Documentation

Runtime paths

Every MacFirewall artifact path in one visual catalog.

Shared runtime storage

Security telemetrytelemetry

Process and file activity events from the Endpoint Security extension

Network telemetrytelemetry

Connection flow events from the Network Extension

Policy configurationpolicy

Active enforcement policy with domain, IP, and behavioral settings

Verdict cacheenforce

Zero-copy bridge for real-time enforcement decisions between async and sync layers

Supply chain verdictssupply

Install-gate verdict store for package manager governance

SOC telemetry exportsiem

Rotated export for SIEM integration

Full path details provided during design partner onboarding

Local-first architecture

TURI stores all telemetry, policy, and enforcement state locally on each Mac. Extensions and the host app share a common storage location using macOS sandboxing APIs. No cloud dependency for core enforcement.

Verify after install · Architecture

Running AI agents on Mac at scale? We'll tune policy with you.

Design partners →