Passive Capture Workflow¶
Passive capture is for understanding the traffic before touching it. Use it to answer:
- which protocol is present: A2A, MCP, or unknown HTTP
- which paths and methods matter
- which decoded fields a future rule should match
- whether SSE or WebSocket traffic carries complete JSON messages
HTTP/SSE/WebSocket Tap¶
seam tap --listen 127.0.0.1:8400 \
--upstream http://127.0.0.1:8500 \
--transcript tap.json \
--schema schemas/transcript.schema.json
Inspect the transcript:
seam transcript inspect --transcript tap.json --schema schemas/transcript.schema.json --decoded
seam session status --transcript tap.json --schema schemas/transcript.schema.json
What To Look For¶
Safe decoded summaries should show protocol, kind, direction, and decoded keys:
seq=0 a2a/message request id=req-1 keys=correlation,json,path
seq=1 mcp/tool_result response id=call-1 keys=correlation,json,path
If the protocol is unknown, Seam still records raw bytes and metadata. Use that transcript for meshmapper context or to write a more precise decoder later.
Handoff¶
- To graph structure: pass the transcript to meshmapper.
- To prove a side effect: create an Assay case and route probes through Seam API
/deliver. - To rewrite: use the decoded paths from
transcript inspect --decodedas rule paths.