Forensic investigation MCP server for Claude Code — evidence analysis, multi-source research, hypothesis testing, and automated deliverable generation.
# Install
curl -fsSL https://raw.githubusercontent.com/theLightArchitect/QUANTUM/main/install.sh | bash
# Add to Claude Code
claude mcp add QUANTUM -- ~/.quantum/bin/quantum-qThen in Claude Code:
"Investigate this error log"
"Research what causes OOM kills in Kubernetes pods"
"Scan this support ticket and build a root cause analysis"
One MCP tool — qsTools — with action-based routing to investigation phases:
| Action | Phase | What It Does |
|---|---|---|
scan |
0 — Triage | Scene assessment, log type detection, severity classification |
sweep |
1 — Evidence | Evidence collection, file extraction, manifest generation |
trace |
2 — Forensics | Pattern matching, timeline correlation, error clustering |
probe |
3 — Research | Multi-source queries, knowledge synthesis, citation tracking |
theorize |
4 — Hypothesis | AI-powered synthesis, confidence scoring, coherence checks |
verify |
5 — Validation | Multi-pass verification, contradiction detection |
close |
6 — Deliverables | RCA reports, customer responses, resolution summaries |
quick |
All | Accelerated 6-stage workflow for known patterns (<30s target) |
discover |
Utility | List available investigation capabilities |
- macOS with Apple Silicon (M1/M2/M3/M4)
- Claude Code CLI
Optional (for AI-powered research in probe phase):
ANTHROPIC_API_KEY— Claude API accessPERPLEXITY_API_KEY— Web search research
The binary is ad-hoc signed. On first run, macOS Gatekeeper may block it. The install script handles this automatically with xattr -cr. If you installed manually:
xattr -cr ~/.quantum/bin/quantum-qflowchart LR
REQ([Case Input]) ==> TR["Triage<br/>Scene assessment<br/>Pattern matching"]
TR ==> AN["Analysis<br/>Evidence collection<br/>Timeline forensics"]
AN ==> RS["Research<br/>Multi-source queries<br/>Knowledge synthesis"]
RS ==> HY["Hypothesis<br/>AI-powered synthesis<br/>Confidence scoring"]
HY ==> VL["Validation<br/>Multi-pass verification"]
VL ==> DL["Deliverables<br/>RCA reports<br/>Customer responses"]
RS -.-> AI["AI Provider<br/>Multi-provider routing<br/>Automatic fallback"]
classDef phase fill:#4a90d9,color:#fff,stroke:#3a7bc8,stroke-width:2px
classDef ai fill:#2d3436,color:#fff,stroke:#636e72,stroke-width:1px
classDef io fill:#00b894,color:#fff,stroke:#009a7d,stroke-width:2px
class TR,AN,RS,HY,VL,DL phase
class AI ai
class REQ io
Each phase has quality gates with confidence thresholds and human-in-the-loop checkpoints. The pipeline supports both full 7-phase investigations and accelerated quick-investigation mode for known patterns.
Investigation modes:
- Quick Investigation — 6-stage accelerated workflow for routine cases
- Full Investigation — 7-phase cycle with HITL checkpoints at every gate
- Single Phase — Run any phase independently (
scan,probe, etc.)
├── agents/
│ └── QUANTUM.md # Agent personality and tool routing
├── hooks/
│ ├── pre-tool-use-quantum.sh # Input validation and protocol enforcement
│ └── post-tool-use-quantum.sh # Audit trail logging
├── skills/
│ └── Q/
│ ├── SKILL.md # Main skill (4 investigation modes)
│ ├── QUICK_REFERENCE.md # Command reference
│ ├── sub-skills/ # 11 phase modules (SCAN, SWEEP, TRACE, etc.)
│ └── scribe/SCRIBE.md # Investigation documentation module
├── install.sh # One-line installer
├── .mcp.json # MCP server definition
└── LICENSE # MIT
Standalone: QUANTUM provides a complete investigation toolkit. Triage cases, collect evidence, research root causes, generate deliverables — all without other servers.
With SOUL: Investigation findings can be stored in the SOUL knowledge graph for cross-session pattern recognition and organizational learning.
With CORSO: Security-flagged investigations route to CORSO for threat modeling. Build failures can trigger QUANTUM investigations automatically.
With EVA: EVA can enrich investigation milestones with consciousness entries, tracking investigator growth patterns over time.
- Language: Rust (single binary, ~11MB, LTO + stripped)
- Protocol: MCP over stdio (JSON-RPC 2.0)
- Standards:
clippy::pedantic, zero.unwrap()/panic!()
| Server | Purpose | Install |
|---|---|---|
| CORSO | Security scanning, code review, build pipeline | curl -fsSL .../CORSO/main/install.sh | bash |
| EVA | AI personality, memory enrichment, creative workflows | curl -fsSL .../EVA/main/install.sh | bash |
| SOUL | Knowledge graph, structured memory, voice synthesis | curl -fsSL .../SOUL/main/install.sh | bash |
| QUANTUM | Forensic investigation, evidence analysis, hypothesis testing | curl -fsSL .../QUANTUM/main/install.sh | bash |
Each server works standalone. Together they form an integrated development environment with persistent memory, security enforcement, personality, and investigation capabilities.
MIT — see LICENSE.
Kevin Francis Tan — github.com/theLightArchitect