Skip to main content

System Architecture

Quint is a multi-service platform that intercepts AI agent actions, scores them through a graph-native pipeline, and optionally blocks dangerous actions in real time.

High-Level Architecture

┌─────────────────────────────────────────────────────────────────┐
│                    QUINT PLATFORM                                │
│                                                                  │
│  ┌──────────┐    ┌──────────────┐    ┌───────────────────┐     │
│  │  Proxy   │───▶│  REST API    │───▶│  GraphReasoner    │     │
│  │  (Go)    │    │  (FastAPI)   │    │  (quint-graph)    │     │
│  └──────────┘    └──────┬───────┘    └────────┬──────────┘     │
│                         │                      │                 │
│                    ┌────┴─────┐          ┌─────┴──────┐         │
│                    │          │          │            │          │
│               ┌────▼──┐  ┌───▼───┐  ┌───▼────┐  ┌───▼────┐   │
│               │Postgre│  │ Redis │  │Memgraph│  │ Gemini │   │
│               │SQL    │  │       │  │        │  │ (LLM)  │   │
│               └───────┘  └───────┘  └────────┘  └────────┘   │
│                                                                  │
│  ┌──────────────┐    ┌───────────────┐                         │
│  │ Risk Engine  │    │  CLI          │                          │
│  │ (Modal GPU)  │    │  (TypeScript) │                          │
│  └──────────────┘    └───────────────┘                         │
└─────────────────────────────────────────────────────────────────┘

Component Map

ComponentLanguagePurposeDeployment
quint-proxyGoMCP gateway proxy, stdio interception, signed audit logsCustomer environment
quint-infraPython (FastAPI)REST API, event scoring, policy managementRailway
quint-graphPythonGraphReasoner, forward-chaining, GNN, RAG, MemgraphLibrary (pip)
quint-cliTypeScriptDeveloper CLI, policy management, audit verificationnpm package
risk-enginePythonGPU model training (Qwen3-8B-AWQ), LoRA fine-tuningModal
quint-protoProtobufShared schema contract for all servicesbuf.build

Request Flow

Data Flow

Event Lifecycle

1

Interception

The proxy captures an outbound agent action (MCP tool call, API request, database query). It normalizes the action to canonical domain:scope:verb format and extracts metadata (agent, session, target, data fields).
2

Ingestion

The event is sent to the REST API via POST /events. The API validates the API key, checks rate limits, and persists the event to PostgreSQL.
3

Scoring

The GraphReasoner evaluates the event through 4 layers: intrinsic risk, GNN structural analysis, policy violations, and temporal anomaly detection. If confidence is below 0.8, compliance context is retrieved from Memgraph and injected into a Gemini LLM call.
4

Response

The score (1-100), risk level, violations, compliance references, and mitigations are returned to the proxy. The proxy enforces the verdict (allow, flag, or block).
5

Audit

The proxy creates a signed audit entry (Ed25519) chain-linked to the previous entry. The full audit trail is tamper-evident and exportable.

Deployment Topology

Railway (Production API)

ServiceResourcesPurpose
API Server2 vCPU, 1GB RAMFastAPI + Uvicorn (4 workers)
PostgreSQLManagedEvent storage, scores, customers
RedisManagedL1 cache, rate limiting
Memgraph256MB RAM (optional)Graph reasoning co-processor
Production URL: https://api-production-56df.up.railway.app
ServiceResourcesPurpose
Risk EngineA10G GPU, 40GB VRAMQwen3-8B-AWQ inference
Training JobsA10G GPULoRA fine-tuning per tenant
Weights VolumePersistentCustomer-specific model weights

Customer Environment

ComponentResourcesPurpose
Proxy (Go binary)Minimal (< 50MB RAM)MCP interception, audit logging
CLINode.jsPolicy management, audit verification

Dependencies

quint-infra
  ├── quint-graph[memgraph]  (pip, from GitHub)
  ├── FastAPI + Uvicorn
  ├── SQLAlchemy (async) + asyncpg
  ├── Redis (aioredis)
  ├── google-generativeai (Gemini)
  ├── grpcio (risk-engine client)
  ├── modal (GPU deployment)
  └── pydantic + pydantic-settings

quint-graph
  ├── networkx (in-memory graph)
  ├── neo4j (Memgraph Bolt driver)
  ├── torch + torch-geometric (optional, GNN)
  └── compliance_ontology.json (1,948 nodes)

quint-proxy
  ├── gen/go/quint/v1 (from quint-proto)
  └── Go stdlib (crypto, net)

quint-cli
  ├── gen/ts (from quint-proto)
  └── Node.js