Download and Install - Velatir Documentation

Overview

The Velatir desktop client ships as a signed installer for each supported platform. The installer is intentionally small. At first run, the bundled agent downloads the rest of the application and stages it in a versioned directory so future updates can swap atomically. You need an API key from the Velatir dashboard to complete the installation. Generate one on the Setup tab of your workspace.

This page covers single-device installation. For organisation-wide rollouts via Microsoft Intune, Jamf Pro, or other MDM platforms, see Enterprise deployment.

Prerequisites

Requirement	Detail
Operating system	Windows 10 or 11 (x64 or arm64), or macOS 13 Ventura or later
Account type	Administrator rights on the device
Network	Outbound HTTPS to `api.velatir.com` and Velatir’s update storage
API key	A project API key from the Velatir dashboard

Windows
macOS

Install on Windows

Velatir installs in a single command from an elevated command prompt. The MSI stages your API key as it installs, so there is no separate sign-in step.

Download the installer

Download the latest signed MSI for your architecture:

Velatir for Windows (x64)

For Intel and AMD devices.

Velatir for Windows (arm64)

For Snapdragon and other arm64 devices.

Generate an API key on the Setup tab of your workspace in the Velatir dashboard.

Install silently with your API key

Open Command Prompt as administrator, then run the installer against the file you downloaded, passing your API key:

msiexec /i Velatir-Bootstrap-x64.msi VELATIR_API_KEY=vltr_your_api_key_here /qn

Use the full path to the downloaded file (for example %USERPROFILE%\Downloads\Velatir-Bootstrap-x64.msi), and substitute Velatir-Bootstrap-arm64.msi on arm64 devices.The /qn switch runs the install with no UI. From its single elevation the MSI places the Velatir Agent into C:\Program Files\Velatir\, installs the Velatir CA certificate into the trusted root store, registers the Wintun driver used for transparent traffic interception, registers a scheduled task that starts the agent at user logon, and stages your API key (the VELATIR_API_KEY property is hidden from MSI logs). The host starts automatically once the install completes.

The full list of permissions the installer requests is documented in Permissions.

Confirm interception

Verify the agent is running:

velatir status

The output should show the agent and host running, the transparent proxy active, and a masked API key matching the value you passed.Then open a supported AI application (for example, GitHub Copilot in VS Code or Claude Code in a terminal). Send a prompt, then check your Velatir dashboard. The interaction should appear as a trace within a few seconds.

Install on macOS

Download the installer

Download the package for your Mac’s architecture:

Velatir for macOS (Apple Silicon)

For Mac computers with Apple Silicon (M1, M2, M3, M4 and later).

Velatir for macOS (Intel)

For Mac computers with an Intel processor.

Not sure which one you need? Click the Apple menu, choose About This Mac, and check the Chip or Processor entry. If it mentions Apple, M1, M2, M3, or M4, choose Apple Silicon. If it mentions Intel, choose Intel.The package is signed by Velatir’s Apple Developer ID and notarised by Apple, so Gatekeeper will allow it to run without warnings.

Run the installer

Open the downloaded .pkg and follow the prompts. The installer will:

Place Velatir into /Applications/Velatir.app
Register the Velatir system extension
Install the Velatir CA into the System keychain

Authentication with an administrator password is required to complete the install. No other inputs are required during the installer flow.

Configure your API key

Open a new Terminal window and set the API key. Generate one on the Setup tab of your workspace in the Velatir dashboard.

sudo velatir set-api-key --key vltr_your_api_key_here

The default backend points at production. Change it only if directed by your administrator:

sudo velatir set-api-base-url --url https://api.velatir.com/api/v1

Approve the system extension

macOS will prompt you to approve the Velatir system extension. Open System Settings > General > Login Items & Extensions > Network Extensions (or use the link that appears in the prompt), and enable Velatir.Until the extension is approved, Velatir cannot intercept traffic. Approval is required once per device. Approve the Velatir system extension in System Settings

Approve the Velatir system extension in System Settings

Verify the agent is running

In the same Terminal, check the agent state:

velatir status

The status output should show the agent and host running, the transparent proxy active, and a masked API key matching the value you set in step 3.

Confirm interception

Open a supported AI application (for example, Claude Code in a terminal, or GitHub Copilot in VS Code). Send a prompt, then check your Velatir dashboard. The interaction should appear as a trace within a few seconds.

What Gets Installed

Component	Windows	macOS
Agent (background supervisor)	`C:\Program Files\Velatir\VelatirAgent.exe`	Bundled in `/Applications/Velatir.app`
Host (proxy and trace pipeline)	`C:\Program Files\Velatir\app\current\Velatir.exe`	Bundled in `/Applications/Velatir.app`
CLI	`velatir` on the system path	`velatir` on the system path
Velatir CA certificate	`LocalMachine\Root`	System keychain
Traffic interception	Wintun virtual adapter + tun2socks helper	Network system extension

The full architecture of these components is described in How it works.

Updates

After the first install the agent checks for new payloads every four hours and applies them transparently. You can also force an update at any time:

velatir update --apply

The previous version is retained on disk until the new version starts successfully, so there is no in-between state.

Uninstall

Windows
macOS

Uninstall from Settings > Apps > Installed apps, or from an elevated terminal:

msiexec /x {VELATIR-PRODUCT-CODE-PLACEHOLDER} /qn

Uninstall removes the agent, the host, the scheduled task, the Wintun adapter, and the CA certificate from the trusted root store.

Run the uninstall helper bundled with the application:

sudo /Applications/Velatir.app/Contents/Resources/uninstall.sh

Uninstall removes the application bundle, the background launch services, per-user data and preferences, the system extension, and the Velatir CA from both the System keychain and each user’s login keychain. The script is idempotent — safe to re-run if a previous attempt was interrupted.

A restart is required to complete removal of the system extension.

Next Steps

Permissions

Detailed reference for the permissions the installer requests.

VPN compatibility

How the desktop client behaves alongside corporate VPNs.

CLI reference

Configure and control the desktop client from the command line.

Troubleshooting

Resolve common install and first-run issues.

Documentation Index

​Overview

​Prerequisites

​Install on Windows

Velatir for Windows (x64)

Velatir for Windows (arm64)

​Install on macOS

Velatir for macOS (Apple Silicon)

Velatir for macOS (Intel)

​What Gets Installed

​Updates

​Uninstall

​Next Steps

Permissions

VPN compatibility

CLI reference

Troubleshooting

Overview

Prerequisites

Install on Windows

Install on macOS

What Gets Installed

Updates

Uninstall

Next Steps