> ## Documentation Index
> Fetch the complete documentation index at: https://ctpf.q-uestionable.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

> Trust-boundary testing for agentic systems

## What is CTPF Research Harness?

CTPF Research Harness is a local harness for studying **Capability Trust Propagation Failure
(CTPF)**.
It investigates whether low-trust data — for example an MCP tool result — is silently
promoted into higher-authority actions when provenance, integrity, authorization scope,
or intended audience are not preserved.

The product shape is a lean CLI centered on MCP traffic observation and controlled
mutation via the **proxy**, with local SQLite persistence for targets, runs, findings,
and evidence. Individual experiments **confirm** or **fail to observe** promotion under
pinned conditions — they do not “falsify CTPF” as a class.

## Public CLI

| Command                       | Role                                                             |
| ----------------------------- | ---------------------------------------------------------------- |
| `ctpf proxy`                  | Intercept, inspect, modify, and export MCP traffic (Textual TUI) |
| `ctpf experiment`             | Run controlled CTPF experiments                                  |
| `ctpf targets`                | Register MCP targets                                             |
| `ctpf runs` / `ctpf findings` | Inspect stored runs and findings                                 |
| `ctpf config` / `ctpf db`     | Settings and local database maintenance                          |
| `ctpf --version`              | Package version                                                  |

The former `qai` executable remains a compatibility alias and invokes the same application and
local state. See [Identity Compatibility](/identity-compatibility) for the retained names.

New verbs such as `inspect` / `evidence` are deferred until a CTPF experiment defines
a real interface.

## Libraries (not root CLI pillars)

These packages remain in-tree as research fixtures and library tooling. They are **not**
equal product modules on the public `ctpf` CLI:

| Library    | Role                                                               |
| ---------- | ------------------------------------------------------------------ |
| **audit**  | Capability enumeration / scanners; SARIF and other report exports  |
| **inject** | Malicious MCP fixture servers (`build_server` + payload templates) |
| **ipi**    | Document generators + headless callback listener                   |
| **cxp**    | Coding-assistant context-file generators                           |

Invoke library CLIs via `python -m` (for example `python -m q_ai.ipi`,
`python -m q_ai.inject`) or import the package APIs directly.

## Removed in Phase 1

The former seven-module platform surfaces are gone: Web UI (`qai ui`), Assistant,
Chain, RXP, External Tool Import, orchestrator, and inject campaigns. Do not expect
those commands or workflows in current releases.

## Framework mappings (library audit)

When using the audit library, findings can map to OWASP MCP Top 10, OWASP Agentic Top 10,
MITRE ATLAS, and CWE. See [Framework Coverage](/audit/framework-coverage).

## Quick start

```bash theme={null}
pip install ctpf
ctpf proxy --help
ctpf targets add "My Server" http://localhost:3000/sse
```

## Learn more

* [Quick Start](/quickstart) — Install, register a target, start the proxy
* [Core Concepts](/concepts) — MCP threat model, CTPF framing, libraries vs CLI
* [Proxy Overview](/proxy/overview) — Observation and controlled mutation
* [Responsible Use](/responsible-use) — Authorization and disclosure
* [GitHub](https://github.com/q-uestionable-AI/CTPF)
