How to Monitor AI Coding Tool API Calls for Privacy and Performance
Purpose
This post shows how to monitor API calls from AI coding tools to see what data they send from your computer.
Environment
- macOS 15.0 (similar tools work on Linux and Windows)
- Chrome Browser 131
- AI coding tools tested: GitHub Copilot, Cursor, Tabnine
Why I wanted to monitor AI tools
I use AI coding tools every day. They help me write code faster. But I started wondering: what data do these tools send from my computer? When I type code in my editor, does it send just the current line? Or does it send my entire file? What about other files I have open?
I wanted to see the actual network traffic to understand:
- What code snippets are sent to AI servers
- How often API calls happen
- Whether sensitive data leaves my machine
How to see AI tool network traffic
There are four main methods I use, depending on the tool:
Method 1: Browser DevTools (for web-based tools)
Some AI tools run in your browser. For these, Chrome DevTools works well.
When I open an AI coding tool in Chrome, I:
- Press
F12to open DevTools - Click the “Network” tab
- Start typing in the code editor
- Watch for network requests in the list
Here’s what I see:
┌─────────────────────────────────────────┐│ Name Status Type │├─────────────────────────────────────────┤│ complete 200 xhr ││ complete 200 xhr ││ context 200 xhr │└─────────────────────────────────────────┘I click on each request to see the details. The “Payload” tab shows what data was sent.
But this method has a problem: it only works for browser-based tools. Most AI coding assistants run as native applications (desktop apps), not in the browser.
Method 2: Charles Proxy (for native apps)
Charles Proxy sits between your computer and the internet. It can see HTTPS traffic from any application.
I installed Charles Proxy and:
- Opened Charles (it starts on port 8888 by default)
- Configured my system proxy settings to use
localhost:8888 - Enabled SSL Proxying in Charles → Proxy → SSL Proxying Settings
- Added domains for AI tools:
api.githubcopilot.comapi.tabnine.comapi.cursor.sh
The first time I used it, I got SSL certificate warnings. I had to install Charles’s SSL certificate on my system and mark it as trusted.
After setup, I opened my AI coding editor and started typing. Charles showed me the API calls:
┌──────────────────────────────────────────────────┐│ Sequence Host Method │├──────────────────────────────────────────────────┤│ 1 api.githubcopilot.com POST ││ 2 api.githubcopilot.com POST ││ 3 api.githubcopilot.com POST │└──────────────────────────────────────────────────┘I clicked on each request and viewed the “Request” tab. I could see the actual code snippets being sent.
This method works well but costs money (Charles has a free trial but requires payment later).
Method 3: Wireshark (for deep packet inspection)
Wireshark is free and shows everything. But it’s more complex to use.
I downloaded Wireshark and:
- Selected my network interface (usually “Wi-Fi” or “en0”)
- Applied a filter to reduce noise:
host api.githubcopilot.com or host api.tabnine.com
- Started typing in my code editor
- Right-clicked packets → “Follow → TCP Stream
The TCP Stream view shows the full conversation between my computer and the AI server. I can see request headers, request bodies, response headers, and response bodies.
But Wireshark has a drawback: it shows encrypted HTTPS traffic as scrambled text. To see the actual content, I need to decrypt SSL/TLS, which requires more setup.
Method 4: Terminal logging (for quick checks)
For a quick check, I use the terminal to monitor connections.
On macOS, I run:
# Monitor outgoing connections to known AI API hostssudo tcpdump -i any -n host api.githubcopilot.com or host api.tabnine.comThen I use my AI coding tool and watch the terminal output.
This shows me:
- When connections happen
- How often they happen
- The size of data transfers
But it doesn’t show me the actual content of the requests (because of HTTPS encryption).
What I found when monitoring AI tools
After testing with these tools, I discovered:
Finding 1: API calls happen frequently
I counted API calls while typing a simple function:
┌─────────────────────────────────────┐│ Action API Calls │├─────────────────────────────────────┤│ Type "function" 2 ││ Add function name 3 ││ Add parameters 1 │└─────────────────────────────────────┘The tools call the API on every keystroke or after short pauses. This makes sense for real-time suggestions, but it adds up.
