Install Proofpane.

One binary. Pair once. Connect any MCP-speaking AI client. ~5 minutes start to first audited tool call. Works with Claude Desktop, Codex, Cursor, Continue, OpenClaw, Hermes Agent — anything that speaks MCP. Available today on macOS Apple Silicon (arm64), macOS Intel (x86_64), Linux x86_64, and Windows x86_64.

1

Download the daemon

One single-file binary (~13 MB). No dependencies, no installer wizard. macOS users get a real .app bundle — download, unzip, double-click.

Available for macOS Apple Silicon macOS Intel Linux x86_64 Windows x86_64

Universal one-liner — auto-detects platform + arch: 

curl -fsSL https://app.proofpane.com/install.sh | bash

Works on macOS (arm64 + x86_64), Linux x86_64, and Windows x86_64 (run from WSL or Git Bash). Binaries served from https://app.proofpane.com/daemon/.

Download .app for macOS Get from GitHub releases 13 MB · Proofpane Daemon.app · sha256 · native macOS Apple Silicon (arm64) + Intel (x86_64)
Chrome may show "This file may be dangerous" on the direct download — that's expected: proofpane.com is a new domain and the binary isn't code-signed yet, so Google Safe Browsing flags it on principle. Three ways through:
  • Use the "Get from GitHub releases" button above — github.com's reputation skips the warning entirely
  • In Chrome's warning bar → expand the menu → Keep dangerous file
  • Download via curl from terminal (see the CLI section below) — bypasses the browser entirely
First launch — macOS Gatekeeper bypass (one-time): The .app is not Apple-signed yet, so macOS blocks it on double-click. Do this once:
  1. Unzip the download → drag Proofpane Daemon.app to your /Applications folder
  2. Right-click (or Ctrl-click) the .app → Open → click Open again in the warning dialog
  3. From the second launch onwards, normal double-click works

Apple Developer ID signing + notarisation (no warnings at all) is on the roadmap.

Or install via terminal (CI / servers / Chrome workaround)

Same binary that lives inside the .app, served as a bare file so curl-based installers stay one-liners. 

curl -fSL https://app.proofpane.com/daemon/airgov_daemon-darwin-x86_64 \
  -o /usr/local/bin/proofpane
chmod +x /usr/local/bin/proofpane
# Strip the Gatekeeper quarantine flag set by curl on macOS
xattr -d com.apple.quarantine /usr/local/bin/proofpane 2>/dev/null || true
proofpane --help

SHA-256: airgov_daemon-darwin-x86_64.sha256 

curl -fSL https://app.proofpane.com/daemon/airgov_daemon-darwin-arm64 \
  -o /usr/local/bin/proofpane
chmod +x /usr/local/bin/proofpane
# Strip the Gatekeeper quarantine flag set by curl on macOS
xattr -d com.apple.quarantine /usr/local/bin/proofpane 2>/dev/null || true
proofpane --help

Native arm64 build for M1/M2/M3/M4 — no Rosetta needed. SHA-256: airgov_daemon-darwin-arm64.sha256 

curl -fSL https://app.proofpane.com/daemon/airgov_daemon-linux-x86_64 \
  -o /usr/local/bin/proofpane
chmod +x /usr/local/bin/proofpane
proofpane --help

Linux x86_64 build. SHA-256: airgov_daemon-linux-x86_64.sha256 

# Run from WSL or Git Bash:
curl -fSL https://app.proofpane.com/daemon/airgov_daemon-windows-x86_64.exe \
  -o "$HOME/bin/proofpane.exe"
chmod +x "$HOME/bin/proofpane.exe"
proofpane --help

Windows x86_64 build. Authenticode signing is on the roadmap so SmartScreen stays quiet. SHA-256: airgov_daemon-windows-x86_64.exe.sha256

Why a single binary? Codex / Claude Desktop spawn a fresh process per MCP session. A 13 MB self-contained binary cold-starts in <200ms. No Python venv, no pip install, no missing-dependency errors at customer site. The binary you download is the binary your auditor verifies.
2

Pair with your Proofpane org

In the Proofpane app: DevicesPair new device → copy the 6-character code (valid for 5 minutes).

Then in your terminal:

AIRGOV_CLOUD_URL=https://api.proofpane.com \
  proofpane pair J2W-UCF-LCL

You should see:

Pairing with https://api.proofpane.com
  Code: J2W-UCF-LCL
  Name: MacBookPro (Darwin)

Paired successfully.
  device_id: 831aecd2-dc82-4590-8b1a-a2e031d82108
  config:    /Users/yilu/.airgov/config.json

--- Auto-configuring detected MCP clients ---
Detected: Claude Desktop, Claude Code (CLI), Cursor, VS Code Copilot, Codex app
✓ Claude Desktop:    configured
✓ Claude Code (CLI): configured
✓ Cursor:            configured
✓ VS Code Copilot:   configured
✓ Codex app:         configured

✓ Pair + MCP client setup both done. Restart the apps above to pick up the new server.

The pair command auto-detects every supported MCP client and writes its config in the right shape (JSON / TOML / YAML). One-time setup, one command. The token in ~/.airgov/config.json is what authenticates every subsequent tool-call audit row.

Need to skip the auto MCP install? Add --no-auto-install-mcp to the pair command — you can run proofpane install-mcp separately later.

