11 comments

  • cidd 19 hours ago
    I feel most of the comments here are from bots
    • kerlenton 19 hours ago
      Maybe, but I didn't do it. Perhaps people are boosting their karma?
  • mmakeev 11 hours ago
    One question about http mode, you carry authorization headers. Do you redact bearer tokens before captures hit the logs?
    • kerlenton 8 hours ago
      There's nothing redacted because the header isn't collected in the first place. Under http mode, the proxy intercepts the JSON-RPC messages, but not their headers, so there's no way for the log to contain the Authorization header and the bearer passes through unlogged. The contents of the messages themselves aren't redacted, which means if the secret is in the payload, it'll end up in the trace. The trace stays on your machine, and if you don't want anything to go to the disk at all, use --no-trace.
      • mmakeev 8 hours ago
        thanks! all clear
  • iamgopal 19 hours ago
    Great. I dream to see MCP of MCP, discovery, installation, security and usage should be automatic.
  • tiku 19 hours ago
    To be fair, it is really simple to build your own proxy. I built a custom authentication layer with logging and limits for Dify MCP with just 2 prompts in Kimi. Later built it out with database limts etc.
  • chopete3 20 hours ago
    This is awesome. Your comparison make it easy. This approach makes perfect sense to give 100% visibility into the back and forth.

    Is it possible to add a simple browser page to brows the data in a simple way?. Thank you.

    • kerlenton 19 hours ago
      Thank you! Showing the data in a web page should definitely be possible. But I’m not sure if this matches the original idea I had, where the tool would run in the terminal only. Why do you feel the need to show the data in a web page? Is there anything missing in the CLI?
  • atmanactive 21 hours ago
    This is awesome, thank you. What's missing now is an MCP for Wireshark.
  • yr_animesh 19 hours ago
    Its really a great tool. The gap of visualization of calling the AI client is covered by your product!!
  • westurner 19 hours ago
    Remote debugging and post-mortem debugging support might be useful.

    There are many AI auditability proxies;

    awesome-auditable-ai: "A curated list of papers, tools, datasets, benchmarks, and standards for building, evaluating, and auditing reliable AI agents" https://github.com/yzhao062/awesome-auditable-ai

    Aegis and LiteLLM, for example, are pre-execution firewalls that add a cryptographic audit trail. https://github.com/Justin0504/aegis

  • kerlenton 22 hours ago
    [flagged]
  • jing09928 13 hours ago
    [flagged]
  • tomkow 17 hours ago
    [flagged]