Deployment Guide

Managed-device deployment

July 2026

Overview

The Proxara device service is a native background service for macOS and Windows that intercepts AI-bound traffic at the operating system network layer. It covers all applications on the device: browsers, desktop AI apps (Claude Desktop, ChatGPT Desktop), coding tools, CLI utilities, and API calls.

Proxara intercepts at the OS network layer, so coverage is universal across browsers, desktop AI apps, coding tools, CLIs, and API calls under a single inspection point.

The service runs as a LaunchDaemon on macOS and a Windows Service on Windows. It installs silently, starts at boot, and auto-updates. Employees see a brief monitoring notice on first use of any AI tool, customizable with your firm name and compliance contact.

IT Involvement Required

This deployment involves system-level changes

The device service installs a root certificate authority, modifies network routing, and runs as a privileged system service. These steps require administrative access and should be coordinated with your IT team. This guide is written for IT administrators.

Prerequisites

Before beginning deployment, confirm the following with your IT team:

RequirementDetails
Operating system macOS 13 (Ventura) or later, or Windows 10 21H2 or later
Administrative access Root (macOS) or SYSTEM/Administrator (Windows) privileges for installation
MDM platform Recommended for silent deployment. JAMF, InTune, Kandji, Mosyle, or equivalent. Manual installation is also supported.
Network access Outbound HTTPS to api.proxara.ai on port 443
Local ports Ports 8443, 8444, and 19850 available on localhost (not exposed externally)
Disk space Approximately 15 MB (binary, certificates, and configuration)

What the Installer Does

The installation package performs the following steps automatically.

  1. Installs the service binary to /Library/Application Support/Proxara/bin/ (macOS) or C:\Program Files\Proxara\ (Windows). Approximately 5 MB.
  2. Generates a root CA certificate carrying X.509 Name Constraints that exclude sign-in, banking, healthcare, government, and security-tooling domains in the certificate itself. The certificate is unique to each device, and the agent issues a leaf certificate only for a destination with positive evidence it is an AI service.
  3. Installs the root CA in the operating system trust store (System Keychain on macOS, Trusted Root Certification Authorities on Windows). This allows the service to inspect HTTPS traffic to AI domains.
  4. Deploys a Firefox enterprise policy that enables Firefox to trust enterprise root certificates. This is a standard Mozilla enterprise deployment mechanism.
  5. Registers the system service as a LaunchDaemon (macOS) or Windows Service. The service starts at boot and auto-restarts on failure.
  6. Enrolls the device with Proxara's API to receive its configuration, API key, and tenant assignment.
  7. Installs QUIC blocking rules via pf (macOS) or WFP (Windows) to prevent browsers from bypassing the TCP proxy via UDP/443. These rules apply only to resolved AI domain IPs.
  8. Configures traffic routing. On macOS, a Network Extension redirects AI domain connections to the local proxy. On Windows, a PAC (Proxy Auto-Config) file is configured via the system proxy setting.

The Root Certificate

Security Detail

The certificate excludes sensitive domains in its own Name Constraints

The root CA contains a Name Constraints extension whose excluded subtrees bar sign-in and identity, banking and payments, healthcare, government, and security-tooling domains. On platforms that enforce name constraints, a certificate this CA issues for an excluded domain does not validate, and the exclusions are readable directly out of the certificate, so a security team can audit the boundary from the artifact itself. Beyond that, the agent decrypts a connection only on positive evidence the destination is an AI service and tunnels everything else through without inspection. Sign-in, banking, healthcare, and government traffic is never intercepted.

Covered domains

Out of the box, the service covers the major AI providers:

This list is not fixed. Internal AI tools, third-party AI wrappers, and new providers can be added through the governance console at any time. The domain registry refreshes automatically every 30 minutes, so changes take effect across all devices without restarting the service.

Traffic to domains not on the list passes through unmodified. The service does not inspect, intercept, or log non-AI traffic.

Certificate lifecycle

CertificateValidityStorage
Root CA 10 years PEM and DER files in the service data directory. Private key stored with filesystem permissions restricted to root/SYSTEM.
Per-domain leaf certificates 90 days Generated on demand, cached in memory. Not persisted to disk.

Removal

Running proxara-agent --uninstall removes the root CA from the OS trust store, deletes all certificate files, and removes the Firefox enterprise policy. The device is returned to its original state.

Deployment Paths

MDM Deployment

JAMF, InTune, Kandji, Mosyle, or equivalent

  1. Proxara provides the signed installer package (.pkg for macOS, .msi for Windows)
  2. Upload the package to your MDM as a managed application
  3. Optionally pre-deploy the configuration profile (.mobileconfig for macOS) to set the API key and tenant ID before installation
  4. Deploy to target devices
  5. For macOS: approve the System Extension in MDM (or instruct employees to approve in System Settings > Privacy & Security)

The installer runs silently. Employees see no prompts during installation. The monitoring notice appears on their first AI tool visit.

