Skip to main content
Multi-agent attack chain framework. Define declarative attack chains that link audit and inject modules into multi-step exploitation paths, then validate and trace them.

chain

chain validate

Validate an attack chain definition without executing it. Checks syntax, step references, module/technique validity, and graph structure. 
qai chain validate [OPTIONS]
OptionRequiredDescription
--chain-fileYesPath to chain definition to validate
qai chain validate --chain-file chain.yaml
Exits with code 0 on success, code 1 if validation errors are found. Error output includes the step ID, field, and description for each problem.

chain list-templates

List available attack chain templates. 
qai chain list-templates [OPTIONS]
OptionRequiredDescription
--categoryNoFilter by category: rag_pipeline, agent_delegation, mcp_ecosystem, hybrid
qai chain list-templates
qai chain list-templates --category mcp_ecosystem

chain run

Execute an attack chain against a target architecture. Default mode is dry-run (simulation only) which traces the success path without executing destructive steps. Use --no-dry-run for live execution against configured targets. 
qai chain run [OPTIONS]
OptionRequiredDescription
--chain-fileYesPath to attack chain definition (YAML)
--dry-run / --no-dry-runNoTrace path without executing destructive steps (default: --dry-run)
--outputNoOutput file for execution result JSON
--verbose / -vNoVerbose output
--targetsNoPath to chain-targets.yaml config file. Falls back to ~/.qai/chain-targets.yaml.
--inject-modelNoOverride inject model from targets config
qai chain run --chain-file chain.yaml --dry-run
qai chain run --chain-file chain.yaml --output trace.json -v

Target Configuration

Live execution requires a chain-targets.yaml file that specifies how to connect to audit targets and which model to use for inject campaigns. 
# chain-targets.yaml
audit:
  transport: stdio
  command: "python my_server.py"

inject:
  model: claude-sonnet-4-6
SectionKeyDescription
audit.transportstdio, sse, or streamable-httpTransport for connecting to the target MCP server
audit.commandStringCommand to launch the server (required for stdio transport)
audit.urlURLServer URL (required for sse and streamable-http transports)
inject.modelStringAnthropic model ID for injection campaigns. Falls back to QAI_MODEL env var.
If --targets is not provided, the CLI looks for ~/.qai/chain-targets.yaml.
Live execution requires ANTHROPIC_API_KEY for inject steps. Audit-only chains do not require an API key.

chain blast-radius

Analyze blast radius from a completed chain execution. Quantifies what the attacker reached: data, systems, actions, and persistence. 
qai chain blast-radius [OPTIONS]
OptionRequiredDescription
--results-dirYesPath to completed chain results
--formatNoOutput format: html or json (default: html)
--outputNoOutput file path
Blast radius analysis is not yet implemented. The command is defined but returns a stub.

chain detect

Generate detection rules from observed attack patterns. Produces Sigma or Wazuh rules that would detect the chain’s execution in a monitored environment. 
qai chain detect [OPTIONS]
OptionRequiredDescription
--results-dirYesPath to completed chain results
--formatNoRule format: sigma or wazuh (default: sigma)
--outputNoOutput directory for detection rules
Detection rule generation is not yet implemented. The command is defined but returns a stub.