We are developing a DLP agent that uses a NETransparentProxyProvider to perform traffic inspection and modification. Our architecture currently includes:
- LaunchAgent, which monitors user session activity (login/logout, session activation)
- Container App, which:
- installs and activates a System Extension
- creates and saves the NETransparentProxyManager configuration
- starts the transparent proxy via startVPNTunnel.
We would like to automate the startup of the Transparent Proxy for all users, including newly created users, in a way that is fully supported by macOS. We are looking for official guidance on the correct and supported mechanism for starting a user‑level Network Extension (specifically NETransparentProxyProvider) automatically at user login.
Questions:
- What is the recommended and supported way to automatically start a NETransparentProxyProvider at user login?
- Are there any constraints or best practices we should follow when designing an automatic startup flow for a Network Extension such as NETransparentProxyProvider?
We would appreciate official clarification on the supported deployment patterns for starting a user‑level Transparent Proxy Network Extension automatically in multi‑user enterprise environments.