Show HN: A MitM proxy to see what your LLM tools are sending

Original Article ↗ Hacker News Discussion ↗

Need for LLM observability & governance

  • Strong interest in seeing exactly what coding agents and CLIs send to providers, especially Claude Code, Codex, Gemini, etc.
  • Several commenters note a surprising lack of enterprise-grade tools for this, given past norms around strict data governance.
  • People expect a “pendulum swing back” toward better tracking, auditing, and governance of agentic AI use.

Use cases and perceived benefits

  • Debugging token waste: identifying excessive tool calls, verbose responses, large file reads, and inflated context windows.
  • Improving prompts and system instructions for specific projects or repositories.
  • Storing full traces (markdown/JSON) for later querying, long‑term memory, and postmortems on hallucination-induced bugs.
  • Potentially tying traces to code commits for forensic debugging.

Implementation approaches and alternatives

  • Original tool is essentially a wrapper around mitmproxy with a convenience CLI; later refactored toward an HTTP relay.
  • Some prefer direct instrumentation or using LLM clients’ configurable BASE_URL/HTTP proxy to avoid full MitM.
  • Others mention existing or custom solutions: Envoy-based proxies, LiteLLM + Langfuse, mac apps, OpenTelemetry pipelines, and direct patching of open-source CLIs like Gemini.

Security and “vibe-coded” software concerns

  • A serious issue is highlighted: the initial version disabled TLS verification (ssl_insecure=true), creating a large attack surface (e.g., DNS-based MitM, potential RCE).
  • Multiple commenters warn people not to use that version and question the author’s security understanding and overall trustworthiness.
  • This triggers a broader critique of “vibe-coded” / AI-generated projects presented as production-ready, where authors don’t fully grasp the implications.
  • Some push for more honesty (“I prompted this” vs “I built this”) so users can calibrate their trust.

Ideas for extensions

  • Export to OpenTelemetry-compatible systems (e.g., Phoenix, Logfire), with auth support and simple --otel-endpoint-style configuration.
  • Using the proxy to sanitize or block sensitive data, or to inject credentials safely from outside the agent sandbox.
  • Dynamic context optimization: smarter selection of what enters the context window, possibly using the logs themselves as long-term memory.

Meta discussion about AI tools & HN

  • Mixed feelings: excitement over rapid prototyping and richer computing experiences versus concern about security fallout and rising “AI slop.”
  • Some worry HN is increasingly filled with low‑quality AI-generated projects and even AI-written comments, reducing stars/READMEs as quality signals.