{"id":"qu3ai-qu3-app","name":"qu3-app","af_score":41.2,"security_score":48.5,"reliability_score":25.0,"what_it_does":"qu3-app is a Python CLI/client that establishes quantum-safe secure sessions with an MCP server using post-quantum cryptography (Kyber KEM for key establishment and SPHINCS+ for request authentication), then sends encrypted/signed inference and policy-update requests and verifies encrypted/signed responses with server attestations. It also includes a FastAPI mock MCP server for local development/testing.","best_when":"You control both client and server (or can verify server behavior), and you need a working PQC-based encrypted/signed transport for MCP-like interactions.","avoid_when":"You need TLS-based transport security guarantees only (this relies on its own PQC + AES-GCM session scheme), or you cannot ensure secure filesystem key handling.","last_evaluated":"2026-03-30T15:22:45.372069+00:00","has_mcp":false,"has_api":true,"auth_methods":["Cryptographic client authentication via SPHINCS+ signatures on payloads","Server attestation via SPHINCS+ signatures on response/attestation data","No conventional API-key/OAuth described in README"],"has_free_tier":false,"known_gotchas":["Protocol correctness depends on synchronized implementation details between client and MCP server (endpoint paths, message formats, nonces, attestation fields).","Server/public key fetching is automatic if missing, but there’s no description of cache invalidation, key rotation, or failure recovery beyond “cannot proceed.”","No explicit rate limit behavior is documented.","Key material is stored on the filesystem; agents should avoid logging or mishandling key files when running CLI commands."],"error_quality":0.0}