← Back to Blog

Why We Built Rockxy: An Open-Source HTTP Debugging Proxy for macOS

· 4 min read

The problem we kept hitting

As macOS developers, we spent real hours -- not minutes, hours -- debugging HTTP traffic with tools that never quite fit. Every tool had a gap.

Charles Proxy is the veteran. It works. It has worked for over fifteen years. But it runs on Java, and on a Mac it looks and feels like a foreign application. Swing UI in 2026 is hard to defend. The license is $50, which is fair, but you're paying for a Java app that needs its own runtime.

Proxyman is the opposite end of the spectrum. Genuinely native, well-designed, fast. The developers clearly care about macOS. But it's closed-source and increasingly paywalled. Core debugging features that should be table stakes -- breakpoints, scripting, advanced rules -- sit behind a license. And because the source is closed, you can't verify what the tool does with your traffic. You have to trust.

Browser DevTools are great for what they do. But they only see browser traffic. The moment you need to debug a native app, a CLI tool, an SDK making background API calls, or a background service phoning home, DevTools can't help.

We wanted one tool that was native, open, and complete. So we built it.

What we actually needed

We sat down and listed what a real debugging workflow requires. Not a feature checklist -- actual things we do every day:

  • Intercept HTTPS transparently, without breaking apps that use certificate pinning
  • Inspect headers, bodies, cookies, and query parameters with proper formatting
  • Set breakpoints to pause requests or responses mid-flight, edit them, and forward the modified version
  • Replay requests with modifications -- change a header, hit send, compare the result
  • Compare two responses side by side with a real diff view
  • Automate repetitive tasks with scripts
  • Save everything as a shareable session file that a teammate can open on their machine

No single tool did all of this well. Charles lacked scripting and diff. Proxyman paywalled breakpoints and scripting. Neither had diff. We kept switching between tools or writing one-off curl scripts to fill the gaps.

The decision to go open source

We chose Apache 2.0 because developers deserve tools they can inspect. When a proxy sits between your applications and the internet, you should be able to read every line of code that handles your data.

Rockxy has no telemetry. No cloud dependency. No account. No "sign in to continue." Your network traffic stays on your machine, always. If you don't believe us, read the source.

Open source also means the tool outlives any single company's business decisions. If we stopped working on Rockxy tomorrow, anyone could fork it and keep going. That matters for developer tools.

How we built it

The proxy engine runs on Swift and SwiftNIO -- the same async networking framework that powers Vapor and Apple's server-side Swift stack. NIO gives us an event-driven, non-blocking architecture that handles thousands of concurrent connections without thread explosion.

The UI is SwiftUI and AppKit. SwiftUI for the inspector panels, settings, and detail views. AppKit's NSTableView for the request list, because SwiftUI's List cannot handle 100,000+ rows with virtual scrolling. We measured. It can't.

TLS interception uses swift-certificates to generate a root CA and per-host certificates on the fly. Your root CA's private key is stored in the macOS Keychain -- not as a file on disk.

Session storage uses SQLite through SQLite.swift. Active traffic lives in a ring buffer in memory (50,000 entries). Completed sessions persist to disk. Response bodies larger than 1 MB get stored as individual files, loaded on demand when you open the inspector.

System proxy management uses a privileged helper tool registered via SMAppService. It runs as a launchd daemon so Rockxy can toggle the macOS system proxy without prompting for your password every time. The helper validates every XPC connection by comparing full certificate chains -- no unsigned process can talk to it.

Where Rockxy is today

Shipped and actively developing. Here's what works right now:

  • HTTP, HTTPS, WebSocket, and GraphQL-over-HTTP capture
  • Rules engine: Map Local, Map Remote, Block, Breakpoints (request + response), Throttle, Modify Headers
  • Replay with Edit and Repeat -- modify any part of a request and resend it
  • Side-by-side diff for comparing responses
  • JavaScript scripting for automation
  • Native .rockxysession files and HAR import/export
  • Per-domain SSL proxying control
  • Request timeline with DNS/TCP/TLS/TTFB/Transfer waterfall

We ship updates regularly. The changelog has the full history.

Join us

Rockxy is free, open, and built for developers who care about their tools. Download it, file issues, contribute code, or just read the source to learn how a macOS proxy works under the hood.

Download Rockxy Star on GitHub