3

Restart your AI clients

The pair step already wrote the proofpane entry into every detected client's config. Now just restart them so the changes take effect:

  • Claude Desktop — Cmd+Q + reopen (reload window won't pick up MCP)
  • Cursor / VS Code — Cmd+Shift+P → "Developer: Reload Window"
  • Codex app — Cmd+Q + reopen
  • Claude Code — no restart, next claude invocation picks it up
  • Continue — reopen the side panel

Want to inspect / change what was written? Three useful flags:

  • proofpane install-mcp --list — show which clients were detected + format used
  • proofpane install-mcp --dry-run — preview the diff without writing
  • proofpane uninstall-mcp — clean removal; preserves your other MCP servers

Prefer to edit the config files yourself? The exact JSON / TOML / YAML the auto-installer writes is below — pick your client to see the snippet:

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent on your OS. Add a proofpane entry under mcpServers: 

{
  "mcpServers": {
    "proofpane": {
      "command": "proofpane",
      "args": ["mcp"],
      "env": {
        "CP_VENDOR": "claude_desktop",
        "CP_AGENT":  "default"
      }
    }
  }
}

Fully restart Claude Desktop. The Proofpane MCP server appears under Settings → Connectors as Connected.

Settings → ConnectorsConnect to a custom MCP. Fill the form: 

Name              proofpane
Transport         STDIO
Command to launch proofpane
Arguments         mcp
Environment vars  CP_VENDOR = codex_desktop
                  CP_AGENT  = default
Working directory (leave blank or set to project root)

Save. Codex spawns the daemon on first tool call.

Settings → MCPAdd server: 

{
  "mcpServers": {
    "proofpane": {
      "command": "proofpane",
      "args": ["mcp"],
      "env": {
        "CP_VENDOR": "cursor",
        "CP_AGENT":  "default"
      }
    }
  }
}

Reload Cursor. Tools surface in the agent panel.

Edit ~/.continue/config.json: 

{
  "experimental": {
    "modelContextProtocolServers": [
      {
        "transport": {
          "type": "stdio",
          "command": "proofpane",
          "args": ["mcp"],
          "env": {
            "CP_VENDOR": "continue",
            "CP_AGENT":  "default"
          }
        }
      }
    ]
  }
}

Anything that speaks MCP works. The shape is always:

  • Command: proofpane (or full path if not on PATH)
  • Args: ["mcp"]
  • Transport: stdio
  • Env (optional): CP_VENDOR (descriptive label), CP_AGENT (agent-policy lookup key)

That's it. The daemon answers the MCP initialize handshake, advertises its tool catalog, and routes every tools/call through the policy gate + audit chain.

Want more MCP servers? Once paired, open MCP SetupDownstream MCP servers. Add Slack MCP, GitHub MCP, Filesystem MCP, your custom MCP — one entry each. The daemon spawns them as subprocesses, prefixes their tool names (slack-mcp__send_message), and routes calls through the same policy / HITL / DLP / audit pipeline. The per-row toggle is the killswitch: click off → SIGTERM lands in <2 s, no client restart needed.
4

Create an agent policy

Deny-by-default. Until you create a policy for your CP_AGENT, the daemon denies every tool call. This is intentional: a fresh install can't read your filesystem until you say which paths are allowed.

In the app: MCP SetupAgent PoliciesNew policy. Reasonable starter: 

Agent name       default            (matches CP_AGENT)
Description      Dev workstation
Allowed paths    ~/projects/**
                 /tmp/**
Denied paths     ~/.ssh/**
                 ~/.aws/**
                 /etc/**
                 /var/log/**
Bash policy      ask                (HITL prompt for every bash)
Default decision deny               (catch-all: refuse the unknown)
Valid until      (blank = permanent)

Save. Tool calls into allowed paths execute immediately; bash routes through Slack / Tray HITL approval; everything else is denied with the matched rule recorded on the audit row.

5

Verify it works

In your AI client, ask: 

What files are in the current directory?

Then open app.proofpane.com/agent-activity — the unified agent activity dashboard (MCP-native + broker traffic on one chain; filter by Source to slice). The By client + version card should show one row: 

client            version           calls   denied
Codex             26.429.30905        1       0

That's the MCP initialize handshake's clientInfo flowing through. Every subsequent tool call increments calls; any policy denial increments denied. Six years from now, a regulator opens the Evidence Pack for this window and sees the same row, same hash, same answer.

Prefer to verify from the terminal? The daemon ships a one-shot health subcommand: 

airgov_daemon health

Prints the resolved config path, the paired cloud URL, the device id, and a ready / not-ready line summarising reachability of the cloud control plane. Handy from CI / shell scripts.

6

(Optional) Install the Tray app

For native-OS HITL approval pop-ups (when an agent hits a bash gate or a high-risk skill output): a small system-tray app that subscribes to your org's HITL queue and surfaces approve / deny prompts without context-switching.

Coming soon as a separate signed installer. The MVP today ships approvals via Slack (configure in MCP Setup → Notifications) — same approval contract, same audit chain, different surface.
?

Troubleshooting — 5 common issues, click to expand

"Not paired" after running proofpane pair

Pairing codes expire in 5 minutes — generate a fresh one. Also check the cloud URL matches your deployment: AIRGOV_CLOUD_URL=https://api.proofpane.com.

"No policy configured for agent X" on every tool call

Your CP_AGENT env value (default default) must exact-match a policy's Agent name. Open MCP Setup and either create the policy or rename the existing one.

Audit rows not showing on /agent-activity

You're probably looking at the wrong org. The daemon writes to whichever org it paired against — check ~/.airgov/config.json's device_id against your Devices list, and make sure the logged-in org matches.

macOS Gatekeeper blocks the binary on first run

The binary is unsigned in early-access. Remove the quarantine attribute: xattr -d com.apple.quarantine /usr/local/bin/proofpane. A signed build ships with the first paid release.

Codex / client doesn't see Proofpane after config

Most MCP clients only re-read config on full restart (not in-app reload). Quit completely and re-launch.

Try the live demo Watch the walkthroughs → Stuck? Email us
Built in Aotearoa New Zealand · [email protected]
© 2026 Proofpane