Get QuantumGenie running in under 2 minutes.
Install the SDK, connect to your infrastructure, and start analyzing hosts for quantum vulnerabilities.
npm install quantumgenie-sdkimport { QuantumGenie } from 'quantumgenie-sdk'
const qg = new QuantumGenie({
apiKey: process.env.QUANTUMGENIE_API_KEY,
mode: 'monitor' // 'monitor' warns | 'enforce' blocks
})const analysis = await qg.analyze('example.com')
// analysis.tlsVersion → 'TLSv1.3' | 'TLSv1.2' | ...
// analysis.cipherSuite → active cipher suite name
// analysis.exposureLevel → 'safe' | 'low' | 'moderate' | 'high' | 'critical'
// analysis.riskScore → 0–1 based on real handshake data
// analysis.certAlgorithm → RSA-2048 | ECDSA-P256 | ML-KEM-768 ...
// analysis.recommendation → actionable next stepconst result = await qg.scan('https://api.partner.com')
// result.safe → boolean
// result.action → 'allow' | 'warn' | 'block'
// result.riskScore → aggregate risk
// result.details → per-field breakdownSDK Reference
The quantumgenie-sdk package provides a TypeScript-first client
for analyzing cryptographic risk across your infrastructure.
All analysis is based on real TLS handshake data and certificate inspection.
interface QGConfig {
apiKey: string
mode: 'monitor' | 'enforce'
policy?: {
maxRiskScore: number // Block/warn above this (default: 0.5)
blockHighRisk: boolean // Auto-block high risk (default: false)
alertThreshold: number // Monitor alert threshold (default: 0.6)
onBlock?: (result: ScanResult) => void
onWarn?: (result: ScanResult) => void
}
}interface HostAnalysis {
hostname: string
tlsVersion: string // e.g. 'TLSv1.3'
cipherSuite: string // e.g. 'TLS_AES_256_GCM_SHA384'
certAlgorithm: string // e.g. 'RSA-2048', 'ECDSA-P256'
certIssuer: string
certValidTo: Date
exposureLevel: 'safe' | 'low' | 'moderate' | 'high' | 'critical'
riskScore: number // 0 (safe) to 1 (critical)
riskLevel: 'safe' | 'low' | 'medium' | 'high' | 'critical'
recommendation: string
}'enforce' mode,
high-risk connections are blocked before the handshake completes.
interface ScanResult {
safe: boolean
action: 'allow' | 'warn' | 'block'
riskScore: number
riskLevel: string
details: {
tlsVersion: string
cipherSuite: string
certAlgorithm: string
pqcEnabled: boolean
}
recommendation: string
}qg.applyMigration() to run it.
const plan = await qg.planMigration('legacy.example.com')
// plan.currentCipher → current cipher suite
// plan.recommendedCipher → suggested PQC cipher
// plan.estimatedEffort → 'low' | 'medium' | 'high'
// plan.steps → ordered migration instructionsContinuous Monitoring
Continuously monitor hosts for cryptographic risk changes. The monitor polls TLS handshake data on a configurable interval and fires alerts when a host's risk score crosses your threshold.
const monitor = qg.createMonitor(
['api.example.com', 'auth.example.com'],
(analysis) => {
console.log(`Alert: ${analysis.hostname}`)
console.log(`Risk: ${analysis.riskScore}`)
console.log(`Level: ${analysis.exposureLevel}`)
console.log(analysis.recommendation)
},
60_000 // poll every 60 seconds
)
monitor.start()
// Add/remove hosts dynamically
monitor.addHost('new.example.com')
monitor.removeHost('old.example.com')
// Stop monitoring
monitor.stop()PQC Attestation
Generate cryptographic proof that your services support quantum-resistant algorithms. This module provides off-chain attestation using ML-DSA (NIST FIPS 204). When your infrastructure adopts PQC natively, migration will be seamless.
import { generatePQKeypair, createAttestation, verifyAttestation }
from 'quantumgenie-sdk'
// Generate a NIST-standard ML-DSA-65 keypair
const pqKeys = await generatePQKeypair()
// pqKeys.publicKey → Uint8Array (1952 bytes)
// pqKeys.secretKey → Uint8Array (4032 bytes)// Bind your service identity to a PQ key
const attestation = await createAttestation(
'your-service-identifier',
pqKeys.secretKey,
pqKeys.publicKey
)
// Verify the binding
const valid = await verifyAttestation(attestation)
// valid → trueRisk Scoring
QuantumGenie's risk score is based on real TLS handshake data, not simulation. Every host using classical key exchange (RSA, ECDH) is theoretically vulnerable to quantum attack via Shor's algorithm. The risk score quantifies how exposed a specific host is today.
// TLS protocol version (30%)
// TLS 1.0/1.1 = critical, TLS 1.2 = moderate, TLS 1.3 = lower
// Key exchange algorithm (35%)
// RSA key exchange = high risk; ECDHE = moderate; ML-KEM = safe
// Certificate algorithm (20%)
// RSA-2048 = vulnerable; ECDSA-P256 = moderate; ML-DSA = safe
// Certificate expiry (15%)
// Expiring certs indicate outdated crypto hygiene| Level | Condition | Risk Score |
|---|---|---|
| safe | PQC cipher suite active (ML-KEM / X25519Kyber) | 0.0 – 0.1 |
| low | TLS 1.3 with modern ECDHE, short-lived certs | 0.1 – 0.3 |
| moderate | TLS 1.2 with forward secrecy | 0.3 – 0.55 |
| high | TLS 1.2 without forward secrecy, or RSA key exchange | 0.55 – 0.8 |
| critical | TLS 1.0 / 1.1, or self-signed with weak algo | 0.8 – 1.0 |
Protect your infrastructure today.
Deploy CipherScan agents and get full cryptographic visibility in minutes.