zhongwei/gh-greyhaven-ai-claude-code-config-grey-haven-plugins-cc-trace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-29 18:29:02 +08:00
commit bcf931aa4e
7 changed files with 1607 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

306
commands/cc-trace-connect.md Normal file
View File

@@ -0,0 +1,306 @@
---
name: cc-trace-connect
description: Display instructions and commands for connecting Claude Code to an active mitmproxy capture session
---
Display instructions and ready-to-use commands for starting Claude Code through the mitmproxy proxy. Use this after running `/cc-trace-start` to get the exact commands needed.
## What This Command Does
1. **Check mitmweb Status**
- Verify mitmweb is running
- Show current PID and ports
- Display flow file location
2. **Provide Connection Commands**
- Show the proxy script command
- Display manual environment variable setup
- Provide one-liner option for quick start
3. **Display Current Session Info**
- Web interface URL and password
- Proxy configuration details
- Flow file location
## Usage
```bash
# Show connection instructions
/cc-trace-connect
```
## Implementation
When you use this command, Claude will:
### Step 1: Check mitmweb Status
```bash
# Check if mitmweb is running
if ps aux | grep -v grep | grep "mitmweb.*8080" > /dev/null 2>&1; then
echo "✓ mitmweb is running"
MITM_PID=$(ps aux | grep -v grep | grep "mitmweb.*8080" | awk '{print $2}')
echo " PID: $MITM_PID"
else
echo "✗ mitmweb is not running"
echo " Run /cc-trace-start first"
exit 1
fi
```
### Step 2: Display Connection Instructions
```bash
cat << 'EOF'
╔════════════════════════════════════════════════════════════════╗
║ Connect Claude Code to CC-Trace Session ║
╚════════════════════════════════════════════════════════════════╝
📡 mitmweb is ACTIVE and ready to capture traffic!
┌─ OPTION 1: Using Proxy Script (Recommended - Easiest!) ─────────┐
│ │
│ Open a NEW terminal window and copy-paste this command: │
│ │
│ bash ~/.claude/plugins/marketplaces/grey-haven-plugins/grey-haven-plugins/cc-trace/scripts/proxy-claude.sh
│ │
│ This automatically sets up the proxy, runs Claude, and cleans │
│ up when you exit. No shell configuration needed! │
│ │
└──────────────────────────────────────────────────────────────────┘
┌─ OPTION 2: Environment Variables One-Liner ─────────────────────┐
│ │
│ HTTP_PROXY=http://127.0.0.1:8080 \ │
│ HTTPS_PROXY=http://127.0.0.1:8080 \ │
│ NODE_EXTRA_CA_CERTS="$HOME/.mitmproxy/mitmproxy-ca-cert.pem" \ │
│ NODE_TLS_REJECT_UNAUTHORIZED=0 \ │
│ claude │
│ │
└──────────────────────────────────────────────────────────────────┘
┌─ OPTION 3: Manual Setup ─────────────────────────────────────────┐
│ │
│ In a new terminal, run these commands: │
│ │
│ export HTTP_PROXY=http://127.0.0.1:8080 │
│ export HTTPS_PROXY=http://127.0.0.1:8080 │
│ export NODE_EXTRA_CA_CERTS="$HOME/.mitmproxy/mitmproxy-ca-cert.pem" │
│ export NODE_TLS_REJECT_UNAUTHORIZED=0 │
│ claude │
│ │
└──────────────────────────────────────────────────────────────────┘
📊 SESSION INFO
• Web Interface: http://127.0.0.1:8081
• Password: cc-trace
• Proxy Port: 8080
• mitmweb PID: 24007
💡 WHAT HAPPENS NEXT
1. Open new terminal
2. Run one of the commands above
3. Use Claude Code normally
4. All API traffic appears at http://127.0.0.1:8081
⚠️ IMPORTANT
• Don't run these commands in THIS terminal
• You need a SEPARATE terminal for the proxied Claude session
• This session will continue to show mitmweb status
═══════════════════════════════════════════════════════════════════
EOF
```
### Step 3: Show Current Capture Status
```bash
# Show flow file info
FLOW_FILE=$(ps aux | grep -v grep | grep "mitmweb.*8080" | grep -o "claude-flows-[0-9-]*.mitm" | head -1)
if [ -n "$FLOW_FILE" ]; then
echo ""
echo "📁 Flow File: ~/$FLOW_FILE"
if [ -f "$HOME/$FLOW_FILE" ]; then
FLOW_SIZE=$(ls -lh "$HOME/$FLOW_FILE" | awk '{print $5}')
echo " Size: $FLOW_SIZE"
fi
fi
# Check port status
echo ""
