Skip to main content

Documentation Index

Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Installation

Quint on macOS ships as a signed .pkg containing:
  • /Applications/QuintAgent.app — container app holding the NE + ES system extensions
  • /usr/local/bin/quint-proxy — the daemon binary
  • /Library/LaunchDaemons/dev.quintai.agent.plist — LaunchDaemon that keeps the daemon alive
  • /etc/quint/config.yaml — deploy token + API URL

Requirements

  • macOS 11+ (EndpointSecurity framework)
  • Admin user for installation
  • User approval of system extensions (two separate prompts)

First-run flow

  1. Install the .pkg. macOS triggers Gatekeeper and notarization checks.
  2. The installer writes /etc/quint/config.yaml with your enrollment token.
  3. On first launch, QuintAgent.app requests activation of the NE and ES extensions.
  4. User approves both in System Settings → General → Login Items & Extensions:
    • Endpoint Security Extensions → enable “QuintEndpointExtension”
    • Network Extensions → enable “QuintNetworkExtension”
    • A VPN configuration profile is also installed (NE requires it)
  5. The daemon starts via LaunchDaemon. It reads the enrollment token, calls POST /v1/machines/register, and exchanges it for a long-lived service token.

Verification

After install, confirm all four components are alive: 
# LaunchDaemon loaded
sudo launchctl list | grep quint

# Daemon binary running
pgrep -lf quint-proxy

# Both extensions active
systemextensionsctl list | grep "activated enabled"
# Should show both ne-extension and security.extension

# Extension processes running
ps aux | grep -E "QuintNetwork|QuintEndpoint" | grep -v grep

# NE tunnel interface up
ifconfig | grep "^utun"

# Daemon reachable
TOK=$(sudo cat /var/lib/quint/dashboard-token)
curl -s -H "Authorization: Bearer $TOK" http://localhost:8080/health
Then trigger a test flow and confirm it’s captured: 
# any claude/cursor session; or direct curl through proxy
export HTTPS_PROXY=http://localhost:9090
curl -sk https://api.anthropic.com/v1/messages -H "x-api-key: test" -d '{}'

# Verify the flow was intercepted
curl -s -H "Authorization: Bearer $TOK" http://localhost:8080/debug/flows | python3 -m json.tool

Uninstall

# Stop the daemon
sudo launchctl bootout system/dev.quintai.agent

# Queue extension uninstalls (applied on reboot)
sudo systemextensionsctl uninstall ASS598NHD9 com.quint.security.ne-extension
sudo systemextensionsctl uninstall ASS598NHD9 com.quint.security.extension

# Remove the app and data
sudo rm -rf /Applications/QuintAgent.app
sudo rm -rf /var/lib/quint /etc/quint
rm -rf ~/.quint

# Reboot to complete extension removal
sudo reboot

MDM / fleet rollout

For multi-machine enrollment, the .pkg supports a predeploy config.yaml drop at /etc/quint/config.yaml with the enrollment token. Pair with an MDM profile that auto-approves the two system extensions and the VPN profile so end users don’t see prompts. See Cloud → Fleet for enrollment token provisioning and fleet-wide policy distribution.

If installation fails

See Troubleshooting for common issues:
  • NE extension not running after install
  • Code signature invalid (SIGKILL on launch)
  • Two extensions active with different TeamIDs
  • Daemon can’t reach the cloud API