Everything you need to start observing your AI agents in real time.
Overview
Candor is a real-time observability platform for AI agents. It works as a transparent proxy that sits between your AI agent and MCP servers, intercepting, logging, and visualizing every tool call, resource read, and response.
Think of it as Sentry for AI agents — you see exactly what your agents are doing, how much they cost, and when things go wrong.
Full Visibility
Every MCP tool call, resource read, and prompt completion logged and visualized.
Real-Time
Live event streaming via WebSocket. See agent actions as they happen.
Cost Tracking
Estimate token costs per session, per tool, per agent. No surprises.
Smart Alerts
Set rules for error rates, cost spikes, latency thresholds. Get notified via webhook.
Candor acts as a transparent proxy. You change one line in your MCP client config to route traffic through Candor instead of directly to the MCP server.
Before and After
Your MCP client connects to localhost:3100 instead of the upstream server. Candor handles forwarding, logging, and streaming the data to the dashboard.
claude_desktop_config.json
1// Claude Desktop: ~/.claude/claude_desktop_config.json
How Candor intercepts, stores, and visualizes MCP traffic.
Data Flow
Candor sits between your AI agent and its MCP servers as a transparent proxy layer. Every request and response passes through, gets logged, and is streamed to the dashboard in real time.
System Architecture
AI Agent
Claude, Cursor, Windsurf, etc.
MCP JSON-RPC (stdio/SSE)
Candor Proxy
localhost:3100
Forward
MCP Server(s)
Tool execution
Log
PostgreSQL
Event storage
Stream
WebSocket
:3101
Real-time feed
Dashboard
Timeline / Sessions / Costs / Alerts
Proxy Layer
The proxy layer intercepts MCP JSON-RPC messages over both stdio and SSE transports. It is completely transparent — your agents work exactly as before.
Zero Code Changes
No SDK, no imports. Just a config change to route through the proxy.
Bidirectional
Captures both requests (agent → server) and responses (server → agent).
Low Latency
Sub-millisecond overhead. Async logging ensures zero impact on agent performance.
Event Pipeline
Each intercepted MCP message goes through the following pipeline:
1
Intercept
Proxy captures the raw JSON-RPC request/response pair.
Writes to PostgreSQL via Prisma for persistent storage and querying.
4
Stream
Broadcasts to connected WebSocket clients for real-time dashboard updates.
5
Evaluate
Checks against alert rules. Triggers webhooks if conditions match.
CLI Reference
Complete reference for the Candor proxy CLI commands.
candor start
Start the proxy server and dashboard. This is the primary command for daily use.
bash
candor start [options]
Options:
--port <number> Proxy port (default: 3100)
--dashboard <number> Dashboard port (default: 3200)
--config <path> Path to config file (default: ./candor.config.json)
--no-dashboard Start proxy only, skip dashboard
--attach Run in attached mode (for MCP client integration)
--verbose Enable verbose logging
Examples:
candor start
candor start --port 4100 --dashboard 4200
candor start --no-dashboard
candor start --config ./custom-config.json
candor init
Generate a new configuration file with an interactive wizard.
bash
candor init [options]
Options:
--dir <path> Output directory (default: current directory)
--template <id> Use a starter template (basic, advanced)
# Interactive wizard flow:
# 1. Select MCP servers to monitor
# 2. Configure transport type (stdio/SSE)
# 3. Set storage backend (memory/postgres)
# 4. Choose dashboard port
# → Generates candor.config.json
candor status
Show the current status of the proxy, connected agents, and active sessions.
bash
candor status
# Output:
# Candor Proxy v1.0.0
# ─────────────────────────────
# Status: Running
# Proxy: localhost:3100
# Dashboard: localhost:3200
# WebSocket: localhost:3101
#
# Active Sessions: 2
# Total Events: 1,847
# Uptime: 4h 23m
#
# Connected Upstreams:
# ✓ filesystem (stdio)
# ✓ github (SSE)
# ✗ slack (disconnected)
MCP Integration
How to connect different AI agents and MCP clients through Candor.
stdio Mode
stdio is the default transport for local MCP servers. The proxy spawns the MCP server as a child process and intercepts all stdin/stdout communication.