echo "🔌 Port Status:"
if lsof -i :8080 > /dev/null 2>&1; then
echo " ✓ Port 8080 (proxy) - LISTENING"
else
echo " ✗ Port 8080 (proxy) - NOT LISTENING"
fi
if lsof -i :8081 > /dev/null 2>&1; then
echo " ✓ Port 8081 (web) - LISTENING"
else
echo " ✗ Port 8081 (web) - NOT LISTENING"
fi
```
## Output Format
The command provides formatted output with:
```
╔════════════════════════════════════════════════════════════════╗
║ Connect Claude Code to CC-Trace Session ║
╚════════════════════════════════════════════════════════════════╝
✓ mitmweb is running (PID: 24007)
[Three connection options displayed in boxes]
📊 SESSION INFO
• Web Interface: http://127.0.0.1:8081
• Password: cc-trace
• Proxy Port: 8080
• Flow File: ~/claude-flows-20251114-160545.mitm
[Additional status information]
```
**Important**: When copying commands, copy ONLY the actual command text, not the box-drawing characters (│, ┐, ┘, etc.). For Option 1, copy just:
```
bash ~/.claude/plugins/marketplaces/grey-haven-plugins/grey-haven-plugins/cc-trace/scripts/proxy-claude.sh
```
## Error Handling
### mitmweb Not Running
```
✗ mitmweb is not running
To start a capture session:
1. Run /cc-trace-start
2. Then run /cc-trace-connect
```
### Certificate Not Found
```
⚠️ Warning: mitmproxy certificate not found
Run /cc-trace-setup to generate and trust the certificate
```
### Port Conflicts
```
⚠️ Port 8080 is in use but mitmweb is not running
Check what's using the port:
lsof -i :8080
Kill the conflicting process or use different ports
```
## Use Cases
### 1. After Starting mitmweb
You've just run `/cc-trace-start` and need to know how to connect:
```bash
/cc-trace-connect
```
Get the exact commands to run in a new terminal.
### 2. Forgot Connection Details
You started mitmweb earlier and can't remember the password or commands:
```bash
/cc-trace-connect
```
See all connection info and session details.
### 3. Sharing Setup with Team
Need to show someone how to connect to an active session:
```bash
/cc-trace-connect
```
Share the output with ready-to-use commands.
## Quick Reference
```bash
# Start capture session
/cc-trace-start
# Get connection instructions
/cc-trace-connect
# In new terminal, use one of the provided commands
# Then use Claude Code normally
```
## Related Commands
- `/cc-trace-setup` - Initial setup for cc-trace
- `/cc-trace-start` - Start a capture session
- Use `cc-trace` agent for interactive troubleshooting
## Tips
1. **Use Option 1** - The proxy script is the easiest, just one command to copy
2. **Keep this terminal open** - It shows you the connection commands
3. **Open a new terminal** - Don't close this one, open another
4. **Copy the ENTIRE command** - Don't include the box characters (│)
5. **Check the browser** - Make sure http://127.0.0.1:8081 is accessible
6. **Use the password** - Enter `cc-trace` when prompted
## Common Workflow
```bash
# Terminal 1 (this one)
/cc-trace-start # Start mitmweb
/cc-trace-connect # Get connection commands
# Terminal 2 (new)
# Copy-paste one of the commands from /cc-trace-connect output
# Use Claude Code normally
# Exit when done
# Browser
# Open http://127.0.0.1:8081
# Enter password: cc-trace
# Watch traffic in real-time
```
## What You'll See
After connecting and using Claude Code in the proxied terminal:
**In Browser (http://127.0.0.1:8081):**
- List of all API requests
- System prompts sent to Claude
- Tool definitions and parameters
- User messages and file contents
- Tool call results
- Token usage per request
- Streaming response events
**In Proxied Terminal:**
- Normal Claude Code interface
- No visible difference in functionality
- All features work as expected
**In This Terminal:**
- Status updates
- Flow file size growing
- Request count (if monitoring enabled)
---
**Note**: You cannot run the proxy commands in this terminal. This is an active Claude session. You need a separate terminal to start a new Claude instance through the proxy.

