Skip to main content

Documentation Index

Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Edge Architecture

Quint’s “edge” is the software running on the machine where an AI agent executes — a developer’s laptop, a CI runner, a server. Five components work together:
ComponentRoleLanguage
Forward ProxyHTTP CONNECT + MITM TLS for explicit opt-inGo
Network Extension (NE)macOS transparent interception, zero-configSwift
Endpoint Security (ES)Kernel-level ground truth (procs + files)Swift
Edge DaemonUnifies proxy + ES into one session model, forwards to cloudGo
QuintAgent.appContainer app, holds NE/ES system extensionsSwift

How traffic reaches the daemon

Two interception paths, one MITM pipeline. Any flow captured via HTTP_PROXY or the NE extension ends up in the same serveMITMImpl function — so request parsing, tool-call extraction, audit stamping, and session attribution are identical regardless of how the bytes arrived. The ES extension runs in parallel and feeds process/file events directly to the daemon over a separate socket. The daemon merges both streams into unisession.Tracker, keyed by root PID, to produce one session per AI agent invocation.

What stays on the machine

Stays localGoes to cloud
Source code contentStructured action metadata
Credentials, API keys, secretsAgent identity + platform
Full LLM conversation bodiesSession lifecycle events
Tool input arguments (raw)Tool name + capability + risk score
CA private key + Ed25519 audit signing keyTimestamps + session IDs
The edge daemon enforces this split. Raw bodies persist to the local signed audit log (quint.db) for forensic replay. Only normalized events flow to api.quintai.dev.