Discussion summary

Mcpsnoop is a Wireshark-like tool for MCP that provides live visualization and transparency. Users discuss potential redaction of sensitive data and integration options.

What the discussion says

  • Some users suggest redacting secrets like keys before logging.
  • The tool captures JSON-RPC messages but not headers, limiting redaction.
  • There are existing MCPs for Wireshark that can be used as alternatives.
  • Adding a web interface for browsing data is considered feasible.
Payload secrets are probably the scarier part.
geraldsterling
The gap of visualization of calling the AI client is covered by your product!!
yr_animesh

Comments

Hacker News

Makes sense. Payload secrets are probably the scarier part anyway. Would a simple redact config make sense, like keys/patterns to scrub before writing traces?

by geraldsterling

Its really a great tool. The gap of visualization of calling the AI client is covered by your product!!

by yr_animesh

Thanks a lot!

by kerlenton

One question about http mode, you carry authorization headers. Do you redact bearer tokens before captures hit the logs?

by mmakeev

There's nothing redacted because the header isn't collected in the first place. Under http mode, the proxy intercepts the JSON-RPC messages, but not their headers, so there's no way for the log to contain the Authorization header and the bearer passes through unlogged. The contents of the messages themselves aren't redacted, which means if the secret is in the payload, it'll end up in the trace. The trace stays on your machine, and if you don't want anything to go to the disk at all, use --no-trace.

by kerlenton

This is awesome, thank you. What's missing now is an MCP for Wireshark.

by atmanactive

You can just get your agent to run tshark :)

by InfraScaler

This is awesome. Your comparison make it easy. This approach makes perfect sense to give 100% visibility into the back and forth.

Is it possible to add a simple browser page to brows the data in a simple way?. Thank you.

by chopete3

Thank you! Showing the data in a web page should definitely be possible. But I’m not sure if this matches the original idea I had, where the tool would run in the terminal only. Why do you feel the need to show the data in a web page? Is there anything missing in the CLI?

by kerlenton

To be fair, it is really simple to build your own proxy. I built a custom authentication layer with logging and limits for Dify MCP with just 2 prompts in Kimi. Later built it out with database limts etc.

by tiku

Great. I dream to see MCP of MCP, discovery, installation, security and usage should be automatic.

by iamgopal

I feel most of the comments here are from bots

by cidd

Maybe, but I didn't do it. Perhaps people are boosting their karma?

by kerlenton

It's getting bad. Definitely a hole that needs to be filled...

by geraldsterling

"MCP Inspector [...] never sees the traffic between your client and your server." This line resonates a lot, what you're building makes sense to me! I had built something similar to track these interactions and turn them into a benchmark, I'm gonna try this out.

by rstagi

Thanks, that means a lot. Would love to hear how it goes once you try it

by kerlenton

Remote debugging and post-mortem debugging support might be useful.

There are many AI auditability proxies;

awesome-auditable-ai: "A curated list of papers, tools, datasets, benchmarks, and standards for building, evaluating, and auditing reliable AI agents" https://github.com/yzhao062/awesome-auditable-ai

Aegis and LiteLLM, for example, are pre-execution firewalls that add a cryptographic audit trail. https://github.com/Justin0504/aegis

by westurner

Join the discussion

Write your take first — we'll ask for email only when you're ready to publish.

  • Hacker News
  • Makes sense. Payload secrets are probably the scarier part anyway. Would a simple redact config make sense, like keys/patterns to scrub before writing traces?
    by geraldsterling
  • Its really a great tool. The gap of visualization of calling the AI client is covered by your product!!
    by yr_animesh
  • Thanks a lot!
    by kerlenton
  • One question about http mode, you carry authorization headers. Do you redact bearer tokens before captures hit the logs?
    by mmakeev
  • There's nothing redacted because the header isn't collected in the first place. Under http mode, the proxy intercepts the JSON-RPC messages, but not their headers, so there's no way for the log to contain the Authorization header and the bearer passes through unlogged. The contents of the messages themselves aren't redacted, which means if the secret is in the payload, it'll end up in the trace. The trace stays on your machine, and if you don't want anything to go to the disk at all, use --no-trace.
    by kerlenton
  • This is awesome, thank you. What's missing now is an MCP for Wireshark.
    by atmanactive
  • You can just get your agent to run tshark :)
    by InfraScaler
  • Thanks! Actually, there is already an MCP for Wireshark, for example https://github.com/0xKoda/WireMCP
    by kerlenton
  • This is awesome. Your comparison make it easy. This approach makes perfect sense to give 100% visibility into the back and forth.

    Is it possible to add a simple browser page to brows the data in a simple way?. Thank you.

    by chopete3
  • Thank you! Showing the data in a web page should definitely be possible. But I’m not sure if this matches the original idea I had, where the tool would run in the terminal only. Why do you feel the need to show the data in a web page? Is there anything missing in the CLI?
    by kerlenton
  • To be fair, it is really simple to build your own proxy. I built a custom authentication layer with logging and limits for Dify MCP with just 2 prompts in Kimi. Later built it out with database limts etc.
    by tiku
  • Great. I dream to see MCP of MCP, discovery, installation, security and usage should be automatic.
    by iamgopal
  • I feel most of the comments here are from bots
    by cidd
  • Maybe, but I didn't do it. Perhaps people are boosting their karma?
    by kerlenton
  • It's getting bad. Definitely a hole that needs to be filled...
    by geraldsterling
  • "MCP Inspector [...] never sees the traffic between your client and your server." This line resonates a lot, what you're building makes sense to me! I had built something similar to track these interactions and turn them into a benchmark, I'm gonna try this out.
    by rstagi
  • Thanks, that means a lot. Would love to hear how it goes once you try it
    by kerlenton
  • Remote debugging and post-mortem debugging support might be useful.

    There are many AI auditability proxies;

    awesome-auditable-ai: "A curated list of papers, tools, datasets, benchmarks, and standards for building, evaluating, and auditing reliable AI agents" https://github.com/yzhao062/awesome-auditable-ai

    Aegis and LiteLLM, for example, are pre-execution firewalls that add a cryptographic audit trail. https://github.com/Justin0504/aegis

    by westurner

Related stories