344
commands/cc-trace-setup.md Normal file
View File

@@ -0,0 +1,344 @@
---
name: cc-trace-setup
description: Automated setup assistant for cc-trace - install mitmproxy, configure certificates, and verify the environment for intercepting Claude Code API traffic
---
Set up cc-trace for intercepting and debugging Claude Code API requests using mitmproxy. This command will guide you through the complete setup process automatically.
## What This Command Does
1. **Check Prerequisites**
- Verify operating system compatibility
- Check for required tools (brew, python, etc.)
- Confirm admin permissions available
2. **Install mitmproxy**
- Install via platform package manager (Homebrew/apt/pip)
- Verify installation successful
- Check version compatibility (9.0+)
3. **Generate & Trust Certificate**
- Generate mitmproxy CA certificate
- Add to system keychain/trust store
- Verify certificate trust status
4. **Verify Setup**
- Run automated verification script
- Test proxy configuration
- Confirm certificate validation
5. **Provide Usage Instructions**
- Show how to start capture sessions
- Explain terminal setup
- Demonstrate basic workflows
## Implementation Steps
When you use this command, Claude will:
### Step 1: Environment Check
```bash
# Check OS type
uname -s
# Check if Homebrew installed (macOS)
which brew
# Check if mitmproxy already installed
which mitmproxy
```
### Step 2: Install mitmproxy
**macOS:**
```bash
brew install mitmproxy
```
**Linux (Debian/Ubuntu):**
```bash
sudo apt update && sudo apt install -y mitmproxy
```
**Linux (RHEL/Fedora):**
```bash
sudo dnf install -y mitmproxy
```
**Universal (Python):**
```bash
pip install mitmproxy
```
Verify installation:
```bash
mitmproxy --version
```
### Step 3: Generate Certificate
Run mitmproxy briefly to generate CA certificate:
```bash
# Start and immediately stop mitmproxy to generate cert
timeout 2 mitmproxy 2>/dev/null || true
# OR
mitmproxy &
sleep 2
pkill mitmproxy
```
Verify certificate exists:
```bash
ls -la ~/.mitmproxy/mitmproxy-ca-cert.pem
```
### Step 4: Trust Certificate
**macOS:**
```bash
# Add certificate to system keychain
sudo security add-trusted-cert -d -p ssl -p basic \
-k /Library/Keychains/System.keychain \
~/.mitmproxy/mitmproxy-ca-cert.pem
# Verify trust
security find-certificate -c mitmproxy -a
```
**Linux (Debian/Ubuntu):**
```bash
# Copy certificate to trusted CA directory
sudo cp ~/.mitmproxy/mitmproxy-ca-cert.pem \
/usr/local/share/ca-certificates/mitmproxy.crt
# Update CA certificates
sudo update-ca-certificates
```
**Linux (RHEL/Fedora):**
```bash
# Copy certificate
sudo cp ~/.mitmproxy/mitmproxy-ca-cert.pem \
/etc/pki/ca-trust/source/anchors/mitmproxy.pem
# Update trust
sudo update-ca-trust
```
### Step 5: Verify Setup
Run the bundled verification script:
```bash
bash ~/.claude/plugins/marketplaces/grey-haven-plugins/grey-haven-plugins/cc-trace/scripts/verify-setup.sh
```
The script checks:
- ✓ mitmproxy installation
- ✓ Certificate generation
- ✓ Certificate trust (macOS)
- ✓ Proxy configuration readiness
### Step 6: Test Proxy Connection
```bash
# Start mitmproxy in background
mitmproxy --listen-port 8080 &
MITM_PID=$!
