How does Rockxy help developers debug in the AI era?
Rockxy is a free, open-source (AGPL-3.0) native macOS app that captures HTTP, HTTPS, WebSocket, GraphQL, and Protobuf traffic locally, so you can read exactly what your AI agents, MCP servers, and local LLMs send and receive. It runs entirely on your Mac — no cloud account, no telemetry — and it can hand captured flows back to an AI assistant over its own MCP server. The reasoning inside a model is opaque; the network calls around it are not.
The modern developer no longer debugs one app talking to one backend. You debug AI agents, MCP workflows, local LLM infrastructure, WebSockets, Protobuf payloads, mobile apps, and distributed APIs — often in a single session. Most of that surface is invisible in application logs but fully visible on the wire.
Rockxy is built with SwiftUI, AppKit, and SwiftNIO. It's a macOS-first tool today; Windows and Linux are planned, and a paid Pro tier is planned alongside the free open-source app.
TL;DR — what you get in one local app
- System-wide or per-app capture on a local proxy (default bind
0.0.0.0:8888). - Decode bodies as JSON, JSON Treeview, JWT, HTML, XML, Hex, or Raw — with auto-beautify.
- A built-in MCP server exposing
list_flows,get_flow_detail,replay_request, anddiff_flowsto AI assistants. - Redact Sensitive Data Before Sending to AI toggle for the MCP bridge and exports.
- Compose to edit and replay any request; Diff Compare; Network Conditions throttling.
- One-click Developer Setup Hub for Python, iOS, React Native, Node.js, Go, Rust, Java VMs, Ruby, and cURL.
- Right-click Export as HAR, OpenAPI (YAML/HTML), Copy as cURL, or Publish to Gist.
0.0.0.0:8888 — every client's traffic in one filterable list, including the requests your AI tools make.What modern developers actually debug now (and why app logs aren't enough)
An AI agent run is not one request — it's a loop of real HTTP(S) calls. The agent POSTs to a model API carrying a tool schema, the model answers with tool calls, your code executes those tools (each its own network request), and the results go back to the model for another turn. Application logs show you the parts you remembered to log. The wire shows you everything.
Here is what stays hidden in logs versus what shows up when you watch the actual bytes:
| What you debug | Invisible in app logs | Visible on the wire |
|---|---|---|
| AI agents | Why the loop repeated 9 times | Each retry, the exact tool args, the token count climbing |
| MCP workflows | What a third-party MCP tool actually called | The outbound HTTP it fired, headers and all |
| Local LLMs | The real prompt and options sent to Ollama | The full /v1/chat/completions payload and stream |
| WebSockets | Which frame stalled the stream | Every frame, each direction, with timing |
| Protobuf | A binary blob you can't read | Decoded fields with real names from your .proto |
| Mobile apps | What the device sent before the crash | The request and TLS handshake, captured on your Mac |
| Distributed APIs | Which of 12 services returned the 500 | The full multi-host sequence, in order |
These are not exotic failures. Retry storms, context-window blowups, malformed tool-argument JSON, and schema rejections (for example, a model API refusing a tool schema that's missing additionalProperties: false) all surface immediately when you can see the request body. The LangChain.js project has tracked real cases where tool-call arguments arrived stringified and broke downstream parsing — a class of bug you diagnose in seconds with the raw payload in front of you. The "black box" is mostly just unopened HTTP.
How do I see the network requests my AI coding assistant makes?
Scope capture to a single app, and the requests from Cursor, Claude, ChatGPT's desktop app, or a Codex CLI show up in the flow list. Calls to anthropic.com and openai.com appear as ordinary flows you can open and read. There's no SDK to wrap, no logging shim to install — you read the bytes the tool already sends.
A small detail that tells you it's the real traffic: Claude's coding tools hit the native /v1/messages endpoint, not /v1/chat/completions. Both Anthropic and OpenAI stream responses as Server-Sent Events (Content-Type: text/event-stream), with data:-prefixed JSON chunks; tool-call arguments arrive as partial-JSON deltas that assemble over the stream. Rockxy renders that stream so you can watch a tool call take shape token by token.
One honest caveat. Decrypting HTTPS bodies requires installing and trusting Rockxy's root certificate, and it works only when the client does not enforce certificate pinning. Rockxy does not magically read pinned or unconfigured connections — it reads what a trusted local proxy is allowed to read.
What's the difference between MCP Inspector and a traffic proxy like Rockxy?
This is the question most people get wrong, so it's worth being precise. MCP Inspector connects to your MCP server and validates what it declares — its tools, prompts, and resource schemas. It acts as its own test client. What it shows you is Inspector talking to the server, not Claude Desktop or Cursor talking to the server, and not the upstream HTTP a tool fires when it runs.
The transport reality matters here. The current MCP specification (revision 2025-11-25) defines two standard transports: stdio and Streamable HTTP. Server-Sent Events is an optional streaming mechanism within Streamable HTTP — not a co-equal transport — and the older standalone HTTP+SSE transport was deprecated when Streamable HTTP replaced it in the 2025-03-26 revision. A stdio server exchanges newline-delimited JSON-RPC over the operating system's pipes (stdin and stdout). There is no network socket on the stdio channel, so an HTTP proxy cannot attach to it directly.
