Proxyman MCP

Overview

Proxyman MCP is a local Model Context Protocol integration for the Proxyman app. The product website is https://proxyman.com. The MCP documentation page is https://docs.proxyman.com/mcp.md, and the official agent-skill source repository for MCP setup and traffic-debugging guidance is https://github.com/ProxymanApp/proxyman-SKILL.md.

The documented architecture has two local pieces: an MCP HTTP server running inside the Proxyman app on localhost with token-based authentication, and a bundled stdio MCP bridge that MCP clients launch. The bridge reads the local handshake file and forwards tool calls to the running Proxyman app at http://127.0.0.1:/mcp. Do not hardcode the port or token; Proxyman regenerates them.

Installation And Launch

Enable MCP inside Proxyman first: open Proxyman, go to Settings > MCP, and enable MCP Server. Proxyman must be installed and running before MCP tools can work.

Production macOS app bundle command:

/Applications/Proxyman.app/Contents/MacOS/mcp-server

Setapp macOS app bundle command:

/Applications/Setapp/Proxyman.app/Contents/MacOS/mcp-server

The docs also show client setup commands for Codex and Claude Code using the same bundled stdio bridge. The source-reviewed skill files document Windows and Linux bridge locations, but they are installation/environment dependent: Windows normally places mcp-server.exe beside Proxyman.exe, with common locations under %LOCALAPPDATA%\Programs\Proxyman or C:\Program Files\Proxyman; Linux AppImage builds prepare XDG_CONFIG_HOME/Proxyman/bin/mcp-server or HOME/.config/Proxyman/bin/mcp-server after Proxyman is launched and MCP is enabled. These paths are recorded in sourceReview.commandArguments and prerequisites, but they are not added as default package transport targets because Wardn package transport args should be concrete runnable defaults and these paths require environment expansion or install-location discovery. The official skill says to prefer the exact command shown in Proxyman Settings > MCP when available.

Authentication And Security

The local Proxyman MCP HTTP server binds to 127.0.0.1 only and is not a cloud API or fixed public remote endpoint. Authentication uses a per-session token stored in the platform handshake folder. The macOS documentation calls out ~/Library/Application Support/com.proxyman.NSProxy/mcp-handshake.json with 0600 owner-only permissions; the skill docs list Windows %APPDATA%\Proxyman and Linux XDG_CONFIG_HOME/Proxyman or HOME/.config/Proxyman handshake folders. Do not edit the handshake file; if it is missing or stale, restart Proxyman and re-enable MCP.

Sensitive data redaction is controlled in Proxyman Settings > MCP. Keep "Redact Sensitive Data Before Sending to AI" enabled unless raw secrets are explicitly needed. Flow detail, WebSocket payload previews, Compose drafts, and exported cURL can honor that privacy setting.

Capabilities

Documented capabilities include read-only traffic and app-state tools such as get_version, get_proxy_status, get_flows, filter_flows, get_flow_detail, list_rules, get_ssl_proxying_list, get_system_proxy_status, get_certificate_status, list_websocket_sessions, and get_websocket_messages. Mutation/control tools include breakpoints, map local, map remote, blacklist, scripting, allow list, network conditions, DNS spoofing, reverse proxy, no-caching, external proxy, SSL proxying, system proxy, certificate install/uninstall, clear_session, toggle_recording, export_flow_curl, export_flows, generate_code, Compose HTTP tools, WebSocket close, open_proxyman, quit_proxyman, inject_terminal, inject_electron, guided setup workflows, docs search, resources, and prompts.

The official traffic-debugging skill says to treat tools/list, resources/list, and prompts/list from the connected MCP server as the current source of truth because Proxyman tool availability and schemas can change across app updates.

Limitations

Proxyman MCP controls a running local Proxyman app; it is not a hosted cloud API. Proxyman must be installed, running, and have Settings > MCP enabled. MCP setup can require a Proxyman plan/license if the toggle is locked. Windows/Linux bridges are intentionally not represented as default package targets because the documented bridge path depends on installation location or environment-expanded config directories. The macOS Helper Tool is only needed for system proxy automation. Root certificate installation is only needed for HTTPS decryption. Certificate install/uninstall, system proxy changes, exporting files, clearing sessions, quitting Proxyman, deleting rules, launching injected terminals, and disabling redaction should require explicit user consent. Localhost traffic may require Reverse Proxy because many clients bypass system proxy settings; iOS apps behind VPNs may need Atlantis instead of classic proxy capture.