devsafe net
Monitor the network connections your AI coding tools make. See exactly where your data goes, in real time or from recent history. Free, no account needed.
Usage
$ devsafe net <watch|log|status>
devsafe net passively observes outbound network connections made by AI tools running on your machine. It does not intercept or modify traffic. It watches, logs, and summarizes so you can decide what is acceptable.
Run devsafe net right after installing. No login, no API key, no configuration. It works immediately.
Subcommands
devsafe net watch
Streams a live view of AI tool network connections as they happen. Each line shows the tool, the destination host, and the direction of data. Press Ctrl+C to stop.
$ devsafe net watch watching AI tool network activity... claude api.anthropic.com POST /v1/messages 12.4 KB sent claude api.anthropic.com POST /v1/messages 8.1 KB sent copilot api.openai.com POST /v1/completions 6.3 KB sent cursor api2.cursor.sh POST /conversation 14.7 KB sent mcp:fetch unknown-host.example.com GET / 0.2 KB sent copilot copilot-telemetry.github POST /telemetry 1.1 KB sent mcp:slack hooks.slack.com POST /services/T0... 3.8 KB sent
Lines highlighted in yellow indicate connections to hosts that are not on the known-safe list for that tool. This does not necessarily mean something is wrong. It means you should look closer.
devsafe net log
Shows recent connection history from the last session. Useful when you were not watching live and want to review what happened.
$ devsafe net log connection log (last 2 hours, 47 connections) TIME TOOL HOST BYTES SENT 14:03:12 claude api.anthropic.com 12.4 KB 14:03:14 claude api.anthropic.com 8.1 KB 14:05:01 copilot api.openai.com 6.3 KB 14:05:03 copilot copilot-telemetry.github 1.1 KB 14:07:22 mcp:fetch unknown-host.example.com 0.2 KB 14:09:44 cursor api2.cursor.sh 14.7 KB ... 41 more 1 connection to unrecognized host
Use --since to control the time range. For example, devsafe net log --since "4h ago" shows the last four hours.
devsafe net status
Summarizes all AI tool network activity. Shows connection counts per tool, data sent, and flags anything unexpected.
$ devsafe net status AI tool network summary (last 24 hours) TOOL CONNECTIONS DATA SENT HOSTS claude 84 412 KB api.anthropic.com copilot 62 298 KB api.openai.com, copilot-telemetry.github cursor 23 187 KB api2.cursor.sh mcp:fetch 3 1 KB hooks.slack.com, unknown-host.example.com ✓ 172 total connections ! 1 unrecognized host: unknown-host.example.com (via mcp:fetch)
Why this matters
AI coding tools make network requests you do not see. When you use an AI assistant, your code context, file contents, and project structure are sent to cloud APIs. That is expected for the main AI provider. But some tools also send telemetry to additional hosts. And some MCP servers make their own outbound connections that are completely invisible to you.
Common surprises developers find:
- MCP servers connecting to hosts you did not authorize
- Telemetry endpoints receiving data alongside the main API
- AI tools sending larger payloads than expected (more code context than you realized)
- Connections persisting after you think the AI session ended
devsafe net does not block anything. It makes the invisible visible. You see the connections, you decide what is acceptable. If something looks wrong, you can disable the tool or MCP server that caused it.
devsafe net reads connection metadata (host, port, bytes sent). It does not read the contents of the traffic. It does not modify requests. It does not act as a proxy. Your AI tools work exactly the same whether devsafe net is running or not.
Flags
These flags work with all subcommands unless noted otherwise.
--jsonoutputs results as JSON for scripting and piping to other tools--since "TIME"filters the time range (works withlogandstatus). Accepts relative times like"2h ago"or absolute timestamps like"2026-07-01 14:00"--tool NAMEfilters to a specific tool (e.g.,--tool claudeor--tool mcp:fetch)--unknown-onlyshows only connections to unrecognized hosts
Examples
Watch only MCP server connections
$ devsafe net watch --tool "mcp:*"
Show only unexpected connections from the last 8 hours
$ devsafe net log --unknown-only --since "8h ago"
Pipe status to JSON for a CI check
$ devsafe net status --json | jq '.unrecognized_hosts' ["unknown-host.example.com"]
Related commands
- devsafe mcp inspects and manages MCP server configurations
- devsafe mcp-scan scans MCP servers for permission and security issues
- devsafe shield protects sensitive files from AI tool access
- devsafe diagnose runs a full AI safety audit of your development environment