Documentation Index
Fetch the complete documentation index at: https://docs.runlayer.com/llms.txt
Use this file to discover all available pages before exploring further.
This guide requires Jamf Pro. Jamf Now and Jamf School have different script deployment capabilities.
Prerequisites
- Jamf Pro admin access
- Runlayer dashboard admin access (requires Manage Org Settings capability)
Deployment Steps
Get Deployment Artifacts
In the Runlayer dashboard, go to Settings → Shadow MCPs. Under the Enforce section, click Configure and select Jamf Pro. This opens a setup dialog that auto-generates an enrollment key and renders the deployment script.
Upload to Jamf Pro
- Navigate to Settings > Computer Management > Scripts
- Click New
- Enter a display name (e.g., “Runlayer AI Watch Enforce”)
- Paste the generated script contents
- Set Priority to “After” (runs after other policies)
- Save
Create a Policy
- Navigate to Computers > Policies
- Click New
- Configure the policy:
- General: Name it (e.g., “Deploy Runlayer Enforce”)
- Scripts: Add your uploaded script
- Scope: Select target computers or groups
- Trigger: Recurring Check-in or Login
- Frequency: Set to Once per computer for initial deployment
Verification
Verify in Runlayer
Navigate to Settings → Shadow MCPs and confirm your Enforce configuration card is active. View intercepted tool calls on the Shadow page.
Log Locations
| Platform | Log Location |
|---|---|
| macOS | /var/log/runlayer/ai_watch_enforce.log |
| macOS (fallback) | /tmp/runlayer-ai_watch_enforce.log |
The fallback log location is used when the primary path (
/var/log/runlayer/) cannot be written to due to permissions.Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | General failure (no user logged in, missing config, enrollment failed) |
| 2 | Network failure (cannot reach PyPI) |
| 3 | Installation failure (uv or CLI install failed, hooks install failed) |