Finding 2: Context varies by tool
Different tools send different amounts of context:
- Some tools send only the current line I’m typing
- Others send the entire function
- A few send multiple files I have open
I can see this in Charles Proxy when I inspect the request payload:
{ "prompt": "function calculateTax(amount) {", "context": ["file1.ts", "file2.ts"], "cursor": {"line": 12, "column": 34}}Finding 3: Sensitive data can leak
I tested with a file containing API keys:
const API_KEY = "sk-proj-1234567890abcdef";When I typed near this line, some AI tools sent the entire code block to their API. This means the API key traveled to an external server.
How to protect your privacy
Based on what I found, here’s what I recommend:
1. Check what your tool sends
Use Charles Proxy or Wireshark to inspect your AI tool’s traffic. Look at the request payload to see what code is being sent.
2. Configure tools to send less context
Many AI tools have settings to control how much context they send. I found options like:
- “Send only current line
- “Send current function
- “Send entire file
I set mine to send only what’s necessary.
3. Avoid using AI tools with sensitive files
If I’m working with files that contain:
- API keys
- Passwords
- Proprietary algorithms
- Customer data
I disable the AI tool for those files. Most editors let you disable AI per-file or per-project.
4. Use local AI tools when possible
Some AI coding tools run entirely on your machine. They don’t send code to external servers. The trade-off is they need a powerful GPU and may be slower.
Performance considerations
Monitoring API calls also helped me understand performance:
API call frequency
I measured how often my tools call the API:
┌──────────────────────────────────────┐│ Tool Calls per minute │├──────────────────────────────────────┤│ Tool A 25 ││ Tool B 8 ││ Tool C 15 │└──────────────────────────────────────┘More calls = more network usage. If I’m on a slow connection, this matters.
Bandwidth usage
I measured the size of requests and responses:
- Average request size: 2-5 KB
- Average response size: 1-3 KB
- Per hour of active coding: ~1-2 MB
This isn’t huge, but it adds up over time.
Latency impact
Some tools have noticeable delays between my keystroke and the suggestion appearing. Using the Network tab in DevTools, I can see:
Request sent: 10:23:45.123Response received: 10:23:45.456Round-trip time: 333msTools with faster response times feel more responsive.
Common mistakes I made
When I started monitoring, I made some mistakes:
Mistake 1: Forgetting about HTTPS
I tried using tcpdump at first and got scrambled output. I forgot that HTTPS traffic is encrypted. I needed tools like Charles Proxy that can decrypt HTTPS.
Mistake 2: Not setting SSL proxying
I configured Charles Proxy but didn’t enable SSL Proxying for the AI tool domains. I saw the requests but couldn’t read the content. Once I added the domains to the SSL Proxying list, I could see the actual data.
Mistake 3: Monitoring the wrong interface
In Wireshark, I selected “Loopback” instead of “Wi-Fi”. I saw no traffic because my AI tool was sending requests to the internet, not locally. I switched to the correct network interface and started seeing data.
Mistake 4: Ignoring background requests
Some AI tools make API calls even when I’m not typing. They might be:
- Checking for updates
- Syncing settings
- Telemetry
At first I thought these were errors. Now I know to filter them out.
Summary
In this post, I showed how to monitor API calls from AI coding tools using:
- Browser DevTools for web-based tools
- Charles Proxy for native applications
- Wireshark for deep packet inspection
- Terminal commands for quick checks
The key point is that AI coding tools send data to external servers, and you can see what they’re sending with simple network monitoring tools. This helps you make informed decisions about privacy and which tools to use.
Final Words + More Resources
My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me
Here are also the most important links from this article along with some further resources that will help you in this scope:
- 👨💻 Charles Proxy - HTTP Monitor
- 👨💻 Wireshark - Network Protocol Analyzer
- 👨💻 Chrome DevTools Network Monitoring
- 👨💻 Envoy Proxy - Configuration Guide
Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!
Comments