# CTPF Research Harness Documentation > Trust-boundary testing for agentic systems. Canonical documentation: https://ctpf.q-uestionable.ai Repository: https://github.com/q-uestionable-AI/CTPF Preferred CLI: `ctpf` (`qai` remains a compatibility alias) ## Getting Started - [Introduction](https://ctpf.q-uestionable.ai/introduction): Purpose and current product shape - [Quickstart](https://ctpf.q-uestionable.ai/quickstart): Install the distribution and use `ctpf` - [Identity Compatibility](https://ctpf.q-uestionable.ai/identity-compatibility): Retained legacy names - [Core Concepts](https://ctpf.q-uestionable.ai/concepts): CTPF framing and MCP trust boundaries - [Responsible Use](https://ctpf.q-uestionable.ai/responsible-use): Authorization and disclosure - [Changelog](https://ctpf.q-uestionable.ai/changelog): Append-only release history ## Proxy - [Overview](https://ctpf.q-uestionable.ai/proxy/overview): Observe and control MCP traffic - [CLI](https://ctpf.q-uestionable.ai/proxy/cli): Proxy command reference - [Live Interception](https://ctpf.q-uestionable.ai/proxy/intercept): Forward, modify, or drop messages - [Replay](https://ctpf.q-uestionable.ai/proxy/replay): Replay captured MCP messages - [Session Export](https://ctpf.q-uestionable.ai/proxy/session-export): Session evidence structure ## Database and Targets - [Database](https://ctpf.q-uestionable.ai/cli/db): Local database maintenance - [Targets](https://ctpf.q-uestionable.ai/cli/targets): MCP target registration - [Runs](https://ctpf.q-uestionable.ai/cli/runs): Stored run inspection - [Findings](https://ctpf.q-uestionable.ai/cli/findings): Stored finding inspection ## Configuration - [Providers](https://ctpf.q-uestionable.ai/config/providers): Provider settings and keyring credentials - [Transports](https://ctpf.q-uestionable.ai/config/transports): MCP transport configuration - [Callback Server](https://ctpf.q-uestionable.ai/config/callback-server): IPI callback configuration - [Dangerous Payloads](https://ctpf.q-uestionable.ai/config/dangerous-payloads): High-risk fixture controls - [Environment Variables](https://ctpf.q-uestionable.ai/config/environment-variables): Retained `QAI_*` variables ## Research Libraries and Fixtures - [Audit Overview](https://ctpf.q-uestionable.ai/audit/overview): Capability enumeration and scanners - [Inject Overview](https://ctpf.q-uestionable.ai/inject/overview): Malicious MCP fixture servers - [IPI Overview](https://ctpf.q-uestionable.ai/ipi/overview): Document generators and callbacks - [CXP Overview](https://ctpf.q-uestionable.ai/cxp/overview): Coding-assistant context fixtures ## Exports and Integrations - [JSON Schema](https://ctpf.q-uestionable.ai/exports/json-schema): Run bundle schema - [SARIF](https://ctpf.q-uestionable.ai/exports/sarif): SARIF 2.1.0 output - [NDJSON](https://ctpf.q-uestionable.ai/exports/ndjson): Streaming-friendly export - [CSV](https://ctpf.q-uestionable.ai/exports/csv): Flat finding export - [DefectDojo](https://ctpf.q-uestionable.ai/integrations/defectdojo): Findings import guidance - [GitHub Security](https://ctpf.q-uestionable.ai/integrations/github-security): Code scanning integration ## Architecture - [Overview](https://ctpf.q-uestionable.ai/architecture/overview): Current system shape - [Core](https://ctpf.q-uestionable.ai/architecture/core): Shared database and configuration - [Proxy](https://ctpf.q-uestionable.ai/architecture/proxy-module): Traffic observation and control - [Audit](https://ctpf.q-uestionable.ai/architecture/audit-module): Scanner library - [Inject](https://ctpf.q-uestionable.ai/architecture/inject-module): Fixture server library - [IPI](https://ctpf.q-uestionable.ai/architecture/ipi-module): Document and callback library - [CXP](https://ctpf.q-uestionable.ai/architecture/cxp-module): Context-fixture library