That's exactly where Rockxy earns its place. It captures the Streamable HTTP MCP traffic that does cross the network (carrying an MCP-Session-Id header), plus all the downstream model-API and REST calls that stdio tools make outward — including what a closed-source, third-party MCP server actually sends on your behalf. Inspector tells you what your tools declare; Rockxy shows you what they do on the wire. The two are complements, not substitutes.
New to the protocol? Start with What Is an MCP Server? and the developer's shortlist of MCP servers for API debugging.
list_flows, get_flow_detail, replay_request, diff_flows — with a redact-before-send toggle.How do I debug Ollama, LM Studio, or vLLM traffic on macOS?
Local LLM servers speak an OpenAI-compatible HTTP API, which is the good news — and a loopback gotcha, which is the catch. The defaults:
- Ollama binds
127.0.0.1:11434and serves an OpenAI-compatible API under/v1(for example/v1/chat/completions). Change the bind address withOLLAMA_HOST. - LM Studio defaults to
http://localhost:1234/v1(port configurable, the server is off until you start it, and it ignores the API key on localhost). - vLLM defaults to
http://localhost:8000/v1.
The sharp edge isn't Rockxy-specific: most HTTP clients bypass the proxy for loopback addresses by default. Traffic to localhost, 127.0.0.1, and ::1 is treated as "never proxy this," so a proxy pointed at a local endpoint can see nothing until you account for it. Chromium-based clients, for instance, override the implicit bypass with --proxy-bypass-list="<-loopback>". The general fix is to either disable the loopback bypass or address the local service through a non-loopback alias or IP.
Two settings people conflate: base_url chooses the destination, while a transport-level forward proxy is set separately on the HTTP client (or via the HTTP_PROXY / HTTPS_PROXY environment variables). Trust Rockxy's root certificate to decrypt the TLS. Once the bytes route through, you can read the real prompt, the sampling options, and the streamed completion — then use Compose to edit and replay a call against your local server.
This is deliberately not another mitmproxy terminal recipe. There's no Python virtualenv, no debug-flag script, no command to memorize — it's a GUI with replay, diff, and throttling built in.
/v1/chat/completions call against a local Ollama, LM Studio, or vLLM endpoint.How does Rockxy decode WebSocket and Protobuf frames from AI traffic?
Streaming agent connections and binary RPC are where a normal capture gives up. A WebSocket is bidirectional and long-lived, so it never resolves into tidy request/response pairs — Rockxy renders each frame individually, in both directions, with timing, so you can follow a single message through a live socket. Protobuf bodies show up as unreadable hex in any plain capture; point Rockxy at your .proto files and it decodes Protobuf (and gRPC) into JSON with the real field names.
From there, Compose and Diff Compare let you change one request and see exactly what moved between two runs, and Network Conditions throttling (3G, EDGE, LTE, Very Bad Network) reproduces the flaky timeouts that only happen on a bad connection — the ones an agent hits in the field but never on your fiber line.
For a deeper walkthrough of binary frames and upstream routing, see how to decode WebSocket and Protobuf frames in Rockxy.
How do I capture mobile and distributed API traffic the AI stack depends on?
Phone and simulator traffic doesn't pass through your Mac on its own, and the HTTPS is encrypted, so two things have to happen: the device points at your Mac's proxy address, and it trusts Rockxy's root certificate. The Developer Setup Hub does that wiring for you with one-click scoped setup for Python, iOS devices, React Native, Node.js, Ruby, Golang, Rust, Java VMs, and cURL — each with the right device proxy address and the trusted certificate already in place.
Distributed APIs are the other half of the modern stack. A single user action fans out across many services, and the failure is usually in the seam between two of them. Rockxy captures the full multi-host sequence in order, so you can spot which hop returned the error, diff two requests, Copy as cURL, and replay any single call in isolation.
For language-scoped how-tos, see debugging Node.js API requests and debugging Python API requests on macOS.
Can I feed captured traffic directly to an AI assistant — and is that safe?
There are two paths out of a single capture, and you choose based on whether you want a one-shot paste or a live channel.
- Export and paste. Right-click a flow and Export as HAR, Export as OpenAPI (YAML or HTML), Copy as cURL, or Publish to Gist — then drop it into your model of choice.
- Connect over MCP. Rockxy's built-in MCP server exposes
list_flows,get_flow_detail,replay_request, anddiff_flowsover stdio, so a client like Claude Desktop reads your captured flows directly. The three-minute Claude Desktop setup covers the wiring, and the Stripe webhook case study shows it in a real debugging session.
Most tools do one leg of this — they export a HAR, or they generate a spec. Rockxy pairs capture with an MCP channel back to the assistant in one local app, which is the part that closes the loop.
