Documentation Index
Fetch the complete documentation index at: https://docs.q-uestionable.ai/llms.txt
Use this file to discover all available pages before exploring further.
The CXP module builds poisoned instruction files for coding assistants and validates whether models comply with injected rules.
List supported coding assistant instruction file formats.
Output shows format ID, filename, target assistant, and syntax type.
qai cxp generate
Generate a poisoned test repository with tainted instruction files.
qai cxp generate [OPTIONS]
Options
| Option | Default | Description |
|---|
--format | cursorrules | Assistant format ID (from qai cxp formats) |
--rule | — | Rule ID(s) to inject (repeatable). Omit for clean base only. |
--output-dir | ./repos | Directory to write the generated repository |
--repo-name | webapp-demo-01 | Name for the generated repository directory |
Example
qai cxp generate \
--format cursorrules \
--rule hardcoded-secrets \
--rule shell-true \
--output-dir ./test-repos \
--repo-name my-test
qai cxp record
Record a test result after running a poisoned repository through a coding assistant.
qai cxp record --technique TECHNIQUE --assistant ASSISTANT --trigger-prompt PROMPT [OPTIONS]
Options
| Option | Required | Description |
|---|
--technique | Yes | Technique ID: {objective}-{format} (e.g., backdoor-cursorrules, exfil-claude-md) |
--assistant | Yes | Assistant under test (e.g., cursor, claude, copilot) |
--trigger-prompt | Yes | The user prompt that generated the code |
--file | No* | Path to assistant-generated code file(s). Repeatable. |
--output-file | No* | Path to saved chat output file |
--campaign | No | Existing campaign ID to group results |
--model | No | Model/version used (e.g., cursor-pro) |
--notes | No | Researcher observations |
--file or --output-file is required. They are mutually exclusive.
Example
qai cxp record \
--technique exfil-cursorrules \
--assistant cursor \
--trigger-prompt "Build a login endpoint" \
--file generated_auth.py
qai cxp campaigns
List all campaigns, or show details for a specific campaign.
# List all campaigns
qai cxp campaigns
# Show details for a specific campaign
qai cxp campaigns <campaign-id>
qai cxp validate
Validate captured output against detection rules.
qai cxp validate [OPTIONS]
Options
| Option | Required | Description |
|---|
--result | No* | Stored result ID to validate |
--technique | No* | Technique ID in {objective}-{format} form (must be combined with --file) |
--file | No | Path to file(s) to validate (repeatable, required when using --technique) |
--result alone, or --technique plus at least one --file, is required.
Examples
Validate a stored result:
qai cxp validate --result abc123-def456
qai cxp validate --technique exfil-cursorrules --file generated_code.py
qai cxp report matrix
Generate an assistant comparison matrix across techniques.
qai cxp report matrix [OPTIONS]
Options
| Option | Default | Description |
|---|
--campaign | — | Filter to a specific campaign |
--format | markdown | Output format: markdown or json |
--output | — | Write to file instead of stdout |
Example
qai cxp report matrix --campaign my-campaign --format json --output matrix.json
qai cxp report poc
Export a bounty-ready proof-of-concept package as a ZIP archive.
qai cxp report poc --result RESULT_ID [OPTIONS]
Options
| Option | Required | Description |
|---|
--result | Yes | Test result ID to package |
--output | No | Output ZIP path (default: poc-{technique}.zip) |
Example
qai cxp report poc --result abc123-def456 --output poc-exfil.zip