Documentation Index
Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Platform Detection
Quint identifies AI agent platforms through multiple independent systems that converge in the unified session tracker. The detection sources span both the ES extension (OS-level) and the forward proxy (network-level), with 21 platform signatures maintained in sync across both.
Detection Sources
ES Extension: Agent Detection Cascade
The EndpointSecurity extension uses a 4-layer cascade to detect agent processes, evaluated in priority order:
Layer 1: Code Signing (Highest Confidence)
Uses macOS code signing identity verified cryptographically by the kernel. Unforgeable without the vendor’s signing key.
| Platform | Team ID | Signing IDs | Team-Only Trust |
|---|
claude-code | Q6L2SF6YDW | com.anthropic.claude-code | Yes |
claude-desktop | Q6L2SF6YDW | com.anthropic.claudefordesktop, .helper | Yes |
cursor | VDXQ22DGB9 | com.todesktop.230313mzl4w4u92, .helper | Yes |
copilot | UBF8T346G9 | com.microsoft.VSCode | No (Microsoft has many products) |
Layer 2: Process Name/Path
Falls back to process name (case-insensitive exact) and path (substring) matching. Covers all 21 platforms.
Layer 3: Arg Match
For interpreter processes (node, python, bun, deno), checks command-line arguments for agent script patterns. Catches cases like node /path/to/claude-code/main.js.
Layer 4: Parent Cascade
If the parent process is already tracked as an agent, the child inherits agent status. Captures the full process tree.
Forward Proxy: Network-Level Detection
The proxy adds 5 additional detection layers for traffic that flows through it.
Destination Domain
Confidence: 0.85 - 1.0
| Domain | Platform | Confidence |
|---|
api2.cursor.sh / api3.cursor.sh | cursor | 1.0 |
server.codeium.com | windsurf | 0.95 |
windsurf-api.codeium.com | windsurf | 1.0 |
api.githubcopilot.com | copilot | 1.0 |
copilot-proxy.githubusercontent.com | copilot | 0.95 |
aichat.augmentcode.com | augment | 1.0 |
api.devin.ai | devin | 1.0 |
api.amp.dev | amp | 0.95 |
api.pearai.dev | pearai | 0.95 |
api.trae.ai | trae | 0.95 |
| Header | Platform |
|---|
x-cursor-checksum | cursor |
x-cursor-client-version | cursor |
copilot-integration-id | copilot |
editor-version: vscode-copilot/* | copilot |
x-codeium-session-id | windsurf |
x-windsurf-session-id | windsurf |
x-kiro-session-id | kiro |
x-augment-session-id | augment |
x-devin-session-id | devin |
x-cline-session-id | cline |
System Prompt Fingerprint
Confidence: 0.95
When the proxy intercepts request bodies (MITM mode), it inspects system prompts for characteristic substrings:
| Substring | Platform |
|---|
"You are Claude Code" | claude-code |
"designed by Cursor" | cursor |
"GitHub Copilot" | copilot |
"Windsurf AI" | windsurf |
"You are Cline" | cline |
"Continue Dev" | continue |
"You are Goose" | goose |
"You are Codex" | codex |
"Gemini CLI" | gemini-cli |
"You are Amp" | amp |
System prompt fingerprinting requires MITM TLS interception. In passthrough mode, request bodies are encrypted end-to-end and this layer is skipped.
User-Agent
Confidence: 0.85
| User-Agent Substring | Platform |
|---|
claude-code | claude-code |
cursor | cursor |
copilot | copilot |
windsurf | windsurf |
aider | aider |
cline | cline |
continue | continue |
zed | zed |
goose | goose |
Protocol Fingerprint
Confidence: 0.7
| Signal | Platform |
|---|
| Connect RPC + Protobuf encoding | windsurf (Codeium uses Connect protocol) |
| gRPC with Codeium service paths | windsurf |
| WebSocket upgrade to MCP endpoint | Various (MCP-native platforms) |
Process Scanner
The daemon runs a process scanner every 5 seconds that checks the system process table against the same 21 agent signatures used by the ES extension. This provides:
- Bootstrap discovery — agents already running when the daemon starts (ES only sees new launches)
- Real start times — recovered via
ps etime for accurate session duration
- Working directories — resolved via
lsof when not available from other sources
Confidence Merging
When multiple proxy layers identify the same platform, confidence is boosted:
- The highest confidence from any single layer is taken as the base score
- If a second layer agrees, confidence is boosted by +0.05 (capped at 1.0)
- If three or more layers agree, confidence is boosted by +0.05 again
Retroactive Backfill
When the first request from a new agent cannot be classified (e.g., a plain HTTPS CONNECT with no distinctive headers), the agent is temporarily labeled unknown. As subsequent requests arrive with richer signals (system prompt content, platform-specific headers), Quint:
- Reclassifies the agent with the new platform identity
- Updates all previous events from that agent session with the correct platform
- Recalculates risk scores if the platform change affects policy matching
| Platform ID | Display Name | ES Detection | Proxy Detection |
|---|
claude-code | Claude Code | Code signing (Q6L2SF6YDW), process claude | UA, system prompt |
claude-browser-ext | Claude Browser Ext | Path Claude.app/Contents/Helpers/chrome-native-host | — |
claude-desktop | Claude Desktop | Code signing (Q6L2SF6YDW), process Claude | — |
cursor | Cursor | Code signing (VDXQ22DGB9), process cursor | Domains api2.cursor.sh, header x-cursor-checksum |
copilot | GitHub Copilot | Code signing (UBF8T346G9 + com.microsoft.VSCode) | Domain api.githubcopilot.com, header copilot-integration-id |
windsurf | Windsurf | Process windsurf, path Windsurf.app | Domain server.codeium.com, Connect RPC |
kiro | Kiro | Process kiro, path Kiro.app | Header x-kiro-session-id |
codex | Codex CLI | Process codex, path codex-cli | System prompt fingerprint |
aider | Aider | Process aider | UA substring, system prompt |
cline | Cline | Process cline | Header x-cline-session-id, system prompt |
continue | Continue | Process continue | System prompt, UA substring |
augment | Augment | Process augment | Domain aichat.augmentcode.com |
goose | Goose | Process goose | System prompt, UA substring |
gemini-cli | Gemini CLI | Process gemini, path gemini-cli | System prompt Gemini CLI |
amp | Amp | Process amp | Domain api.amp.dev, system prompt |
zed | Zed | Process zed, path Zed.app | UA substring |
opencode | OpenCode | Process opencode | UA substring |
pearai | PearAI | Process pearai, path PearAI.app | Domain api.pearai.dev |
trae | Trae | Process trae, path Trae.app | Domain api.trae.ai |
void | Void | Process void, path Void.app | UA substring |
devin | Devin | Process devin | Domain api.devin.ai |
The signature lists in the ES extension (AgentSignatures.swift), process scanner (procscan/signatures.go), and agent detect module (agentdetect/fingerprints.go) are kept in sync. CI enforces consistency.