Manual Installation

For evaluation or small-scale deployment

  1. Proxara provides the signed installer package
  2. Run the installer with administrative privileges
  3. macOS: approve the System Extension when prompted
  4. The service starts immediately and enrolls with Proxara's API

macOS: sudo installer -pkg proxara-agent.pkg -target /
Windows: run the .msi as Administrator, or msiexec /qn /i proxara-agent.msi

macOS System Extension approval

macOS requires explicit approval for System Extensions. With MDM, this can be pre-approved via a configuration profile containing a SystemExtensions payload. Without MDM, employees will see a prompt in System Settings asking them to allow the Proxara Network Extension. This is a one-time step.

Configuration

The service reads its configuration from a JSON file in the data directory. For MDM deployments, this can be pre-deployed via a configuration profile. For manual installations, the service enrolls with Proxara's API on first launch and receives its configuration automatically.

Configuration file location

PlatformPath
macOS/Library/Application Support/Proxara/config.json
WindowsC:\ProgramData\Proxara\config.json

Key settings

FieldDescriptionDefault
api_endpointProxara API URLhttps://api.proxara.ai
api_keyAuthentication key (provided by Proxara)Set during enrollment
tenant_idFirm identifierSet during enrollment
fail_openIf true, traffic passes through when the API is unreachabletrue
sensitivity_thresholdControls auto vs. manual review (0-100)50
consent_givenPre-set to true to skip the employee consent notice (for MDM)false

The fail_open and sensitivity_threshold settings can be updated remotely via the Proxara governance console without redeploying or restarting the service.

Network Architecture

All components run locally on the employee's device. No inbound network connections are required.

ComponentPortPurpose
MITM proxy127.0.0.1:8444Intercepts and inspects AI domain HTTPS traffic
Transparent bridge127.0.0.1:8443Receives redirected traffic from the Network Extension or system proxy, converts to CONNECT tunnels
Companion API127.0.0.1:19850Serves the injected UI script, WebSocket events, consent and confirmation endpoints

Outbound connections

No other outbound connections are made. The service does not phone home, collect telemetry, or communicate with any third-party service beyond the Proxara API and the AI providers.

What Happens on Day One

  1. Proxara provisions your dedicated backend environment (handled entirely by Proxara)
  2. Your IT team deploys the installer package via MDM or manual installation
  3. The service enrolls with Proxara's API and receives its configuration
  4. The root CA is generated and installed in the OS trust store
  5. Employees use AI tools normally. The service intercepts, classifies, and redacts in real time.
  6. On first AI tool visit, employees see a brief, customizable monitoring notice
  7. Flagged interactions are delivered to you through email, Slack, or Teams

What Proxara Handles

Proxara provisions a dedicated, single-tenant cloud environment for your firm on AWS. This is a fully isolated deployment. There is no shared infrastructure, no multi-tenant database, and no data commingling with any other customer. Proxara has no ability to read your data outside of the operational access needed to keep the environment running.

What runs in your environment

ComponentWhat it does
Classification API (EC2)Receives prompts from the device service, classifies sensitive entities, returns redaction instructions. Processes in real time and discards inputs immediately.
AWS Bedrock (Claude)AI inference for classification. Runs within a dedicated AWS account in the region you choose. No model training on your data. Optionally replaced with a self-hosted model on GPU instances for zero external API calls.
PostgreSQL (RDS)Stores audit records, vocabulary policies, and configuration. AES-256 encrypted with customer-managed KMS keys.
S3 Archive StorageStores flagged interaction records for up to 7 days until archived or dismissed. AES-256 encrypted. S3 Object Lock (WORM) available.
Governance ConsoleWeb interface for managing policies, sensitivity thresholds, alert routing, and archive connections. Accessible to your designated compliance officers only.

Proxara manages provisioning, updates, monitoring, and maintenance. Your firm does not need to set up or maintain anything on the server side.

If your firm prefers to host the environment yourself, Proxara provides deployment templates and documentation for customer-managed AWS deployments. In that model, Proxara has no access to your data and acts as a software licensor only. This is also available as an MSP-managed deployment through your existing IT provider.

If you integrate with a compliance archive (Smarsh, Global Relay, or equivalent), Proxara configures that connection as well.

Timeline

< 24 hours
Backend provisioned
by Proxara
30 minutes
Installer uploaded
to MDM
Minutes
Service deployed
to devices
Same day
Fully operational

Uninstallation

The service includes a complete uninstall command that reverses all changes:

proxara-agent --uninstall

This removes:

For MDM deployments, include the uninstall command in the package's removal script so it runs automatically when the application is removed.

Verification

After deployment, IT can verify the service is running correctly:

Check service status

curl http://127.0.0.1:19850/px/status

Returns JSON with the service version, active session count, and running state.

Check CA installation

# macOS security find-certificate -c "Proxara Agent CA" /Library/Keychains/System.keychain # Windows certutil -store Root "Proxara Agent CA"

Check service logs

# macOS cat "/Library/Application Support/Proxara/logs/agent.stderr.log" # Windows Get-Content "C:\ProgramData\Proxara\logs\agent.stderr.log" -Tail 50

Technical Support

Jex Pearce

jex@proxara.ai

proxara.ai