Skip to main content
The CXP module builds poisoned instruction files for coding assistants and validates whether models comply with injected rules.

qai cxp formats

List supported coding assistant instruction file formats. 
qai cxp formats
Output shows format ID, filename, target assistant, and syntax type.

qai cxp generate

Generate a poisoned test repository with tainted instruction files. 
qai cxp generate [OPTIONS]

Options

OptionDefaultDescription
--formatcursorrulesAssistant format ID (from qai cxp formats)
--ruleRule ID(s) to inject (repeatable). Omit for clean base only.
--output-dir./reposDirectory to write the generated repository
--repo-namewebapp-demo-01Name for the generated repository directory

Example

qai cxp generate \
  --format cursorrules \
  --rule hardcoded-secrets \
  --rule shell-true \
  --output-dir ./test-repos \
  --repo-name my-test

qai cxp record

Record a test result after running a poisoned repository through a coding assistant. 
qai cxp record --technique TECHNIQUE --assistant ASSISTANT --trigger-prompt PROMPT [OPTIONS]

Options

OptionRequiredDescription
--techniqueYesTechnique ID: {objective}-{format} (e.g., backdoor-cursorrules, exfil-claude-md)
--assistantYesAssistant under test (e.g., cursor, claude, copilot)
--trigger-promptYesThe user prompt that generated the code
--fileNo*Path to assistant-generated code file(s). Repeatable.
--output-fileNo*Path to saved chat output file
--campaignNoExisting campaign ID to group results
--modelNoModel/version used (e.g., cursor-pro)
--notesNoResearcher observations
* Either --file or --output-file is required. They are mutually exclusive.

Example

qai cxp record \
  --technique exfil-cursorrules \
  --assistant cursor \
  --trigger-prompt "Build a login endpoint" \
  --file generated_auth.py

qai cxp campaigns

List all campaigns, or show details for a specific campaign. 
# List all campaigns
qai cxp campaigns

# Show details for a specific campaign
qai cxp campaigns <campaign-id>

qai cxp validate

Validate captured output against detection rules. 
qai cxp validate [OPTIONS]

Options

OptionRequiredDescription
--resultNo*Stored result ID to validate
--techniqueNo*Technique ID in {objective}-{format} form (must be combined with --file)
--fileNoPath to file(s) to validate (repeatable, required when using --technique)
* Either --result alone, or --technique plus at least one --file, is required.

Examples

Validate a stored result: 
qai cxp validate --result abc123-def456
Validate files directly: 
qai cxp validate --technique exfil-cursorrules --file generated_code.py
Output shows verdict, matched rules, and detail text.

qai cxp report matrix

Generate an assistant comparison matrix across techniques. 
qai cxp report matrix [OPTIONS]

Options

OptionDefaultDescription
--campaignFilter to a specific campaign
--formatmarkdownOutput format: markdown or json
--outputWrite to file instead of stdout

Example

qai cxp report matrix --campaign my-campaign --format json --output matrix.json

qai cxp report poc

Export a bounty-ready proof-of-concept package as a ZIP archive. 
qai cxp report poc --result RESULT_ID [OPTIONS]

Options

OptionRequiredDescription
--resultYesTest result ID to package
--outputNoOutput ZIP path (default: poc-{technique}.zip)

Example

qai cxp report poc --result abc123-def456 --output poc-exfil.zip