# Test proxy with curl
export HTTPS_PROXY=http://127.0.0.1:8080
export NODE_TLS_REJECT_UNAUTHORIZED=0
curl -I https://api.anthropic.com 2>&1
# Stop mitmproxy
kill $MITM_PID
unset HTTPS_PROXY NODE_TLS_REJECT_UNAUTHORIZED
```
## Success Criteria
Setup is complete when:
- ✅ mitmproxy is installed and working
- ✅ CA certificate exists at `~/.mitmproxy/mitmproxy-ca-cert.pem`
- ✅ Certificate is trusted by system (macOS/Linux)
- ✅ Proxy connection test succeeds
- ✅ Verification script passes all checks
## Usage After Setup
### Option 1: Using the Standalone Script (Recommended)
**Terminal 1 - Start mitmweb:**
```bash
mitmweb --web-port 8081 --set flow_filter='~d api.anthropic.com'
```
**Terminal 2 - Run Claude with proxy:**
```bash
bash ~/.claude/plugins/marketplaces/grey-haven-plugins/grey-haven-plugins/cc-trace/scripts/proxy-claude.sh
```
**Browser - View traffic:**
```
http://127.0.0.1:8081
```
### Option 2: Manual Environment Variables
**Terminal 2:**
```bash
export HTTP_PROXY=http://127.0.0.1:8080
export HTTPS_PROXY=http://127.0.0.1:8080
export NODE_EXTRA_CA_CERTS="$HOME/.mitmproxy/mitmproxy-ca-cert.pem"
export NODE_TLS_REJECT_UNAUTHORIZED=0
claude
```
## Troubleshooting
### Certificate Trust Issues (macOS)
If certificate verification fails:
```bash
# Remove existing certificate
sudo security delete-certificate -c mitmproxy \
/Library/Keychains/System.keychain 2>/dev/null || true
# Re-add with trust
sudo security add-trusted-cert -d -p ssl -p basic \
-k /Library/Keychains/System.keychain \
~/.mitmproxy/mitmproxy-ca-cert.pem
# Open Keychain Access to verify manually
open /System/Applications/Utilities/Keychain\ Access.app
```
### Port Already in Use
```bash
# Check what's using port 8080
lsof -i :8080
# Kill conflicting process if needed
kill $(lsof -t -i:8080)
# Or use different port
mitmweb --listen-port 9090 --web-port 9091
```
### Permission Denied Errors
If you get permission errors:
```bash
# Ensure you have sudo access
sudo -v
# On Linux, you may need to add your user to relevant groups
sudo usermod -a -G ssl-cert $USER
# Log out and back in for group changes to take effect
```
### mitmproxy Not Starting
```bash
# Check Python version (requires 3.8+)
python3 --version
# Reinstall mitmproxy
pip uninstall mitmproxy
pip install mitmproxy
# Or via package manager
brew reinstall mitmproxy # macOS
sudo apt reinstall mitmproxy # Debian/Ubuntu
```
## Security Warnings
⚠️ **Important Security Considerations:**
1. **Local Use Only** - This setup is for local debugging on trusted development machines
2. **TLS Verification Disabled** - `NODE_TLS_REJECT_UNAUTHORIZED=0` disables certificate validation
3. **Sensitive Data** - Captured flows contain API keys, prompts, and file contents
4. **CA Trust** - Trusting mitmproxy's CA allows it to intercept ALL HTTPS traffic
5. **Temporary Setup** - Only use when actively debugging
**Best Practices:**
- Only enable proxy when actively debugging
- Clear captured flows after analysis
- Never share flow files publicly
- Remove certificate trust when done
- Use separate development machine for sensitive work
## Output Format
The command will provide:
1. **Installation Progress**
```
🔧 Installing mitmproxy...
✓ mitmproxy 10.1.5 installed successfully
🔐 Generating certificate...
✓ Certificate created: ~/.mitmproxy/mitmproxy-ca-cert.pem
🔒 Adding certificate to system trust...
✓ Certificate trusted in system keychain
```
2. **Verification Results**
```
🔍 Verifying setup...
✓ mitmproxy installation
✓ Certificate generation
✓ Certificate trust
✓ Proxy connectivity
✅ All checks passed! Setup complete.
```
3. **Usage Instructions**
```
🚀 Ready to capture traffic!
Terminal 1:
mitmweb --web-port 8081 --set flow_filter='~d api.anthropic.com'
Terminal 2:
bash ~/.claude/plugins/.../scripts/proxy-claude.sh
Browser:
http://127.0.0.1:8081
```
## Requirements
- **Operating System**: macOS, Linux, or Windows
- **Python**: 3.8+ (for mitmproxy)
- **Package Manager**: Homebrew (macOS), apt/dnf (Linux), or pip
- **Permissions**: Ability to trust system certificates (may require sudo)
- **Disk Space**: ~50MB for mitmproxy and dependencies
## Next Steps After Setup
1. **Start a Capture Session** - Follow usage instructions above
2. **Explore Traffic** - Open browser to view captured requests
3. **Analyze API Calls** - Use bundled scripts to extract data
4. **Learn Patterns** - Understand how Claude Code makes tool calls
5. **Optimize Usage** - Identify token consumption and redundant operations
## Related Commands
- `/cc-trace` - Interactive agent for debugging and analysis (coming soon)
- Use the `cc-trace` agent for guided troubleshooting
## Documentation
- **Plugin README**: `~/.claude/plugins/.../cc-trace/README.md`
- **Original Repository**: https://github.com/alexfazio/cc-trace
- **mitmproxy Docs**: https://docs.mitmproxy.org/
---
**Note**: This command performs automated setup. If you encounter issues, you can invoke the `cc-trace` agent for interactive troubleshooting assistance.

