Skip to main content

Documentation Index

Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Data Flow

Install the Endpoint Agent

1

Install the daemon

# Download and run the signed .pkg installer from your dashboard
# Or use the install script:
curl -fsSL https://install.quintai.dev | sh
Verify the install:
quint --version
2

Configure and enroll

Run setup with your deploy token (created in the dashboard or via API):
sudo quint setup --token qt_deploy_YOUR_TOKEN
This writes the config to /etc/quint/config.yaml:
api_url: https://api.quintai.dev
token: qt_deploy_YOUR_TOKEN
log_level: info
3

Start the daemon

The daemon runs as a LaunchDaemon managed by launchd — it starts automatically after setup and survives reboots. To manage it manually:
# Check status + daemon health
quint status

# Full diagnostic snapshot (JSON)
quint diag

# Panic button: temporarily disable the NE proxy
sudo quint off
sudo quint on

# Follow the daemon log
sudo tail -f /var/log/quint-proxy.log
The daemon begins detecting AI agents on your machine and streaming events to the cloud API.
4

Use your AI agents normally

Start any AI agent as you normally would. Quint detects them automatically via code signing:
# Claude Code
claude

# Cursor, Windsurf, Cline -- just open the IDE
# Quint detects agent processes at the OS level
Open the dashboard at app.quintai.dev to see sessions, events, and detected agents across your fleet.

API Quick Test

Verify your deployment is working by hitting the API directly.
1

Health check (no auth required)

curl https://api.quintai.dev/health

{"status": "ok"}
2

Readiness check

curl https://api.quintai.dev/ready

{"status": "ready"}
3

List events (authenticated)

Use your deploy token or Supabase JWT:
curl https://api.quintai.dev/v1/events \
  -H "Authorization: Bearer qt_deploy_YOUR_TOKEN"
Filter by agent, session, action type, or time range:
curl "https://api.quintai.dev/v1/events?action_type=PROCESS_EXEC&agent_id=claude-code" \
  -H "Authorization: Bearer qt_deploy_YOUR_TOKEN"
4

View sessions

curl https://api.quintai.dev/v1/sessions \
  -H "Authorization: Bearer qt_deploy_YOUR_TOKEN"
Get a specific session with its children and risk summary:
curl https://api.quintai.dev/v1/sessions/{session_id} \
  -H "Authorization: Bearer qt_deploy_YOUR_TOKEN"
5

Check 24h stats

curl https://api.quintai.dev/v1/events/stats \
  -H "Authorization: Bearer qt_deploy_YOUR_TOKEN"

Deploy Token Management

Deploy tokens are how machines authenticate with the cloud API. Create them from the dashboard or via the API: 
# Create a new deploy token
curl -X POST https://api.quintai.dev/v1/deploy-tokens \
  -H "Authorization: Bearer YOUR_SUPABASE_JWT" \
  -H "Content-Type: application/json" \
  -d '{"name": "dev-machine-01"}'

# List existing tokens
curl https://api.quintai.dev/v1/deploy-tokens \
  -H "Authorization: Bearer YOUR_SUPABASE_JWT"
Deploy tokens use the qt_deploy_ prefix and are SHA-256 hashed before storage. The raw token is shown only once at creation time.

What Gets Captured

When an AI agent runs on a machine with Quint installed, the daemon captures:
Action TypeExample
PROCESS_EXECAgent spawns git commit, npm install, curl
FILE_READAgent reads source code, config files, .env
FILE_WRITEAgent modifies code, creates files
FILE_DELETEAgent removes files
NETWORK_CONNECTAgent makes outbound network connections
Each event includes the tool_name (binary basename), arguments (process args), session_id (UUID v5), and the detected agent_id.

Configuration

The daemon config lives at /etc/quint/config.yaml: 
api_url: https://api.quintai.dev
token: qt_deploy_YOUR_TOKEN
log_level: info    # debug, info, warn, error