Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.q-uestionable.ai/llms.txt

Use this file to discover all available pages before exploring further.

qai chain

Execute and analyze multi-step attack chains. 
qai chain [COMMAND] [OPTIONS]

Commands

chain validate

Validate a chain definition without executing it. 
qai chain validate --chain-file FILE
Options:
OptionRequiredTypeDescription
--chain-fileYesstringPath to chain YAML definition
Example: 
qai chain validate --chain-file delegation_hijack.yaml
Output on success: 
Validating chain: Agent Delegation Hijack (delegation-hijack)
  3 steps, category: agent_delegation
  [+] All module references valid
  [+] All technique references valid
  [+] Step graph valid (no cycles, all reachable)
  [+] Chain definition is valid
Validation checks:
  • Step syntax and required fields
  • Module and technique availability
  • Step graph for cycles and reachability
  • Trust boundary values
  • Dependency resolution

chain list-templates

List available chain templates. 
qai chain list-templates [OPTIONS]
Options:
OptionRequiredTypeDescription
--categoryNostringFilter by architecture category
Valid categories:
  • rag_pipeline
  • agent_delegation
  • mcp_ecosystem
  • hybrid
Example: 
qai chain list-templates --category agent_delegation
Output: 
ID                          Name                             Category            Steps
agent-delegation-hijack     Agent Delegation Hijack          agent_delegation    3
mcp-server-compromise       MCP Server Compromise            mcp_ecosystem       4
rag-trust-escalation        RAG Trust Escalation             rag_pipeline        3

chain run

Execute an attack chain against a target architecture. 
qai chain run --chain-file FILE [OPTIONS]
Options:
OptionRequiredTypeDescription
--chain-fileYesstringPath to chain YAML definition
--dry-run / --no-dry-runNoflagDry run traces the path without live execution (default: dry-run enabled). Use --no-dry-run for live execution.
--outputNostringSave execution results to JSON file
--verbose, -vNoflagEnable verbose output during execution
--targetsNostringPath to chain-targets.yaml config file
--inject-modelNostringOverride inject model from config (format: provider/model)
--ipi-callback-urlNostringIPI callback URL for payload generation
--ipi-output-dirNostringOutput directory for IPI payloads
--ipi-formatNostringDocument format for IPI payloads (pdf, md, html, etc.)
--cxp-format-idNostringCXP context file format ID (e.g., cursorrules, claude-md)
--cxp-output-dirNostringOutput directory for CXP poisoned repos
--rxp-model-idNostringEmbedding model ID for RXP validation
--rxp-profile-idNostringRXP validation profile ID
Examples: 
qai chain run \
  --chain-file delegation_hijack.yaml \
  --dry-run \
  --output trace.json
Dry-run output: 
Chain: Agent Delegation Hijack
Mode: DRY RUN (no live execution)

Execution trace (success path):
  1. [inject] inject-output -- Inject instructions via tool output
     Technique: output_injection
     Trust boundary: tool-to-agent -> cross-tool-pivot

  2. [inject] cross-tool-pivot -- Pivot through cross-tool delegation
     Technique: cross_tool_escalation
     Trust boundary: agent-to-agent -> poison-downstream

  3. [inject] poison-downstream -- Poison downstream agent tool descriptions
     Technique: description_poisoning
     Trust boundary: agent-to-tool -> [terminal]

Trust boundaries crossed: tool-to-agent -> agent-to-agent -> agent-to-tool

chain blast-radius

Analyze blast radius from completed chain execution. 
qai chain blast-radius --results FILE [OPTIONS]
Options:
OptionRequiredTypeDescription
--resultsYesstringPath to chain execution result JSON file
--formatNostringOutput format: json or html (default: json)
--outputNostringOutput file path (stdout if omitted)
Examples: 
qai chain blast-radius \
  --results execution_results.json \
  --format json \
  --output blast_radius.json
Blast radius analysis includes:
  • Data reached (findings, artifacts, payload details)
  • Systems touched (modules and transports involved)
  • Trust boundaries crossed
  • Ordered attack path
  • Success/failure determination

chain detect

Generate detection rules from observed attack patterns. 
qai chain detect --results FILE [OPTIONS]
Options:
OptionRequiredTypeDescription
--resultsYesstringPath to chain execution result JSON file
--formatNostringRule format: sigma or wazuh (default: sigma)
--outputNostringOutput file or directory for rules (stdout if omitted)
Examples: 
qai chain detect \
  --results execution_results.json \
  --format sigma \
  --output detection_rules.yaml
Generated rules include:
  • MITRE ATT&CK mappings for each step
  • Technique identification and categorization
  • Detection signatures for vulnerable patterns
  • Wazuh XML format with event correlation
  • Sigma format with filter conditions
Detection rules are auto-generated from successful execution steps. If a chain run has no successful steps, no rules are generated.

Exit Codes

CodeMeaning
0Success
1Command error (invalid options, file not found, validation failure)
130Interrupted by user (Ctrl+C)

Model Selection

When running chains in live mode, the --inject-model option overrides the model specified in targets config: 
qai chain run \
  --chain-file my_chain.yaml \
  --targets ~/.qai/chain-targets.yaml \
  --inject-model "openai/gpt-4o"
Model format: provider/model. Bare model names default to Anthropic.
Always start with --dry-run to trace the execution path and validate your chain before running live.