461
commands/cc-trace-start.md Normal file
View File

@@ -0,0 +1,461 @@
---
name: cc-trace-start
description: Start a cc-trace capture session - launches mitmweb and provides instructions for running Claude Code through the proxy
---
Start a cc-trace capture session to intercept and debug Claude Code API requests. This command sets up the monitoring environment and provides step-by-step instructions.
## What This Command Does
1. **Verify Setup**
- Check if mitmproxy is installed
- Verify certificate exists and is trusted
- Confirm prerequisites are met
2. **Start Monitoring**
- Launch mitmweb with optimal settings
- Configure traffic filtering for Anthropic API
- Set up flow capture to disk
3. **Provide Launch Instructions**
- Show how to run Claude Code through proxy
- Display browser URL for viewing traffic
- Explain capture session workflow
4. **Monitor Session**
- Track active proxy connections
- Display captured request count
- Show real-time traffic statistics
## Usage
```bash
# Start a basic capture session
/cc-trace-start
# Start with custom flow file location
/cc-trace-start --output ~/my-flows.mitm
# Start with custom ports
/cc-trace-start --port 9090 --web-port 9091
# Start without saving flows to disk
/cc-trace-start --no-save
```
## Implementation
When you use this command, Claude will:
### Step 1: Pre-flight Checks
```bash
# Verify mitmproxy installation
if ! command -v mitmproxy &> /dev/null; then
echo "❌ mitmproxy not installed. Run /cc-trace-setup first."
exit 1
fi
# Check certificate exists
if [ ! -f ~/.mitmproxy/mitmproxy-ca-cert.pem ]; then
echo "❌ Certificate not found. Run /cc-trace-setup first."
exit 1
fi
# Check ports are available
if lsof -i :8080 &> /dev/null; then
echo "⚠️ Port 8080 is already in use"
echo "Suggestion: Use --port 9090 or kill the conflicting process"
exit 1
fi
if lsof -i :8081 &> /dev/null; then
echo "⚠️ Port 8081 is already in use"
echo "Suggestion: Use --web-port 9091 or kill the conflicting process"
exit 1
fi
```
### Step 2: Launch mitmweb
```bash
# Default configuration
LISTEN_PORT=8080
WEB_PORT=8081
FLOW_FILE="$HOME/claude-flows-$(date +%Y%m%d-%H%M%S).mitm"
FILTER="~d api.anthropic.com"
# Start mitmweb in background
echo "🚀 Starting mitmweb..."
echo " Listen port: $LISTEN_PORT"
echo " Web interface: http://127.0.0.1:$WEB_PORT"
echo " Flow file: $FLOW_FILE"
echo ""
mitmweb \
--listen-port $LISTEN_PORT \
--web-port $WEB_PORT \
--set flow_filter="$FILTER" \
--save-stream-file "$FLOW_FILE" \
--set web_open_browser=false \
--set web_password=cc-trace \
&> /tmp/mitmweb.log &
MITM_PID=$!
echo "✓ mitmweb started (PID: $MITM_PID)"
```
### Step 3: Wait for mitmweb to be Ready
```bash
echo "⏳ Waiting for mitmweb to start..."
for i in {1..10}; do
if curl -s http://127.0.0.1:$WEB_PORT > /dev/null 2>&1; then
echo "✓ mitmweb is ready!"
break
fi
sleep 1
echo -n "."
done
echo ""
```
### Step 4: Display Instructions
```bash
cat << 'EOF'
╔════════════════════════════════════════════════════════════════╗
║ CC-Trace Capture Session ║
║ ACTIVE ║
╚════════════════════════════════════════════════════════════════╝
📡 mitmweb is running and ready to capture traffic!
