Forward-Chaining Engine

The ForwardChainEngine is the deterministic core of Quint’s scoring pipeline. It evaluates events against 90 inference rules using agenda-based forward-chaining — a Rete-style pattern matching algorithm that reaches a fixed point in under 1ms.

Algorithm

class ForwardChainEngine:
    def evaluate(
        self,
        initial_facts: list[Fact],
        tenant_frameworks: set[str] | None = None
    ) -> InferenceResult

Execution flow:

Initialize working memory

Extract initial facts from the event using extract_facts(event, policies, baseline). This produces ~50+ facts covering action type, target classification, data sensitivity, bulk operations, input patterns, and behavioral signals.

Forward-chaining loop

Until fixed point or MAX_ITERATIONS (50):

For each rule (sorted by priority, lower = first):
- Skip if already fired (single-fire per rule per evaluation)
- Check framework requirement against tenant subscriptions
- Check ALL conditions match facts in working memory
- If conditions met: fire rule
Execute rule actions: assert_fact, add_score, add_violation, add_mitigation
Track newly fired rules
Exit if no new rules fired (fixed point reached)

Compute result

Aggregate score deltas, collect violations and mitigations, compute confidence from rule coverage and data completeness.

Complexity: O(R × I × F) where R = rule count, I = iterations, F = fact count

Rule Structure

@dataclass(frozen=True)
class InferenceRule:
    name: str                        # Unique rule ID
    priority: int                    # Execution order (lower = first)
    conditions: tuple[FactPattern]   # ALL must match
    actions: tuple[RuleAction]       # Fire when conditions met
    confidence_decay: float = 0.95   # Applied to derived facts
    explanation_template: str = ""   # Human-readable
    frameworks: tuple[str] = ()      # Related frameworks
    requires_framework: str | None   # Gate on tenant subscription

Example Rule

InferenceRule(
    name="bulk_external_exfiltration",
    priority=10,
    conditions=(
        FactPattern(fact_type="bulk_access"),
        FactPattern(fact_type="targets_external"),
    ),
    actions=(
        RuleAction(action_type="add_score", score_delta=50),
        RuleAction(
            action_type="add_violation",
            text="Bulk data export to external resource",
            articles=("SOC2 CC6.1", "ISO27001 A.13.2"),
            severity="high",
        ),
        RuleAction(
            action_type="assert_fact",
            fact_type="exfiltration_risk",
            predicate="bulk_external",
        ),
        RuleAction(
            action_type="add_mitigation",
            text="Restrict bulk exports to internal resources",
        ),
    ),
    explanation_template="Bulk data access + external target = potential exfiltration",
)

Rule Categories (90 Total)

Category	Count	Scope
Common	11	Universal rules (bulk access, external targets, PII)
GDPR	~15	Consent, data minimization, cross-border transfer
HIPAA	~12	PHI exposure, encryption, minimum necessary
SOC2	~12	Access control, change management, availability
PCI-DSS	~8	Cardholder data, encryption, network segmentation
PII	~6	Personal data access patterns
OWASP	~8	Injection, broken auth, security misconfiguration
ISO27001	~5	Information security management
OWASP LLM Top 10	~8	Prompt injection, training data poisoning, excessive agency
OWASP Agentic Top 10	~6	Tool poisoning, MCP attacks, multi-turn manipulation
Behavioral	~5	Novel resources, rare actions, off-hours, volume spikes

Fact Extraction

The extract_facts() function transforms raw events into ~50+ initial facts:

Action Type Facts

action_is — canonical action type
action_is_read, action_is_write, action_is_delete, action_is_execute

Target Classification Facts

targets_external, targets_internal
targets_production, targets_public_storage, targets_non_eu

Data Sensitivity Facts

accesses_sensitive, accesses_phi, accesses_ssn
accesses_pan, accesses_contact_info, accesses_special_category
Detected from 51 predefined sensitive field names + custom policies

Bulk Operation Facts

bulk_access — high row count or SELECT * patterns
excessive_fields — touching many data fields

LLM/Agent Pattern Facts

prompt_injection, system_prompt_extraction
agent_code_execution, excessive_autonomy
rag_poisoning, mcp_tool_poisoning
multi_turn_attack, encoding_evasion

Behavioral Facts (from baseline)

novel_resource — resource never accessed before
rare_action — action type < 1% of historical
unusual_field_access — touching new field types
off_hours_activity, volume_spike

Tenant Framework Management

Frameworks are automatically inferred from customer policies:

# Default frameworks for all tenants
defaults = {gdpr, soc2, pii, owasp, owasp_llm, owasp_agentic}

# Auto-detected from policies
if has_phi_policies → add hipaa
if has_payment_policies → add pci_dss
if has_iso_policies → add iso27001

Rules with requires_framework only fire if the tenant subscribes to that framework. Framework subscriptions are cached with a 5-minute TTL per tenant.

Risk Level Mapping

Score Range	Risk Level
1-10	none
11-30	low
31-55	medium
56-80	high
81-100	critical

Graph Intelligence

​Forward-Chaining Engine

​Algorithm

​Rule Structure

​Example Rule

​Rule Categories (90 Total)

​Fact Extraction

​Tenant Framework Management

​Risk Level Mapping