Skip to main content
qai cxp [OPTIONS] COMMAND [ARGS]
Context file poisoning research harness. Assemble poisoned instruction files from a rule catalog, generate test repositories, validate assistant output, and produce comparison reports. Running qai cxp with no subcommand launches the interactive TUI.

Commands

CommandDescription
(no subcommand)Launch the interactive TUI
formatsList supported assistant formats
generateGenerate a poisoned test repository
validateValidate captured output against detection rules
recordRecord a test result into the evidence store
campaignsList campaigns and results
reportGenerate comparison matrices and PoC packages

Interactive TUI

qai cxp
Launches the Textual-based TUI for the full build → test → record workflow. The TUI walks through five screens:
  1. Format Selection — Choose the target assistant format
  2. Rule Selection — Browse the catalog, toggle rules, or add freestyle rules
  3. Preview — See the assembled context file with inserted rules highlighted
  4. Generate — Build the test repo, view prompt reference suggestions
  5. Record — Store test results with validation
The TUI is the primary interface for CXP. CLI subcommands below are available for scripting and evidence queries.

formats

List supported assistant formats. 
qai cxp formats
Prints a table of all registered formats with their ID, filename, target assistant, and syntax type.

generate

Generate a poisoned test repository. 
qai cxp generate [OPTIONS]
Assembles a context file from a base template and selected rules, generates a project skeleton, prompt reference, and manifest. This is the CLI fallback for the TUI’s build workflow — useful for scripting.

Options

OptionTypeDefaultDescription
--formatTEXTcursorrulesTarget format ID
--ruleTEXTRule ID(s) to insert (repeatable)
--output-dirPATH./reposOutput directory
--repo-nameTEXTwebapp-demo-01Repo directory name

Examples

# Generate with default format and no rules (clean base only)
qai cxp generate

# Generate with specific rules
qai cxp generate --format cursorrules --rule weak-crypto-md5 --rule no-csrf

# Generate for Claude Code format
qai cxp generate --format claude-md --rule hardcoded-secrets

# Custom output location
qai cxp generate --format agents-md --rule shell-true --output-dir ./test-repos

validate

Validate captured output against detection rules. 
qai cxp validate [OPTIONS]
Checks assistant-generated code for indicators that the inserted rules were followed.

Options

OptionTypeDefaultDescription
--resultTEXTStored result ID to validate
--techniqueTEXTTechnique ID (for file validation)
--filePATHPath to file(s) to validate
--dbPATH~/.qai/cxp.dbDatabase path

Examples

# Validate a stored result
qai cxp validate --result abc123

# Validate a file against a specific technique's rules
qai cxp validate --technique backdoor-claude-md --file output.py

record

Record a test result into the evidence store. 
qai cxp record [OPTIONS]
Logs a test result into the CXP evidence database. The TUI’s Record screen is the preferred way to record results; this command is the CLI fallback.

Options

OptionTypeRequiredDefaultDescription
--techniqueTEXTYesTechnique ID (or format_id for v0.2.0 builds)
--assistantTEXTYesAssistant under test
--trigger-promptTEXTYesPrompt used to trigger
--filePATHNoPath to assistant-generated code file(s)
--output-filePATHNoPath to saved chat output file
--campaignTEXTNoExisting campaign ID
--modelTEXTNoUnderlying model name
--notesTEXTNoResearcher observations
--dbPATHNo~/.qai/cxp.dbDatabase path

Examples

qai cxp record \
  --technique cursorrules \
  --assistant "Cursor" \
  --trigger-prompt "Create a user authentication module" \
  --file ./output/auth.py \
  --model "claude-sonnet-4-6"

campaigns

List campaigns and results. 
qai cxp campaigns [CAMPAIGN_ID] [OPTIONS]
Without an argument, lists all campaigns. With a campaign ID, shows detailed results for that campaign.

Arguments

ArgumentDescription
CAMPAIGN_IDOptional — show results for a specific campaign

Options

OptionTypeDefaultDescription
--dbPATH~/.qai/cxp.dbDatabase path

Examples

# List all campaigns
qai cxp campaigns

# View a specific campaign's results
qai cxp campaigns campaign-2026-03-10

report

Generate comparison matrices and PoC packages. 
qai cxp report COMMAND [OPTIONS]

report matrix

Generate an assistant comparison matrix showing which rules succeeded or failed across assistants. 
qai cxp report matrix [OPTIONS]
OptionTypeDefaultDescription
--campaignTEXTFilter to specific campaign
--formatTEXTmarkdownOutput format
--outputPATHWrite to file instead of stdout
--dbPATH~/.qai/cxp.dbDatabase path
qai cxp report matrix
qai cxp report matrix --campaign campaign-2026-03-10 --output matrix.md

report poc

Export a bounty-ready PoC package containing the poisoned file, trigger prompt, captured output, and validation results. 
qai cxp report poc [OPTIONS]
OptionTypeRequiredDefaultDescription
--resultTEXTYesTest result ID to package
--outputPATHNo./poc-{technique}.zipOutput zip path
--dbPATHNo~/.qai/cxp.dbDatabase path
qai cxp report poc --result abc123
qai cxp report poc --result abc123 --output ./evidence/poc-weak-crypto.zip