Conduct Empirical Wire Capture

功能

• Capture outbound HTTP and telemetry from CLI tools
• Configurable capture-channel selection (file, stderr, proxy, state diff)
• Per-event capture vs. long-running session capture
• JSONL output format for diff-friendly artifacts
• Observability table for mapping targets to cheapest capture channels
• Mandatory redaction of secrets at capture time

使用场景

• When a static finding needs runtime confirmation.
• When a payload shape is needed for client re-implementation.
• When dark-vs-live disambiguation requires watching actual network traffic.
• To produce reproducible artifacts for comparing behavior across binary versions.

非目标

• Version baselining of binary behavior.
• Flag-state probing.
• Preparing redacted artifacts for public publication.
• Capturing traffic for other users or accounts.

工作流

1. Build the Observability Table First
2. Prepare a Disposable Workspace
3. Hook-Driven Capture for Per-Event Targets
4. Long-Running Session Capture for Sequential State
5. Normalize to JSONL
6. Redact at Capture Time
7. Classify Response Categories Before Recording
8. Persist the Capture Manifest

实践

• Reverse-engineering
• Wire capture
• HTTP
• Telemetry
• JSONL
• Observability

先决条件

• A CLI harness binary that can be run locally.
• A specific question to answer regarding the CLI's behavior.
• Optional: Static findings from prior phases to scope capture targets.
• Optional: A private workspace path for capture artifacts.