API Reference REST endpoints and WebSocket protocol

All REST endpoints are served by the dashboard on :9081. All requests and responses use Content-Type: application/json.

Traffic API

GET /api/traffic

List all captured traffic as an array of summary objects.

curl http://localhost:9081/api/traffic

Response:

[
  {
    "id": "a1b2c3d4-...",
    "seq": 1,
    "state": "completed",
    "method": "GET",
    "url": "https://example.com/api/users",
    "statusCode": 200,
    "contentType": "application/json",
    "host": "example.com",
    "duration": 142,
    "requestBodySize": 0,
    "responseBodySize": 1024,
    "responseHttpVersion": "2",
    "intercept": { "wasIntercepted": false, ... }
  },
  ...
]

GET /api/traffic/:id

Full detail for a single entry, including base64-encoded bodies.

curl http://localhost:9081/api/traffic/a1b2c3d4-...

Response: Full TrafficEntry.toJSON() object with request/response headers, base64 bodies, timing, target info, and intercept metadata.

DELETE /api/traffic

Clear all captured traffic.

curl -X DELETE http://localhost:9081/api/traffic

POST /api/traffic/:id/forward

Forward an intercepted request, optionally with modifications.

curl -X POST http://localhost:9081/api/traffic/ID/forward \
  -H "Content-Type: application/json" \
  -d '{
    "method": "PUT",
    "path": "/api/v2/users",
    "headers": { "x-custom": "value" },
    "body": "{\"modified\": true}"
  }'

Field	Type	Description
`method`	string	Override the HTTP method
`path`	string	Override the request path
`headers`	object	Replace all request headers
`body`	string	Override the request body

All fields are optional. Send {} to forward without modifications.

POST /api/traffic/:id/drop

Drop an intercepted request. The client receives a 502.

curl -X POST http://localhost:9081/api/traffic/ID/drop

POST /api/traffic/:id/forward-response

Forward an intercepted response, optionally with modifications.

curl -X POST http://localhost:9081/api/traffic/ID/forward-response \
  -H "Content-Type: application/json" \
  -d '{ "statusCode": 404, "body": "{\"error\": \"not found\"}" }'

Field	Type	Description
`statusCode`	number	Override the response status code
`headers`	object	Replace all response headers
`body`	string	Override the response body

POST /api/traffic/:id/drop-response

Drop an intercepted response. The client receives a 502.

Intercept API

GET /api/intercept

Check if interception is enabled.

curl http://localhost:9081/api/intercept

Response:

{ "requestEnabled": false, "responseEnabled": false }

POST /api/intercept

Toggle interception on or off (both request and response).

curl -X POST http://localhost:9081/api/intercept \
  -H "Content-Type: application/json" \
  -d '{ "enabled": true }'

Rules API

GET /api/rules

List all intercept rules.

curl http://localhost:9081/api/rules

Response:

[
  {
    "id": "uuid...",
    "enabled": true,
    "urlPattern": "*api*",
    "method": "POST",
    "contentType": "",
    "headerKey": "",
    "headerValue": "",
    "direction": "request",
    "createdAt": 1711900000000
  }
]

POST /api/rules

Create a new rule.

curl -X POST http://localhost:9081/api/rules \
  -H "Content-Type: application/json" \
  -d '{
    "urlPattern": "*login*",
    "method": "POST",
    "direction": "request"
  }'

Returns 201 with the full rule object (including generated id).

PUT /api/rules/:id

Update a rule.

curl -X PUT http://localhost:9081/api/rules/UUID \
  -H "Content-Type: application/json" \
  -d '{ "enabled": false }'

DELETE /api/rules/:id

Delete a rule.

curl -X DELETE http://localhost:9081/api/rules/UUID

Sessions & Export API

GET /api/sessions

List saved session filenames.

[ "session-2026-03-31T14-30-00.json", ... ]

POST /api/sessions

Save current traffic to a JSON file.

{ "file": "session-2026-03-31T14-30-00.json" }

POST /api/sessions/:filename/load

Load a saved session. Clears current traffic and replaces it with the session data.

GET /api/export/har

Download all traffic as a HAR 1.2 file.

curl -o capture.har http://localhost:9081/api/export/har

Chat API

GET /api/chat/status

Check if the AI chat agent is available.

{ "available": true, "sessionActive": false, "tokenEstimate": 1500 }

POST /api/chat/browser-context

Send browser cookies and localStorage from the extension.

curl -X POST http://localhost:9081/api/chat/browser-context \
  -H "Content-Type: application/json" \
  -d '{ "url": "https://example.com", "cookies": [...], "localStorage": {...} }'

WebSocket Protocol

Connect to ws://localhost:9081. All messages are JSON objects with a type field.

Server → Client (Traffic)

Type	Payload	Description
`init`	`{ count }`	Sent on connection — current entry count
`add`	`{ entry }`	New traffic entry (summary format)
`update`	`{ entry }`	Updated traffic entry (summary format)
`clear`	none	All traffic cleared

Client → Server (Chat)

Type	Payload	Description
`chat:send`	`{ messageId, text, selectedEntryId?, contextToggles }`	Send a user message to the AI
`chat:reset`	`{ messageId }`	Clear conversation history
`chat:compact`	`{ messageId }`	Summarize and compress context
`chat:context-toggle`	`{ toggles }`	Update which context blocks the AI sees

Server → Client (Chat)

Type	Payload	Description
`chat:status`	`{ available, sessionActive, contextToggles, tokenEstimate, breakdown }`	Sent on connect + toggle changes
`chat:chunk`	`{ messageId, text, done: false }`	Streaming text from Claude
`chat:done`	`{ messageId, fullText, tokenEstimate }`	Response complete
`chat:error`	`{ messageId, error }`	Error (CLI not found, crash, etc.)
`chat:action`	`{ messageId, action, detail }`	Claude using a tool (for thinking indicator)
`chat:reset-ack`	`{ messageId }`	Reset confirmed
`chat:compact-ack`	`{ messageId, summary }`	Compact confirmed with summary

Error Responses

All API errors return JSON:

Status	Body	When
`400`	`{ "error": "Invalid JSON" }`	Malformed request body
`404`	`{ "error": "Not found" }`	Unknown endpoint or missing entry/rule

Success responses return 200 with { "ok": true } for actions, or the requested data for queries.

Previous ← Request Lifecycle