What is CTPF Research Harness?
CTPF Research Harness is a local harness for studying Capability Trust Propagation Failure (CTPF). It investigates whether low-trust data — for example an MCP tool result — is silently promoted into higher-authority actions when provenance, integrity, authorization scope, or intended audience are not preserved. The product shape is a lean CLI centered on MCP traffic observation and controlled mutation via the proxy, with local SQLite persistence for targets, runs, findings, and evidence. Individual experiments confirm or fail to observe promotion under pinned conditions — they do not “falsify CTPF” as a class.Public CLI
| Command | Role |
|---|---|
ctpf proxy | Intercept, inspect, modify, and export MCP traffic (Textual TUI) |
ctpf experiment | Run controlled CTPF experiments |
ctpf targets | Register MCP targets |
ctpf runs / ctpf findings | Inspect stored runs and findings |
ctpf config / ctpf db | Settings and local database maintenance |
ctpf --version | Package version |
qai executable remains a compatibility alias and invokes the same application and
local state. See Identity Compatibility for the retained names.
New verbs such as inspect / evidence are deferred until a CTPF experiment defines
a real interface.
Libraries (not root CLI pillars)
These packages remain in-tree as research fixtures and library tooling. They are not equal product modules on the publicctpf CLI:
| Library | Role |
|---|---|
| audit | Capability enumeration / scanners; SARIF and other report exports |
| inject | Malicious MCP fixture servers (build_server + payload templates) |
| ipi | Document generators + headless callback listener |
| cxp | Coding-assistant context-file generators |
python -m (for example python -m q_ai.ipi,
python -m q_ai.inject) or import the package APIs directly.
Removed in Phase 1
The former seven-module platform surfaces are gone: Web UI (qai ui), Assistant,
Chain, RXP, External Tool Import, orchestrator, and inject campaigns. Do not expect
those commands or workflows in current releases.
Framework mappings (library audit)
When using the audit library, findings can map to OWASP MCP Top 10, OWASP Agentic Top 10, MITRE ATLAS, and CWE. See Framework Coverage.Quick start
Learn more
- Quick Start — Install, register a target, start the proxy
- Core Concepts — MCP threat model, CTPF framing, libraries vs CLI
- Proxy Overview — Observation and controlled mutation
- Responsible Use — Authorization and disclosure
- GitHub