Verify that the Caldera server is reachable and return version information.

Returns: JSON string with server health status and version details.

List all agents connected to Caldera.

Args: platform: Optional platform filter — 'windows', 'linux', or 'darwin'. Leave empty to return all platforms. alive_only: If True, only return agents that have checked in recently (within 3x their sleep_max interval). Default False.

Returns: JSON string with a list of agents and their status.

Get full details for a specific agent by its PAW identifier.

Args: paw: The agent's PAW (unique identifier assigned by Caldera).

Returns: JSON string with full agent details including alive status.

List available abilities in Caldera, with optional filters.

Useful for finding what abilities already exist before creating new ones, or for mapping ATT&CK technique IDs to Caldera ability IDs when building an adversary from a STIX bundle.

Args: technique_id: Filter by ATT&CK technique ID (e.g. 'T1059.001'). Leave empty to return all techniques. tactic: Filter by ATT&CK tactic (e.g. 'execution', 'discovery'). Leave empty to return all tactics. platform: Filter by executor platform — 'windows', 'linux', or 'darwin'. Leave empty to return all platforms.

Returns: JSON string with a compact list of matching abilities (id, name, tactic, technique_id, platforms).

Get full details for a single ability including all executors and commands.

Args: ability_id: The Caldera ability UUID.

Returns: JSON string with the full ability object.

Create a new ability in Caldera.

Args: name: Human-readable ability name (e.g. 'Dump LSASS memory'). tactic: ATT&CK tactic (e.g. 'credential-access', 'discovery'). technique_id: ATT&CK technique ID (e.g. 'T1003.001'). technique_name: ATT&CK technique name (e.g. 'OS Credential Dumping: LSASS Memory'). platform: Target platform — 'windows', 'linux', or 'darwin'. executor: Executor name — 'psh' (PowerShell), 'cmd', 'sh', or 'python'. command: The command to execute. Use #{variable} for Caldera facts. description: Optional description of what the ability does. timeout: Execution timeout in seconds (default 60).

Returns: JSON string with the created ability including its generated ability_id.

Delete an ability from Caldera by its ID.

Args: ability_id: The Caldera ability UUID to delete.

Returns: Confirmation string.

List all adversary profiles in Caldera.

Returns: JSON string with a compact list of adversaries (id, name, description, ability count).

Get full details for a single adversary profile including ability ordering.

Args: adversary_id: The Caldera adversary UUID.

Returns: JSON string with the full adversary object.

Create a new adversary profile from an ordered list of ability IDs.

Args: name: Human-readable adversary name (e.g. 'APT29 Credential Access'). ability_ids: Ordered list of Caldera ability UUIDs. description: Optional description of the adversary's TTPs or scenario context.

Returns: JSON string with the created adversary including its generated adversary_id.

Update an existing adversary profile.

Args: adversary_id: The Caldera adversary UUID to update. name: New name (leave empty to keep existing). ability_ids: New ordered ability list (leave empty to keep existing). description: New description (leave empty to keep existing).

Returns: JSON string with the updated adversary.

Delete an adversary profile from Caldera.

Args: adversary_id: The Caldera adversary UUID to delete.

Returns: Confirmation string.

List all operations in Caldera with their current state and progress.

Returns: JSON string with a compact list of operations (id, name, state, adversary, progress).

Get full details for an operation including its execution chain.

Args: operation_id: The Caldera operation ID.

Returns: JSON string with the full operation object including chain results.

Create a new operation in Caldera.

Operations are created in 'paused' state by default — always perform scope review and get explicit user confirmation before resuming execution.

Args: name: Human-readable operation name. adversary_id: UUID of the adversary profile to run. group: Agent group to target (leave empty for all connected agents). state: Initial state — 'paused' (default) or 'running'.

Returns: JSON string with the created operation including its operation ID.

Change the state of an existing operation.

Valid transitions: paused → running (resume execution) running → paused (pause execution) running → stop (terminate cleanly)

Args: operation_id: The Caldera operation ID. state: Target state — 'running', 'paused', or 'stop'.

Returns: JSON string with the updated operation state.

Get a structured summary of operation execution results.

Args: operation_id: The Caldera operation ID.

Returns: JSON string with execution summary and per-ability results.

Delete an operation from Caldera.

Args: operation_id: The Caldera operation ID to delete.

Returns: Confirmation string.