macOS — one command
- Removes the PAC proxy from all network services (Wi-Fi, Ethernet, and any others) so traffic stops routing through the local proxy.
- Removes CA trust — the agent’s certificate is deleted from the keychain, so nothing on the machine continues to trust it.
- Deletes local config and event data, including the SQLite event log.
Manual fallback (macOS)
If the CLI isn’t available — for example the binary was already removed — undo the two system changes by hand:Remove the proxy
System Settings → Network → your active service → Details… → Proxies,
and turn off the automatic proxy configuration (PAC) the agent added. Repeat
for every network service.
Untrust the certificate
Open Keychain Access, search for the PromptGuard CA certificate, and
delete it. Confirm no app still trusts it.
Delete local data
Remove the agent’s local config and event-log directory. Contact
support@promptguard.co if you need the exact
path for your build.
Windows and Linux uninstall flows ship alongside those agents, which are
currently in private preview. Until then, contact
support@promptguard.co for offboarding steps on
those platforms.
Offboarding a fleet device
For managed fleets, you don’t need access to the machine to cut it off. Revoking a device from the dashboard (Fleet → Devices → Revoke) is immediate:- The device’s scoped credential is invalidated — its next request to the engine is rejected.
- The agent stops reporting activity to your dashboard.
- The rest of the fleet is unaffected — revocation is per device.
Next steps
Fleet enrollment & revocation
How per-device credentials are issued and revoked.
Privacy & data handling
What’s stored locally and what you can export or delete.