Skip to main content
The desktop agent is the part your team installs. Once it’s on, it watches the AI tools they already use and applies your policy on the device, before a prompt or file is sent — no browser extension required, because one agent covers both the AI apps in the browser (ChatGPT, Claude) and the AI APIs behind coding tools (Cursor, IDE assistants, SDKs). It runs on macOS and Windows and behaves identically on both.

Install

Getting a single machine running takes about five minutes — install the bundle, then one guided command: 
./install.sh
pgshadow init --api-key pg_live_xxxxx --cloud   # logs in, starts, trusts the cert, verifies

Full quickstart

Step-by-step: prerequisites, the menu-bar option, verifying, your first block, and uninstall.
The rest of this page is the reference — what’s covered, how it enforces, the deployment tiers, and the honest limits.

What it protects

Where your team uses AICovered
ChatGPT, Claude in the browser
Cursor, IDE assistants, SDK/API tools (OpenAI, Anthropic, Gemini, Perplexity, Mistral, Cohere APIs)
Gemini in the browser⏳ on the roadmap
Adding a new AI tool is a small config change on our side — not a new version for you to deploy.

What happens at send-time

Every paste, prompt, or upload gets one verdict in milliseconds:
  • Block — secrets, API keys, and prompt-injection attempts are stopped; the employee gets a clear notification with a short reference and a one-click copy-safe-version option.
  • Redact — PII is masked on the device, so the raw value is never transmitted and the employee still gets useful help.
  • Allow — everything else passes through untouched.
If the engine is ever unreachable, the agent fails closed by default (blocks rather than leaks) — configurable for your environment.

Two ways to deploy

Self-serve (today)

A user installs it and approves the certificate once. Perfect for pilots and smaller teams. A local admin can turn it off unless you push it via MDM.

Managed for enterprise

Pushed by your MDM, with a managed certificate and a tamper-resistant capture layer (macOS System Extension / Windows filtering driver). Same detection — just locked down and zero-touch for employees.

Honest limits

Inspecting HTTPS means terminating TLS, which requires a trusted certificate on the device — in both deployment tiers. The enterprise tier doesn’t remove the certificate; it makes it MDM-managed and harder to tamper with. Content is read locally; only the verdict and masked metadata are logged.
Some native desktop apps pin their certificate and bypass any inspection proxy. They’re out of scope by design — the agent never silently fails open on a tool it does cover.
ChatGPT and Claude web use undocumented internal APIs whose shape can change; when one does, it needs a quick parser update on our side. (The roadmap browser extension reads the page directly and is more resilient — an optional enhancement, not a requirement.)

Next steps

Roll it out to your team

Enroll many devices with scoped, revocable credentials.

Choose where your data runs

Cloud, hybrid, or fully air-gapped.