Sherlock's Token Voyeurism Reveals What Claude Code Really Wants
Everyone assumes AI coding assistants are simple request-response machines. They're wrong.
When jmuncor got curious about what Claude Code was actually sending to Anthropic's servers, they built Sherlock—a transparent proxy that sits between your LLM tools and their APIs like a digital wiretap. What they found wasn't shocking data exfiltration or privacy violations. It was something more human: pure satisfaction.
<> "Turns out, watching your tokens tick up in real-time is oddly satisfying."/>
This confession reveals something fascinating about our relationship with AI costs. We're not just paying for intelligence—we're paying for a performance, and now we can watch the meter run.
The Mechanics of Digital Eavesdropping
Sherlock shells out to mitmproxy, that battle-tested Swiss Army knife of network interception with 41.2k GitHub stars. The setup is deceptively simple: intercept HTTPS traffic, provide a real-time terminal dashboard, and auto-save every prompt as Markdown and JSON files.
But here's where it gets interesting. The tool uses --set ssl_insecure=true, essentially telling your computer to trust any SSL certificate. Convenient? Absolutely. Secure? Not even close.
Hacker News users spotted this flaw within five minutes of examining the code. One user built a similar system months earlier using Envoy Proxy and Go, discovering that Codex CLI was sending telemetry to ab.chatgpt.com—but never open-sourced it.
What Your AI Actually Says About You
The real value isn't in the technical implementation—it's in the behavioral insights. Every Claude Code request reveals your coding patterns, your problem-solving approach, and your intellectual blind spots. The AI doesn't just see your code; it sees how you think about code.
Consider the implications:
- Every typo you make before asking for help
- How many times you rephrase the same question
- The context you think is relevant (versus what actually is)
- Your debugging methodology exposed in real-time
This isn't just about API monitoring—it's cognitive archaeology.
The Elephant in the Room
We're building tools to watch our tools that help us build tools. The recursion is getting dizzy.
Sherlock represents a growing paranoia in the developer community about AI opacity. We want intelligence, but we also want control. We want automation, but we demand visibility. These tensions aren't going away—they're accelerating.
The project itself is almost comically simple. It's mitmproxy with a dashboard. But the psychological need it fulfills is complex: the desire to peek behind the curtain of our AI assistants.
Beyond Token Voyeurism
The broader trend here is LLM observability. As AI tools proliferate, developers are building proxies for caching, auditing, and privacy. Tools like geniusrise-exit-proxy offer configurable auditing via JSON or CLI. The market is fragmenting into specialized solutions.
But Sherlock's appeal isn't its technical sophistication—it's the dopamine hit of watching those tokens accumulate. We've gamified our AI spending.
The Real Innovation
The insight isn't in the code; it's in the motivation. jmuncor built this "out of curiosity," but that curiosity reveals something deeper about our relationship with AI systems. We're not just users—we're suspicious partners in an increasingly complex dance.
Sherlock won't change how you code, but it might change how you think about coding with AI. And in a world where AI assistants are becoming extensions of our cognitive processes, that self-awareness might be the most valuable feature of all.
Sometimes the most revealing tools are the ones that reveal us to ourselves.
