Proxy Layer Architecture

The Quint Proxy is a transparent interception layer that wraps around an agent system. It captures every outbound action before it executes, scores it, and either allows, flags, or blocks it in real time.

Three Deployment Modes

MCP Gateway (Recommended)
SDK Middleware
API Event Stream

Quint acts as an MCP proxy server between the agent and all downstream MCP servers.

Agent (MCP Client)
     │
     ▼
┌──────────────────────────┐
│  QUINT MCP GATEWAY       │
│  • Intercepts tools/call │
│  • Scores each action    │
│  • Detects desc changes  │
│  • Allows/blocks         │
└───┬─────────┬─────────┬──┘
    │         │         │
    ▼         ▼         ▼
 Slack    Postgres   GitHub
 MCP      MCP        MCP

Integration effort: Change one config value — point agent’s MCP server URL to quint-gateway.customer.com. 5-minute setup.What’s intercepted:

MCP Method	Canonical Action
`tools/list`	`mcp:server:list_tools`
`tools/call`	`mcp:{server}:{tool}.{verb}`
`resources/read`	`mcp:{server}:resource.read`
`prompts/get`	`mcp:{server}:prompt.get`
`notifications`	`mcp:server:notification`

Tool poisoning detection: On every tools/list response, Quint hashes each tool’s description and parameter schema. If a hash changes, it triggers a mcp:server:tool.description_changed event at elevated risk.Transport support: stdio (local servers) and Streamable HTTP (remote servers).

Native middleware for LangChain, CrewAI, AutoGen, OpenAI Agents SDK.

# LangChain — 3 lines
from quint import QuintMiddleware

quint = QuintMiddleware(api_key="qt_live_...", mode="enforce")
agent_with_quint = quint.wrap(agent)

# CrewAI
from quint import QuintCrewMiddleware

quint = QuintCrewMiddleware(api_key="qt_live_...")
crew = Crew(agents=[...], tasks=[...], middleware=[quint])

# OpenAI Agents SDK
from quint import QuintOpenAIMiddleware

quint = QuintOpenAIMiddleware(api_key="qt_live_...")
agent = Agent(name="support", tools=[...], hooks=quint.hooks())

Shadow mode (mode="monitor"): Scores everything, blocks nothing. Perfect for initial deployment.Enforce mode (mode="enforce"): Actually blocks high-risk actions.Integration effort: pip install quint + 3-5 lines of code.

For custom architectures — send events directly to Quint’s API.

import quint

client = quint.Client(api_key="qt_live_...")

score = client.score(
    action="tool:database:query.execute",
    agent={"agent_id": "bot", "agent_type": "support"},
    target={"resource_id": "customers_db", "sensitivity_level": 3},
    data_fields_accessed=["email", "ssn"],
)

if score.risk_level in ["high", "critical"]:
    return f"Blocked: {score.justification}"

Sync mode: Call before execution. Adds ~50ms latency. Can block.Async mode: Fire events after execution. Zero latency. Monitor/alert only.Integration effort: Higher — instrument each action point.

Onboarding Path

Week 1-2: Shadow Mode

Proxy intercepts and scores everything but blocks nothing. Customer sees risk distribution in dashboard.

Week 3-4: Selective Enforcement

Enable blocking for specific high-confidence rules: “Block all external data sends from the support bot.”

Week 5+: Full Enforcement

Customer has tuned thresholds, created policies, and trusts scoring. Enable enforcement across all agents.

Latency Budget

Component	Target
Event capture + classification	< 2ms
Canonical action mapping	< 1ms
Subgraph construction	< 5ms
Scoring (all 4 layers)	< 35ms
Decision + forward/block	< 2ms
Total proxy overhead (p95)	< 45ms
With LLM fallback	< 3s

For context: a typical MCP tool call takes 100-500ms. Quint adds 10-30% overhead.

Data Privacy

What the proxy stores:

Event metadata (action, agent, session, timestamps, scores)
Data field classifications (“SSN was accessed”) but NOT field values
Tool call parameters (sanitized — secrets redacted)

What the proxy does NOT store:

Raw query results or API responses
Actual PII values
LLM conversation content
User messages (only hashes for correlation)

Architecture & Workflows

​Proxy Layer Architecture

​Three Deployment Modes

​Onboarding Path

​Latency Budget

​Data Privacy

Proxy Layer Architecture

Three Deployment Modes

Onboarding Path

Latency Budget

Data Privacy