Install Agent - watch.ly

Install the Agent

The watchly agent runs on Linux and Windows and intercepts network traffic from LLM tools. See the supported operating systems.

Use the install script for a Systemd or SysVinit managed setup. The script auto-detects Debian/Ubuntu? or RHEL/Fedora? and configures the appropriate package repository.

# Download and run the install script curl -fsSL https://repo.watch.ly/install.sh | sudo bash

This installs the binary to /usr/local/bin/watchly-agent, default config to /etc/watchly/config.toml, and sets up a Systemd service or SysVinit script. All dependencies are pulled in by the package.

Run the agent as a Docker container with host network access.

# Pull and run the watchly agent docker run -d \ --name watchly-agent \ --cap-add NET_ADMIN \ --cap-add NET_RAW \ --network host \ -v /etc/watchly:/etc/watchly \ watchly/agent:latest

Note

The agent requires NET_ADMIN and NET_RAW capabilities plus host networking to intercept traffic. Make sure your config file is saved to /etc/watchly/config.toml before starting.

Configure the package repository by hand. These are the same steps the install script runs.

# Install prerequisites sudo apt-get update sudo apt-get install -y curl gnupg # Trust the Watchly signing key curl -fsSL https://repo.watch.ly/gpg.key \ | sudo gpg --dearmor -o /usr/share/keyrings/watchly-archive-keyring.gpg # Add the APT repository (arch= keeps apt from fetching foreign arches like i386) echo "deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/watchly-archive-keyring.gpg] https://repo.watch.ly/apt stable main" \ | sudo tee /etc/apt/sources.list.d/watchly.list # Install the agent sudo apt-get update sudo apt-get install -y watchly-agent

After install, run sudo watchly-setup to finish configuration.

Download the distribution zip, extract it, and run the setup wizard from an Administrator terminal. Requires Windows 10 / 11 or Windows Server 2019+? on x86_64.

Run in an Administrator PowerShell prompt (Win+X → "Terminal (Admin)"). Downloads the latest release, extracts it to C:\Watchly, and launches the setup wizard.

# Download the latest Windows distribution zip $zip = "$env:TEMP\watchly-agent-windows.zip" Invoke-WebRequest -Uri "https://repo.watch.ly/windows/watchly-agent-windows-x86_64-latest.zip" -OutFile $zip # Extract to C:\Watchly Expand-Archive -Path $zip -DestinationPath "C:\Watchly" -Force # Run the interactive setup wizard (installs the service + WinDivert driver) Set-Location "C:\Watchly" .\watchly-setup-windows.exe

Why not just double-click?

The wizard intentionally does not self-elevate via UAC — it needs a console for its interactive prompts and the install-service step, and ShellExecute "runas" would background it and lose the TTY. Run it from an Administrator terminal. The current build is also unsigned, so on first run SmartScreen may show a "Windows protected your PC" dialog — click More info → Run anyway.