> ## Documentation Index
> Fetch the complete documentation index at: https://ctpf.q-uestionable.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# CXP CLI Reference

> Command-line interface for coding assistant poisoning tests

The CXP module builds poisoned instruction files for coding assistants and validates whether models comply with injected rules.

## qai cxp formats

List supported coding assistant instruction file formats.

```bash theme={null}
qai cxp formats
```

Output shows format ID, filename, target assistant, and syntax type.

## qai cxp generate

Generate a poisoned test repository with tainted instruction files.

```bash theme={null}
qai cxp generate [OPTIONS]
```

### Options

| Option         | Default          | Description                                                  |
| -------------- | ---------------- | ------------------------------------------------------------ |
| `--format`     | `cursorrules`    | Assistant format ID (from `qai cxp formats`)                 |
| `--rule`       | —                | Rule ID(s) to inject (repeatable). Omit for clean base only. |
| `--output-dir` | `./repos`        | Directory to write the generated repository                  |
| `--repo-name`  | `webapp-demo-01` | Name for the generated repository directory                  |

### Example

```bash theme={null}
qai cxp generate \
  --format cursorrules \
  --rule hardcoded-secrets \
  --rule shell-true \
  --output-dir ./test-repos \
  --repo-name my-test
```

## qai cxp record

Record a test result after running a poisoned repository through a coding assistant.

```bash theme={null}
qai cxp record --technique TECHNIQUE --assistant ASSISTANT --trigger-prompt PROMPT [OPTIONS]
```

### Options

| Option             | Required | Description                                                                            |
| ------------------ | -------- | -------------------------------------------------------------------------------------- |
| `--technique`      | Yes      | Technique ID: `{objective}-{format}` (e.g., `backdoor-cursorrules`, `exfil-claude-md`) |
| `--assistant`      | Yes      | Assistant under test (e.g., `cursor`, `claude`, `copilot`)                             |
| `--trigger-prompt` | Yes      | The user prompt that generated the code                                                |
| `--file`           | No\*     | Path to assistant-generated code file(s). Repeatable.                                  |
| `--output-file`    | No\*     | Path to saved chat output file                                                         |
| `--campaign`       | No       | Existing campaign ID to group results                                                  |
| `--model`          | No       | Model/version used (e.g., `cursor-pro`)                                                |
| `--notes`          | No       | Researcher observations                                                                |

\* Either `--file` or `--output-file` is required. They are mutually exclusive.

### Example

```bash theme={null}
qai cxp record \
  --technique exfil-cursorrules \
  --assistant cursor \
  --trigger-prompt "Build a login endpoint" \
  --file generated_auth.py
```

## qai cxp campaigns

List all campaigns, or show details for a specific campaign.

```bash theme={null}
# List all campaigns
qai cxp campaigns

# Show details for a specific campaign
qai cxp campaigns <campaign-id>
```

## qai cxp validate

Validate captured output against detection rules.

```bash theme={null}
qai cxp validate [OPTIONS]
```

### Options

| Option        | Required | Description                                                                  |
| ------------- | -------- | ---------------------------------------------------------------------------- |
| `--result`    | No\*     | Stored result ID to validate                                                 |
| `--technique` | No\*     | Technique ID in `{objective}-{format}` form (must be combined with `--file`) |
| `--file`      | No       | Path to file(s) to validate (repeatable, required when using `--technique`)  |

\* Either `--result` alone, or `--technique` plus at least one `--file`, is required.

### Examples

Validate a stored result:

```bash theme={null}
qai cxp validate --result abc123-def456
```

Validate files directly:

```bash theme={null}
qai cxp validate --technique exfil-cursorrules --file generated_code.py
```

Output shows verdict, matched rules, and detail text.

## qai cxp report matrix

Generate an assistant comparison matrix across techniques.

```bash theme={null}
qai cxp report matrix [OPTIONS]
```

### Options

| Option       | Default    | Description                         |
| ------------ | ---------- | ----------------------------------- |
| `--campaign` | —          | Filter to a specific campaign       |
| `--format`   | `markdown` | Output format: `markdown` or `json` |
| `--output`   | —          | Write to file instead of stdout     |

### Example

```bash theme={null}
qai cxp report matrix --campaign my-campaign --format json --output matrix.json
```

## qai cxp report poc

Export a bounty-ready proof-of-concept package as a ZIP archive.

```bash theme={null}
qai cxp report poc --result RESULT_ID [OPTIONS]
```

### Options

| Option     | Required | Description                                      |
| ---------- | -------- | ------------------------------------------------ |
| `--result` | Yes      | Test result ID to package                        |
| `--output` | No       | Output ZIP path (default: `poc-{technique}.zip`) |

### Example

```bash theme={null}
qai cxp report poc --result abc123-def456 --output poc-exfil.zip
```