┌─ NEXT STEPS ────────────────────────────────────────────────────┐
│ │
│ 1. Open Browser │
│ → http://127.0.0.1:8081 │
│ → Password: cc-trace │
│ │
│ 2. Start Claude Code with Proxy (NEW TERMINAL) │
│ → bash ~/.claude/plugins/.../scripts/proxy-claude.sh │
│ │
│ Or manually: │
│ → export HTTPS_PROXY=http://127.0.0.1:8080 │
│ → export NODE_EXTRA_CA_CERTS="$HOME/.mitmproxy/..." │
│ → export NODE_TLS_REJECT_UNAUTHORIZED=0 │
│ → claude │
│ │
│ 3. Use Claude Code Normally │
│ All API requests will appear in your browser! │
│ │
└──────────────────────────────────────────────────────────────────┘
📊 CAPTURE INFO
• Web Password: cc-trace
• Filtering: api.anthropic.com only
• Flow file: ~/claude-flows-20250114-153045.mitm
• mitmweb PID: 12345
🛑 TO STOP
• Type /exit in Claude Code
• Press Ctrl+C in this terminal
• Or run: kill 12345
⚠️ SECURITY REMINDER
Captured flows contain API keys and sensitive data.
Store securely and delete after analysis.
═══════════════════════════════════════════════════════════════════
Press Ctrl+C to stop capture session...
EOF
# Wait for interrupt
trap "echo ''; echo '🛑 Stopping capture session...'; kill $MITM_PID 2>/dev/null; exit 0" INT TERM
# Keep script alive and show status
while kill -0 $MITM_PID 2>/dev/null; do
# Show request count every 10 seconds
sleep 10
REQUEST_COUNT=$(curl -s "http://127.0.0.1:$WEB_PORT/flows" 2>/dev/null | grep -o '"id":' | wc -l || echo "0")
echo "📈 Captured requests: $REQUEST_COUNT"
done
```
### Step 5: Cleanup on Exit
```bash
echo ""
echo "🧹 Cleaning up..."
kill $MITM_PID 2>/dev/null || true
echo "✓ mitmweb stopped"
echo ""
echo "📁 Captured flows saved to:"
echo " $FLOW_FILE"
echo ""
echo "💡 To analyze the captured flows:"
echo " • View in browser: http://127.0.0.1:8081 (if still running)"
echo " • Parse with script: bash scripts/show-last-prompt.sh $FLOW_FILE"
echo " • Extract commands: python scripts/extract-slash-commands.py $FLOW_FILE"
```
## Output Format
The command provides a formatted display:
```
🚀 Starting cc-trace capture session...
✓ Pre-flight checks passed
✓ mitmproxy installed (v10.1.5)
✓ Certificate found and trusted
✓ Ports 8080, 8081 available
✓ mitmweb started (PID: 12345)
╔════════════════════════════════════════════════════════════════╗
║ CC-Trace Capture Session ║
║ ACTIVE ║
╚════════════════════════════════════════════════════════════════╝
📡 mitmweb is running at http://127.0.0.1:8081
[Instructions displayed here...]
📈 Captured requests: 15
📈 Captured requests: 23
📈 Captured requests: 31
```
## Command Options
### --output PATH
Specify custom location for flow file:
```bash
/cc-trace-start --output ~/captures/session-001.mitm
```
### --port NUMBER
Use custom proxy port (default: 8080):
```bash
/cc-trace-start --port 9090
```
### --web-port NUMBER
Use custom web interface port (default: 8081):
```bash
/cc-trace-start --web-port 9091
```
### --no-save
Don't save flows to disk (memory only):
```bash
/cc-trace-start --no-save
```
### --filter EXPRESSION
Custom traffic filter (default: ~d api.anthropic.com):
```bash
/cc-trace-start --filter "~d api.anthropic.com & ~m POST"
```
### --verbose
Show detailed mitmweb logs:
```bash
/cc-trace-start --verbose
```
## What Gets Captured
**Request Data:**
- Full HTTP/HTTPS requests to api.anthropic.com
- Headers (including Authorization tokens)
- Request body (system prompts, messages, tools)
- Query parameters
- Timing information
**Response Data:**
- Status codes and headers
- Response body (streamed events)
- Token usage statistics
- Tool call results
- Error messages
## Browser Interface Features
Once mitmweb is running, the browser interface at `http://127.0.0.1:8081` provides:
- **Flow List**: All captured requests/responses
- **Detail View**: Inspect individual requests
- **Search**: Filter flows by content
- **Export**: Save individual flows
- **Replay**: Resend captured requests
- **Edit**: Modify and replay requests
## Workflow Example
```bash
# Terminal 1: Start capture session
$ /cc-trace-start
🚀 Starting mitmweb...
