See what Claude Code actually sends to the API.
A local MITM proxy that intercepts Claude Code CLI traffic in real-time,
lets you inspect every JSON payload, and analyzes session flows with AI.
Install · Usage · AI Analysis · What You'll Learn
English | 한국어
brew install --cask kangraemin/tap/claude-inspector && sleep 2 && open -a "Claude Inspector"Download the .dmg from the Releases page.
| Mac (Apple Silicon) | Mac (Intel) |
|---|---|
| Claude-Inspector-arm64.dmg | Claude-Inspector-x64.dmg |
# Upgrade
brew update && brew upgrade --cask claude-inspector && sleep 2 && open -a "Claude Inspector"
# Uninstall
brew uninstall --cask claude-inspectorIntercept real Claude Code CLI traffic via a local MITM proxy.
Claude Code CLI → Inspector (localhost:9090) → api.anthropic.com
1. Click Start Proxy in the app
2. Run Claude Code through the proxy:
ANTHROPIC_BASE_URL=http://localhost:9090 claude3. Every API request/response is captured in real-time.
| Tab | What it shows |
|---|---|
| AI Analysis | AI-powered session analysis — flow summary, Mermaid diagram, inline chat |
| Request | Full JSON request body, collapsible tree, token/cost breakdown |
| Response | Full JSON response with tool_use results |
| Anatomy | Detected mechanisms (CLAUDE.md, Skills, MCP, Sub-agents) as colored chips |
Select captured requests and let Claude (Sonnet) analyze the full session flow.
- Step-by-step session summary — what happened, in what order, with mechanism explanations
- MCP dynamic loading chain — how ToolSearch fetches schemas, how deferred tools become callable
- Skill loading flow — how slash commands trigger
<command-message>→ Skilltool_use - Sub-agent patterns — which requests are main vs sub-agent, and how they relate
- Mermaid flowchart — visual diagram of the internal mechanism flow
- Clickable references — each step links to the actual Request, scrolling to the relevant
tool_use
- Capture some requests via the proxy
- Click the AI Analysis tab
- Select requests to analyze (click to toggle, Shift+click for range)
- Click Analyze Session Flow
- Watch real-time streaming as Claude processes the session
- Click any Request #N badge to jump to that request's
tool_usein the JSON tree
After analysis, ask Claude follow-up questions about the session. The chat understands the full analysis context.
Requests are automatically grouped by session using message content fingerprinting. Different sessions (main conversation, sub-agents, stop hooks) get different colored borders in the sidebar.
All discovered from real captured traffic. See what Claude Code hides from you.
You type hello. Claude Code silently prepends ~12KB before your message:
| Block | What's inside | Size |
|---|---|---|
content[0] |
Available skills list | ~2KB |
content[1] |
CLAUDE.md + rules + memory | ~10KB |
content[2] |
What you actually typed | few bytes |
Injection order: Global CLAUDE.md → Global rules → Project CLAUDE.md → Memory
This ~12KB payload is re-sent with every request. A 500-line CLAUDE.md quietly burns tokens on every API call. Keep it lean.
Built-in tools (27) ship their full JSON schemas every request. MCP tools start as names only.
| Step | What happens | tools[] count |
|---|---|---|
| Initial request | 27 built-in tools loaded | 27 |
Model calls ToolSearch("context7") |
Full schema for 2 MCP tools returned | 29 |
Model calls ToolSearch("til") |
6 more MCP tool schemas added | 35 |
Unused MCP tools never consume tokens. Watch tools[] grow as the model discovers what it needs.
When Claude Code reads a screenshot or image, it's base64-encoded and embedded directly in the JSON body:
{
"type": "image",
"source": {
"type": "base64",
"media_type": "image/png",
"data": "iVBORw0KGgo..."
}
}A single screenshot can add hundreds of KB to the request payload. Inspector shows you the exact size.
Typing /something triggers one of three completely different mechanisms:
| Local Command | User Skill | Assistant Skill | |
|---|---|---|---|
| Example | /mcp, /clear |
/commit |
Skill("finish") |
| Who triggers | User | User | Model |
| Injection | <local-command-stdout> |
Full prompt in user msg | tool_use → tool_result |
| Model sees | Result only | Full prompt | Full prompt |
Commands run locally and only pass the result. Skills inject the entire prompt text — and it stays in every subsequent request until the session ends.
Claude Code re-sends the entire messages[] array with every request:
| Turns | Approx. cumulative transfer |
|---|---|
| 1 | ~15KB |
| 10 | ~200KB |
| 30 | ~1MB+ |
Most of it is old conversation you no longer need. Running /clear resets the context and drops the accumulated weight.
When Claude Code spawns a sub-agent (via the Agent tool), it creates a completely separate API call:
| Parent API call | Sub-agent API call | |
|---|---|---|
messages[] |
Full conversation history | Only the task prompt — no parent history |
| CLAUDE.md | Included | Included (independently) |
| tools[] | All loaded tools | Fresh set |
| Context | Accumulated | Starts from zero |
Inspector captures both calls side by side, and AI Analysis automatically detects and labels sub-agent sessions.
git clone https://github.com/kangraemin/claude-inspector.git
cd claude-inspector
npm install
npm start # Dev mode
npm run test:unit # Unit tests
npm run test:e2e # E2E tests (Playwright)| Layer | What | Why |
|---|---|---|
| Electron | Desktop shell, IPC | Native macOS titlebar, code-signed + notarized DMG |
| Vanilla JS | Zero frameworks | Entire UI in a single index.html — no bundler, no React |
Node http/https |
MITM proxy | Intercepts Claude Code ↔ API traffic, reassembles SSE streams |
| Mermaid.js | Flowchart rendering | AI Analysis mechanism diagrams |
| claude -p | AI analysis engine | Session flow analysis + inline chat via Claude Sonnet |
Privacy: All proxy traffic stays on
localhost. AI Analysis runs locally viaclaude -p(your own Claude Code CLI).
MIT