templates/analysis/search.html b/web/templates/analysis/search.html
@@ -23,7 +23,8 @@ <h5 class="mb-0 text-white"><i class="fas fa-info-circle me-2"></i> Search Help<
                 </div>
                 <div class="card-body">
                     <p class="text-white-50">ElasticSearch queries do not use a prefix. e.g., <code>*windows.*</code> matches 'time.windows.com'.</p>
-                    <p class="text-white-50">For MD5, SHA1, SHA256, etc., no prefix is needed (matches any file generated by analysis).</p>
+                    <p class="text-white-50">For MD5, SHA1, SHA256, etc., no prefix is needed (matches <b>any</b> file generated by analysis, including dropped/extracted files).</p>
+                    <p class="text-white-50">To search for the <b>initial submitted file</b> specifically, use <code>target_sha256:</code> prefix.</p>
                     <p class="text-white-50">By default, searches are exact matches. Use regex characters (e.g., <code>^ $ | ? * + ( ) [ ] { }</code>) to force a regex search.</p>
                     <div class="table-responsive">
                         <table class="table table-striped table-dark table-hover table-sm">
@@ -117,6 +118,9 @@ <h5 class="mb-0 text-white"><i class="fas fa-info-circle me-2"></i> Search Help<
 <div class="row mb-3">
     <div class="col-12 text-white-50 text-center">
         <h3>Results for term: <span class="text-danger font-weight-bold">{{term}}</span></h3>
+        {% if term_only in 'md5,sha1,sha256' %}
+            <p class="text-muted mt-1">Note: Hash searches match all generated files inside analysis. Use <code>target_sha256:</code> for initial file matches.</p>
+        {% endif %}
         {% if settings.ZIPPED_DOWNLOAD_ALL and term_only in 'capetype,capeyara' %}
             <a href="{% url 'file' term_only|add:'zipall' '1' value_only %}" class="btn btn-sm btn-outline-warning mt-2" data-bs-toggle="tooltip" title="Download password-protected archive with all matching files."><i class="fas fa-file-archive me-1"></i> Download All Matches</a>
         {% endif %}
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,4 +5,4 @@ @@
           "type": "sse"
         }
       }
-    }
+    }