One binary. Pair once. Connect any MCP-speaking AI client. ~5 minutes start to first audited tool call. Works with Claude Desktop, Codex, Cursor, Continue, OpenClaw, Hermes Agent — anything that speaks MCP.
One single-file binary (~13 MB). No dependencies, no installer wizard. Pick your platform:
curl -fSL https://app.proofpane.com/downloads/airgov_daemon-aarch64-apple-darwin \ -o /usr/local/bin/proofpane chmod +x /usr/local/bin/proofpane # macOS Gatekeeper: unsigned binary needs quarantine attribute cleared xattr -d com.apple.quarantine /usr/local/bin/proofpane 2>/dev/null || true proofpane --help
curl -fSL https://app.proofpane.com/downloads/airgov_daemon-x86_64-apple-darwin \ -o /usr/local/bin/proofpane chmod +x /usr/local/bin/proofpane xattr -d com.apple.quarantine /usr/local/bin/proofpane 2>/dev/null || true proofpane --help
curl -fSL https://app.proofpane.com/downloads/airgov_daemon-x86_64-linux \ -o /usr/local/bin/proofpane chmod +x /usr/local/bin/proofpane proofpane --help
# PowerShell as Admin Invoke-WebRequest ` -Uri https://app.proofpane.com/downloads/airgov_daemon-x86_64-windows.exe ` -OutFile "$env:ProgramFiles\Proofpane\proofpane.exe" # Add to PATH or use the full path in client config below. & "$env:ProgramFiles\Proofpane\proofpane.exe" --help
In the Proofpane app: Devices → Pair new device → copy the 6-character code (valid for 5 minutes).
Then in your terminal:
AIRGOV_CLOUD_URL=https://api.proofpane.com \ proofpane pair J2W-UCF-LCL
You should see:
Pairing with https://api.proofpane.com Code: J2W-UCF-LCL Name: MacBookPro (Darwin) Platform: darwin-x86_64 Paired successfully. device_id: 831aecd2-dc82-4590-8b1a-a2e031d82108 config: /Users/yilu/.airgov/config.json
One-time setup. The token in ~/.airgov/config.json is what
authenticates every subsequent tool-call audit row.
Pick the one you actually use:
Edit ~/Library/Application Support/Claude/claude_desktop_config.json
(macOS) or the equivalent on your OS. Add a proofpane entry under
mcpServers:
{
"mcpServers": {
"proofpane": {
"command": "proofpane",
"args": ["mcp"],
"env": {
"CP_VENDOR": "claude_desktop",
"CP_AGENT": "default"
}
}
}
}
Fully restart Claude Desktop. The Proofpane MCP server appears under Settings → Connectors as Connected.
Settings → Connectors → Connect to a custom MCP. Fill the form:
Name proofpane
Transport STDIO
Command to launch proofpane
Arguments mcp
Environment vars CP_VENDOR = codex_desktop
CP_AGENT = default
Working directory (leave blank or set to project root)
Save. Codex spawns the daemon on first tool call.
Settings → MCP → Add server:
{
"mcpServers": {
"proofpane": {
"command": "proofpane",
"args": ["mcp"],
"env": {
"CP_VENDOR": "cursor",
"CP_AGENT": "default"
}
}
}
}
Reload Cursor. Tools surface in the agent panel.
Edit ~/.continue/config.json:
{
"experimental": {
"modelContextProtocolServers": [
{
"transport": {
"type": "stdio",
"command": "proofpane",
"args": ["mcp"],
"env": {
"CP_VENDOR": "continue",
"CP_AGENT": "default"
}
}
}
]
}
}
Anything that speaks MCP works. The shape is always:
proofpane (or full path if not on PATH)["mcp"]CP_VENDOR (descriptive label),
CP_AGENT (agent-policy lookup key)
That's it. The daemon answers the MCP initialize handshake,
advertises its tool catalog, and routes every tools/call through
the policy gate + audit chain.
CP_AGENT, the daemon denies every tool call. This is intentional:
a fresh install can't read your filesystem until you say which paths are allowed.
In the app: MCP Setup → Agent Policies → New policy. Reasonable starter:
Agent name default (matches CP_AGENT)
Description Dev workstation
Allowed paths ~/projects/**
/tmp/**
Denied paths ~/.ssh/**
~/.aws/**
/etc/**
/var/log/**
Bash policy ask (HITL prompt for every bash)
Default decision deny (catch-all: refuse the unknown)
Valid until (blank = permanent)
Save. Tool calls into allowed paths execute immediately; bash routes through Slack / Tray HITL approval; everything else is denied with the matched rule recorded on the audit row.
In your AI client, ask:
What files are in the current directory?
Then open app.proofpane.com/mcp-activity. The By client + version card should show one row:
client version calls denied Codex 26.429.30905 1 0
That's the MCP initialize handshake's clientInfo flowing
through. Every subsequent tool call increments calls; any
policy denial increments denied. Six years from now, a regulator
opens the Evidence Pack for this window and sees the same row, same hash,
same answer.
For native-OS HITL approval pop-ups (when an agent hits a bash gate or a high-risk skill output): a small system-tray app that subscribes to your org's HITL queue and surfaces approve / deny prompts without context-switching.
"Not paired" after running proofpane pair
Pairing codes expire in 5 minutes — generate a fresh one. Also check the
cloud URL matches your deployment:
AIRGOV_CLOUD_URL=https://api.proofpane.com.
"No policy configured for agent X" on every tool call
Your CP_AGENT env value (default default) must
exact-match a policy's Agent name. Open
MCP Setup and either
create the policy or rename the existing one.
Audit rows not showing on /mcp-activity
You're probably looking at the wrong org. The daemon writes to whichever org
it paired against — check ~/.airgov/config.json's device_id
against your Devices list, and
make sure the logged-in org matches.
macOS Gatekeeper blocks the binary on first run
The binary is unsigned in early-access. Remove the quarantine attribute:
xattr -d com.apple.quarantine /usr/local/bin/proofpane.
A signed build ships with the first paid release.
Codex / client doesn't see Proofpane after config
Most MCP clients only re-read config on full restart (not in-app reload). Quit completely and re-launch.