Skip to main content

Documentation Index

Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Events API

The events API handles ingestion of agent activity captured by the Quint daemon, and provides querying capabilities for event data.

Endpoints

POST /v1/events/ingest

Daemon event ingestion (rate-limited). Used by the Quint daemon to push captured events.

GET /v1/events

List events with filtering by agent, session, action type, tool name, decision, risk range, and time range.

GET /v1/events/stats

24-hour aggregate statistics across events.

GET /v1/events/{id}

Retrieve a single event by ID.

Event Schema

Events are captured at the OS level by the Quint daemon. Each event represents a single system action performed by (or on behalf of) an AI agent: 
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "session_id": "6ba7b810-9dad-11d1-80b4-00c04fd430c8",
  "agent_id": "claude-code",
  "action_type": "PROCESS_EXEC",
  "tool_name": "git",
  "arguments": ["commit", "-m", "Fix auth bug"],
  "risk_score": 12,
  "decision": "allow",
  "timestamp": "2026-04-12T14:32:00Z"
}

Action Types

Events are categorized by what the agent did at the OS level:
Action TypeDescription
PROCESS_EXECAgent spawned a child process (e.g., git, npm, curl)
FILE_READAgent read a file from disk
FILE_WRITEAgent wrote or modified a file
FILE_DELETEAgent deleted a file
NETWORK_CONNECTAgent made an outbound network connection

Filtering

The GET /v1/events endpoint supports query parameters for filtering: 
# Events from a specific agent
curl "https://api.quintai.dev/v1/events?agent_id=claude-code" \
  -H "Authorization: Bearer qt_deploy_YOUR_TOKEN"

# Process executions in a specific session
curl "https://api.quintai.dev/v1/events?session_id=SESSION_UUID&action_type=PROCESS_EXEC" \
  -H "Authorization: Bearer qt_deploy_YOUR_TOKEN"

# High-risk events by tool
curl "https://api.quintai.dev/v1/events?tool_name=curl&risk_min=50&risk_max=100" \
  -H "Authorization: Bearer qt_deploy_YOUR_TOKEN"

# Events in a time range
curl "https://api.quintai.dev/v1/events?since=2026-04-11T00:00:00Z&until=2026-04-12T00:00:00Z" \
  -H "Authorization: Bearer qt_deploy_YOUR_TOKEN"

Data Model

Session Linkage

Every event carries a session_id (UUID v5) that links it to an agent session. Sessions are tracked separately via the Sessions API, providing hierarchical grouping of events with parent/child relationships.