Capture your AI agent traces at the network level -- transparently, locally, and without per-app configuration.
AgentTap is a macOS (and soon Linux) tool that selectively routes AI provider API traffic through a local MITM proxy via a split VPN, capturing complete request/response traces in real time. No JSONL scraping, no fragile file watchers -- just raw API data captured at the network layer.
Current approaches to capturing AI agent conversations are fragile:
- JSONL file parsing depends on each tool's local logging format -- one update breaks everything
- Manual certificate swapping requires sudo commands and disrupts all your traffic
- Per-app proxy config (
HTTPS_PROXY,NODE_EXTRA_CA_CERTS) needs setup for every tool individually
AgentTap solves this with a split VPN approach: only AI provider domains are routed through a local transparent proxy. Everything else is unaffected. Turn it on, and every API call to Anthropic, OpenAI, Google AI, etc. is captured -- whether it comes from Claude Code, Cursor, Codex, or any other agent.
AI coding agent (Claude Code, Cursor, Codex, etc.)
|
v
[Split VPN intercepts AI provider domains only]
|
v
[Local MITM proxy -- decrypts, logs, re-encrypts]
|
v
[Real AI provider API]
|
v
[Response captured and stored locally]
All other traffic (browsing, Slack, email, etc.) flows normally through your regular connection.
- Zero per-app configuration -- works at the network level via VPN routing
- Selective domain routing -- only AI API domains are intercepted; everything else untouched
- Real-time streaming capture -- captures SSE streams as they happen, not after the fact
- Multi-provider support -- Anthropic, OpenAI, Google AI, Mistral, and more
- Local-only storage -- your traces never leave your machine
- Toggle on/off -- enable/disable with one click from the menu bar
| Provider | Domains |
|---|---|
| Anthropic | api.anthropic.com |
| OpenAI | api.openai.com |
| Google AI | generativelanguage.googleapis.com |
| Mistral | api.mistral.ai |
| Cohere | api.cohere.ai |
| Groq | api.groq.com |
More providers can be added via configuration.
See ROADMAP.md for the full phased plan.
- Framework: ElectroBun (Bun-based desktop framework)
- Language: TypeScript (with Swift FFI bridges for macOS-specific APIs)
- Proxy: Bun-native TLS interception
- Storage: SQLite
- Platforms: macOS first, Linux planned
AgentTap builds on the selective routing architecture of VPN-Bypass, adding a transparent MITM proxy layer for traffic inspection:
- Desktop App (ElectroBun) -- toggle providers, view capture status, browse traces
- Privileged Helper -- manages pf firewall rules and custom CA installation (Swift FFI on macOS)
- DNS Resolver -- parallel resolution engine to track provider IP addresses
- Local MITM Proxy -- TLS termination, request/response logging, SSE stream reassembly
- Trace Storage -- structured local database of all captured API interactions
AgentTap is fully local. No telemetry, no cloud, no analytics. Your traces are yours.