Skip to main content

Documentation Index

Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Dashboard

The Quint Dashboard is a Next.js application that serves as the operator interface for CISOs and security engineers. It provides real-time visibility into every AI agent action across your fleet, with risk scoring overlays, policy management, and compliance reporting.

Dual Mode Architecture

The dashboard runs in two modes, sharing the same codebase but connecting to different backends:
Local ModeCloud Mode
URLhttp://localhost:8080https://app.quintai.dev
HostingEmbedded in the Go daemon (quint watch)Vercel (multi-tenant)
AuthNone (localhost only)Supabase (login/signup/session)
Data sourceGo proxy REST API on :8080quint-platform API on AWS
ScopeSingle machineEntire fleet
Use caseDeveloper workstation monitoringOrganization-wide SOC
Local mode automatically strips HTTP_PROXY and HTTPS_PROXY environment variables to prevent a proxy loop where the dashboard’s own requests get intercepted by the daemon.

Data Flow

The dashboard never communicates directly with daemons running on enrolled machines. All data flows through the API service: In local mode, the diagram simplifies to a single daemon serving both the dashboard static files and the API endpoints on localhost:8080.

Key Views

Event Feed

Real-time stream of every agent action intercepted by Quint proxies across the fleet. Each event displays the action classification (domain:scope:verb), risk score (1-100), verdict (allow/flag/block), and originating agent. Filters include:
  • Agent — filter by specific agent identity or word-based name
  • Platform — filter by AI platform (Cursor, Claude Code, Copilot, etc.)
  • Risk level — critical, high, medium, low
  • Time range — last hour, 24 hours, 7 days, or custom range
  • Verdict — allow, flag, block

Fleet Overview

Displays all enrolled machines with daemon health status, agent count per machine, and protection tier. Each machine card shows:
  • Daemon version and uptime
  • Active agent count and types
  • Last event timestamp
  • Protection mode (relay, gateway, or forward proxy)

Agent Graph

Interactive parent-child visualization of agent spawn trees, powered by XYFlow. Each node represents an agent with its confidence score and detection method. Edges show spawn relationships with timestamps. The graph helps operators trace delegation chains, such as when a Cursor agent spawns a sub-agent that calls a different model provider, which in turn invokes MCP tools.

Policy Editor

Create, edit, and test enforcement policies with:
  • Live preview of which historical events would match the policy
  • Glob pattern support for action matching (mcp:*:file.*, http:github.com:api.post)
  • Risk threshold configuration per policy rule
  • Dry-run mode to evaluate a policy before activation

Compliance Reports

Per-framework violation summaries (SOC 2, ISO 27001, NIST, GDPR, PCI DSS) with:
  • Time-scoped filtering (daily, weekly, monthly)
  • Violation counts grouped by framework control
  • Trend charts showing compliance posture over time
  • Exportable reports (PDF, CSV)

Alerts

High-risk action alerts with an acknowledgment workflow. Alerts fire when an event exceeds the configured risk threshold or matches a critical policy rule. Each alert shows the full event context, risk breakdown, and suggested mitigations. Operators can acknowledge, escalate, or dismiss alerts.

Audit Trail

Searchable audit log with Ed25519 signature verification. Every entry is chain-linked to its predecessor, making the trail tamper-evident. Operators can:
  • Search by agent, action, time range, or verdict
  • Verify the integrity of any entry or the entire chain
  • Export audit logs for external compliance tools

Tech Stack

TechnologyPurpose
Next.js 16App Router, Server Components, API routes
React 19UI rendering
shadcn/uiComponent library
Tailwind v4Styling
RechartsRisk score charts, compliance trends, fleet analytics
Framer MotionAnimations and transitions
XYFlowAgent spawn graph visualization
cmdkCommand palette (Cmd+K) for quick navigation
SupabaseAuth only (cloud mode) — login, signup, session management
SonnerToast notifications

Authentication

1

Cloud Mode

Supabase handles login, signup, and session management. The dashboard middleware refreshes the session cookie on each request. API route handlers extract the JWT and forward it to the platform API on AWS, which validates via the Supabase JWKS endpoint.
2

Local Mode

No authentication. The dashboard is served on localhost:8080 only and is not accessible from outside the machine. This is appropriate for single-developer workstation monitoring.

App Router Structure

app/
  (auth)/           Login, signup pages
  (dashboard)/      Main dashboard layout
    activity/       Event feed
    agents/         Agent list and details
    alerts/         Alert management
    analytics/      Risk analytics and trends
    approvals/      Human-in-the-loop approvals
    audit/          Audit trail viewer
    fleet/          Fleet overview (events, groups, hierarchy)
    onboarding/     First-run setup wizard
    policies/       Policy editor
    proxies/        Proxy configuration
    settings/       Organization settings
    team/           Team member management
    tokens/         API token management
  api/              Route handlers (REST endpoints)
  demo/             Demo presentation pages