✓ mitmweb started (PID: 12345)
📡 Browse to http://127.0.0.1:8081
# Terminal 2: Run Claude with proxy
$ bash ~/.claude/plugins/.../scripts/proxy-claude.sh
🔍 Proxy configured for mitmproxy
🚀 Starting Claude Code...
$ # Use Claude normally - all requests are captured
# Terminal 1: Monitor
📈 Captured requests: 5
📈 Captured requests: 12
📈 Captured requests: 18
# When done, Ctrl+C in Terminal 1
^C
🛑 Stopping capture session...
✓ mitmweb stopped
📁 Flows saved to ~/claude-flows-20250114-153045.mitm
```
## Troubleshooting
### Port Already in Use
```bash
# Find what's using the port
lsof -i :8080
lsof -i :8081
# Use different ports
/cc-trace-start --port 9090 --web-port 9091
```
### mitmweb Won't Start
```bash
# Check mitmproxy installation
mitmproxy --version
# Check for errors
tail -f /tmp/mitmweb.log
# Verify certificate
ls -la ~/.mitmproxy/mitmproxy-ca-cert.pem
```
### No Traffic Appearing
```bash
# Verify proxy environment in Claude terminal
echo $HTTPS_PROXY # Should be http://127.0.0.1:8080
echo $NODE_EXTRA_CA_CERTS # Should point to cert
# Test proxy connection
curl -x http://127.0.0.1:8080 https://api.anthropic.com
```
### Browser Interface Not Loading
```bash
# Check if mitmweb is running
ps aux | grep mitmweb
# Test web interface
curl http://127.0.0.1:8081
# Try different browser or clear cache
```
## Security Notes
⚠️ **Active Capture Session Warnings:**
- **All HTTPS traffic** from proxied applications is intercepted
- **API keys** are visible in captured requests
- **File contents** sent to Claude are captured
- **Conversation history** is recorded
- **TLS verification** is disabled (security risk)
**Recommendations:**
- Run capture sessions only when needed
- Use on isolated development machines
- Delete flow files after analysis
- Never commit flow files to version control
- Review captured data before sharing
## Related Commands
- `/cc-trace-setup` - Initial setup for cc-trace
- Use `cc-trace` agent for interactive analysis
## Advanced Usage
### Analyze Captured Flows
```bash
# View last prompt
bash scripts/show-last-prompt.sh ~/claude-flows-*.mitm
# Extract slash commands
python scripts/extract-slash-commands.py ~/claude-flows-*.mitm
# Parse streaming responses
cat response.txt | npx tsx scripts/parse-streamed-response.ts
```
### Filter Specific Traffic
```bash
# Only POST requests
/cc-trace-start --filter "~d api.anthropic.com & ~m POST"
# Only /messages endpoint
/cc-trace-start --filter "~u /messages"
# Large responses only
/cc-trace-start --filter "~bs 50000"
```
### Multiple Concurrent Sessions
```bash
# Session 1: Development work
/cc-trace-start --port 8080 --web-port 8081 --output ~/dev-flows.mitm
# Session 2: Testing work (different terminal)
/cc-trace-start --port 9090 --web-port 9091 --output ~/test-flows.mitm
```
## Performance Impact
- **Minimal overhead**: ~10-50ms per request
- **Memory usage**: ~100MB + flow storage
- **CPU usage**: <5% on modern hardware
- **Disk usage**: ~1-10MB per flow file (varies by session length)
## Quick Reference
```bash
# Standard session
/cc-trace-start
# Custom ports (if defaults in use)
/cc-trace-start --port 9090 --web-port 9091
# Save to specific location
/cc-trace-start --output ~/important-capture.mitm
# Memory only (no disk save)
/cc-trace-start --no-save
# Stop session
Ctrl+C (in the terminal running mitmweb)
```
---
**Tip**: Keep the browser interface open while using Claude Code to watch requests flow in real-time. This helps understand the tool call patterns and API interactions.