🔧 How to Intercept GitHub Copilot API Traffic

See exactly what requests your IDE's Copilot agent sends, including token counts and response latency.

1. Enable the Proxy

1. Select the container running your Copilot-enabled IDE or agent
2. Press A to open the Audit panel
3. Press p to set up the transparent proxy

cella configures nftables REDIRECT rules and injects a MITM CA certificate into the container's system trust store (/usr/local/share/ca-certificates/cella-proxy.crt) and sets the LXD instance environment variable NODE_EXTRA_CA_CERTS so that Node.js processes trust it.

# systemd user service
systemctl --user restart my-service.service

# or restart the process directly
pkill -f my-app && my-app &

2. Approve the Domain

When Copilot makes its first request, you'll see an approval overlay for api.business.githubcopilot.com.

Press Y to always allow it, or y for a one-time approval.

To approve all subdomains at once, press L to open the Allow/Deny list, navigate to the entry with j/k, press e to edit, and change it to *.githubcopilot.com.

3. Watch the Traffic

The Audit panel now shows each API call:

15:04:02 ✅🔓 my-agent POST → api.business.githubcopilot.com /models/claude-sonnet-4.6/chat/completions [200] (5.3s)

4. View Inference Stats

Press M for the Inference Stats panel. cella parses the SSE response stream and extracts:

• Model name — from the response body, request body, or URL path (e.g. /models/claude-sonnet-4.6/chat/completions)
• Token counts — input and output tokens
• RPM / TPM — requests and tokens per minute
• Estimated cost — based on known model pricing

Both standard OpenAI paths (/v1/chat/completions) and model-namespaced Copilot paths (/models/<name>/chat/completions) are detected automatically.

5. Export Audit Data

In the Audit panel, press S to export the audit log as JSON for further analysis.