> For the complete documentation index, see [llms.txt](https://help.aikido.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.aikido.dev/aikido-device-protection/miscellaneous-aikido-endpoint/how-does-endpoint-protection-work.md).

# How Does Device Protection Work?

Aikido Device Protection installs a lightweight Layer 4 proxy on each device. It only inspects supported package manager traffic. Everything else bypasses it.

```mermaid
flowchart LR
    A[Network traffic on device] --> B{Supported ecosystem?}
    B -- No --> C[Passes through unchanged<br/>not inspected]
    B -- Yes --> E{On device inspect traffic<br/>and policy decision}

    E -->|Allowed| F[Install allowed]
    E -->|Blocked| G[Install blocked]

    F --> R
    G --> R
    R[Reported to Aikido]

    classDef block fill:#ffd6d6,stroke:#c0392b;
    classDef allow fill:#d6f5d6,stroke:#27ae60;
    classDef flag fill:#fff2cc,stroke:#e1a100;
    class G block;
    class F allow;
    class H flag;  
```

### Decisions happen on the device

All allow and block decisions happen locally. Aikido does not receive your traffic, browsing history, or downloaded files.

The agent downloads only the data it needs to enforce policy:

* **Allowlists and blocklists**
* **Malware signatures**
* **Policy rules and exceptions**

After that sync, the device can enforce rules on its own.

### What data Aikido receives and when

Package contents stay on the device, and general browsing stays invisible to Aikido. The agent only reports install outcomes and installed packages:

* Allowed installs
* Blocked installs
* Flagged installs
* Installed packages

Installed packages are compiled into an SBOM (a software bill of materials, the inventory of packages in use), generated and synced once a day. Install outcomes are reported immediately, and the agent sends a heartbeat every 10 minutes so you know it's online.

The agent needs outbound internet access to reach Aikido. Allowlist `*.aikido.dev` over HTTPS on port 443.

### It only intercepts supported ecosystems

The proxy is not a general web filter. It only intercepts [supported package ecosystems](/aikido-device-protection/endpoint-protection.md#supported-ecosystems). All other traffic passes through unchanged.

Supported package managers use HTTPS. To inspect that traffic, the agent uses a local Certificate Authority (CA) on the device. It is only used for the ecosystems Aikido monitors.

These are the domains Aikido Device Protection intercepts. The list contains package registries, developer tool marketplaces, and Aikido's own protection endpoints.

```
api.nuget.org
app.aikido.dev
aikido-endpoint-binaries.s3.eu-west-1.amazonaws.com
central.maven.org
chromewebstore.google.com
chromewebstore.googleapis.com
clients2.google.com
clients2.googleusercontent.com
crates.io
index.crates.io
static.crates.io
device-protection.aikido.help
files.pythonhosted.org
gallery.vsassets.io
gallerycdn.vsassets.io
github.com
globalcdn.nuget.org
marketplace.cursorapi.com
marketplace.visualstudio.com
open-vsx.org
proxy.golang.org
pypi.org
pypi.python.org
registry.npmjs.com
registry.npmjs.org
registry.yarnpkg.com
repo.maven.apache.org
repo1.maven.org
repository.apache.org
rubygems.org
index.rubygems.org
repo.packagist.org
sum.golang.org
update.googleapis.com
www.nuget.org
```

### How the CA works

Aikido uses a two-tier CA model:

1. **Intermediate CA:** deployed to the device via MDM, or generated locally by the agent. This CA is unique per customer and its private key is stored in Apple's protected storage (Secure Enclave / Keychain), which prevents the key from being read or exported even by the device owner.
2. **Short-lived proxy CA:** signed by the root CA at runtime. This is the CA the proxy uses to inspect package manager traffic. It is valid for a maximum of 4 days. If it is ever extracted from memory, it expires quickly and cannot be used to sign further CAs (intermediate-only enforcement is applied at signing time).

The root CA never leaves the device. The proxy CA is re-signed automatically before it expires.

**CA file location on macOS:**

`/Library/Application Support/AikidoSecurity/EndpointProtection/run/endpoint-protection-combined-ca.pem`

### Limitations

* **Aikido Device Protection is not a virus scanner.** It does not inspect files, processes, or your system for existing threats. Instead, it works by blocking malware before it can reach your device. This means that if malware is already present on a device, Aikido Device Protection will not detect or remove it, and the device should be considered compromised.
* **Aikido Device Protection currently does not support Docker or Podman on macOS**


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/aikido-device-protection/miscellaneous-aikido-endpoint/how-does-endpoint-protection-work.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.