Now the safety question, because it's the right one to ask. LLM and agent requests carry secrets in their headers — Authorization: Bearer tokens, x-api-key values, session cookies. Pasting full request logs into a model is one of the more common ways those leak; in July 2025, an xAI API key committed to GitHub exposed access to dozens of internal models, a reminder of how cheaply credentials escape. Rockxy's Redact Sensitive Data Before Sending to AI toggle strips sensitive fields from flows before they leave through the MCP bridge or an export. And because Rockxy is local-first — no cloud account, no telemetry — the unredacted bytes never leave your Mac in the first place. You can also script redaction yourself with an onRequest hook.
Where a local-first, open-source proxy fits
Charles and Proxyman are the tools most macOS developers already know, and they're good at what they do. The table below isn't a takedown — it's where Rockxy sits relative to them, as of June 2026, named for context only.
| Charles | Proxyman | Rockxy | |
|---|---|---|---|
| License / price | Commercial | Freemium | Free, AGPL-3.0 |
| Open source | No | No | Yes |
| macOS UI | Java / Swing | Native (AppKit) | Native (SwiftUI + AppKit) |
| Built-in MCP server for AI assistants | No | No | Yes |
| Redact before sending to AI | — | — | Yes |
Everything Rockxy does runs on your machine, against open-source code you can read. The model-API streaming formats, the MCP transports, and the local-LLM defaults referenced above all come from primary sources — Anthropic and OpenAI streaming docs, the Model Context Protocol specification, and the Ollama, LM Studio, and vLLM docs. If a claim here matters to you, the source is one click away.
Frequently asked questions
How do I see the network requests my AI coding assistant (Cursor, Claude, ChatGPT) is making?
Run Rockxy and use per-app capture to scope traffic to that app. Its requests to anthropic.com or openai.com appear in the flow list; open any flow to read the decoded request and response body in a JSON Treeview, JWT, or Raw previewer. No SDK or instrumentation is needed — Rockxy intercepts on the wire.
Can I inspect HTTPS traffic from a desktop AI app, not just a browser?
Yes. Rockxy captures system-wide or per-app over a local proxy (default bind 0.0.0.0:8888) and installs a trusted root certificate so HTTPS bodies decrypt — provided the app doesn't enforce certificate pinning. The one-click Developer Setup Hub covers Python, Node.js, iOS devices, React Native, Go, Rust, Java VMs, Ruby, and cURL.
What's the difference between MCP Inspector and a traffic proxy like Rockxy?
MCP Inspector connects to your MCP server over stdio and validates its declared tools, prompts, and schemas — it acts as its own test client. It doesn't show the upstream HTTP/HTTPS a tool actually calls, and stdio has no network layer to attach to. Rockxy captures that real outbound traffic system-wide, so you see what tools — including closed-source third-party MCP servers — actually send.
How do I debug Ollama, LM Studio, or vLLM API traffic on macOS?
Point the OpenAI-compatible client at Rockxy and capture requests to your local endpoint (Ollama 127.0.0.1:11434, LM Studio :1234, vLLM :8000). Because most clients bypass the proxy for loopback by default, address the service via a non-loopback alias or IP, or disable the loopback bypass. You then get the full request and response with auto-beautified JSON, plus Compose to edit and replay a call and Diff Compare to see what changed.
Can I feed captured API traffic directly to an AI assistant?
Two ways. Right-click a flow to Export as HAR, Export as OpenAPI (YAML or HTML), or Copy as cURL and paste it into the model. Or use Rockxy's built-in MCP Server, which exposes list_flows, get_flow_detail, replay_request, and diff_flows over stdio so a client like Claude Desktop reads the captured flows directly.
Is it safe to share captured traffic with an LLM — won't it contain secrets?
Rockxy has a Redact Sensitive Data Before Sending to AI toggle that strips sensitive fields from flows before they're exposed through the MCP bridge or an export. Because Rockxy is local-first with no cloud account and no telemetry, the unredacted bytes never leave your Mac in the first place.
Can Rockxy decode WebSocket and Protobuf traffic from AI agents?
Yes. Rockxy intercepts HTTP, HTTPS, WebSocket, GraphQL, and Protobuf, rendering bodies through custom previewer tabs (JSON, JSON Treeview, JWT, HTML, XML, Hex, Raw) with auto-beautify — useful for streaming agent connections and binary RPC payloads. Point it at your .proto files to decode Protobuf into JSON with real field names.
Do I need a cloud account or to send my data anywhere to use it?
No. Rockxy is a free, open-source (AGPL-3.0) native macOS app that runs entirely on your machine. There's no account, no telemetry, and no subscription — capture, replay, diff, redact, and export all happen locally. Windows and Linux are planned, and a paid Pro tier is planned.
The takeaway
AI changed what we build, and it changed what we have to debug — but it didn't change where the truth lives. Agents, MCP tools, local models, and distributed services all leave a trail of real HTTP, WebSocket, and Protobuf traffic. Read that trail on your own machine, in a native app you can audit, and most "mysterious" AI behavior stops being mysterious. That's the whole pitch.