SSE (Server-Sent Events) transport is used for remote MCP servers. The proxy connects to the remote server and relays events to your local agent.
candor.config.json
1// candor.config.json
2{
3"upstreams": [
4 {
5"name": "github",
6"transport": "sse",
7"url": "https://mcp.github.com/sse",
8"headers": {
9"Authorization": "Bearer ghp_xxxxxxxxxxxx"
10 }
11 }
12 ]
13}
Supported Clients
Candor works with any MCP-compatible AI agent. Here are setup guides for popular clients:
Client
Transport
Config Location
Claude Desktop
stdio
~/.claude/claude_desktop_config.json
Claude Code (CLI)
stdio
~/.claude/claude_code_config.json
Cursor
stdio
.cursor/mcp.json
Windsurf
stdio
~/.codeium/windsurf/mcp_config.json
VS Code (Copilot)
stdio
.vscode/mcp.json
Custom Agent
stdio / SSE
See API Reference
All MCP clients that support the standard stdio transport work with Candor out of the box. No client-specific code is needed.
Dashboard
The visual interface for monitoring your AI agents.
Live Timeline
The Timeline view shows every MCP event as it happens. Events stream in real time via WebSocket and display the tool name, method, parameters, latency, and cost estimate.
Real-Time Streaming
Events appear instantly as your agent executes tool calls.
Powerful Filters
Filter by tool name, method, status, latency range, or time window.
Expandable Detail
Click any event to see full request params and response payload.
Session Explorer
Sessions group related MCP events together. Each time an agent starts a new conversation or task, Candor creates a session to track all associated tool calls.
Field
Description
Agent ID
Identifier for the AI agent that created the session
Duration
Time from first to last event in the session
Events
Total number of MCP events in the session
Cost
Estimated total cost based on token usage
Errors
Number of failed tool calls or error responses
Status
Active (receiving events) or completed
Wallet Authentication
Candor uses Solana wallet-based authentication. Connect a Phantom or Solflare wallet to access your personal dashboard. Your wallet address serves as your account identifier.
Why Wallet Auth?
Wallet auth means no passwords, no email verification, and no centralized account storage. Your identity is your wallet — simple, secure, and decentralized.
typescript
// Supported wallets:
// - Phantom (browser extension)
// - Solflare (browser extension)
// - Any Wallet Standard compatible wallet
// The dashboard uses @solana/wallet-adapter-react
// Auth flow:
// 1. Click "Connect Wallet" → wallet popup
// 2. Approve connection → dashboard unlocks
// 3. Wallet address = account ID
// 4. Disconnect to return to demo mode
API Reference
REST endpoints and WebSocket API for programmatic access.
REST Endpoints
GET/api/sessionsList sessions
GET/api/sessions/:idSession detail
GET/api/eventsQuery events
GET/api/statsAggregated statistics
POST/api/alert-rulesCreate alert rule
PUT/api/alert-rules/:idUpdate alert rule
DELETE/api/alert-rules/:idDelete alert rule
GET/api/alertsList triggered alerts
GET/api/cost-ratesList cost rates
PUT/api/cost-rates/:idUpdate cost rate
WebSocket API
Connect to the WebSocket endpoint for real-time event streaming. Events are broadcast as they are intercepted by the proxy.
websocket-client.ts
1// Connect to WebSocket
2const ws = new WebSocket('ws://localhost:3101');
3
4ws.onopen = () => {
5 console.log('Connected to Candor event stream');
9 toolName?: string; // Tool name (for tool calls)
10 params?: object; // Request parameters
11 result?: object; // Response result
12
13// Metadata
14 latencyMs?: number; // Round-trip latency
15 costEstimate?: number; // Estimated USD cost
16 tokenCount?: {
17 input: number;
18 output: number;
19 };
20 status: 'success' | 'error';
21 error?: string; // Error message (if status is 'error')
22}
Cost Tracking
Monitor and attribute costs across agents, sessions, and tools.
Cost Models
Candor estimates costs by analyzing token counts in MCP payloads and matching them against configurable rate cards for different LLM providers.
Provider
Model
Input (per 1K)
Output (per 1K)
Anthropic
Claude Opus 4
$15.00
$75.00
Anthropic
Claude Sonnet 4
$3.00
$15.00
Anthropic
Claude Haiku 3.5
$0.80
$4.00
OpenAI
GPT-4o
$2.50
$10.00
OpenAI
GPT-4o mini
$0.15
$0.60
Custom Rates
Configure custom cost rates via the API or dashboard settings:
json
// Create custom cost rate
PUT /api/cost-rates/custom-model
{
"provider": "custom",
"model": "my-fine-tuned-model",
"inputPer1kTokens": 5.00,
"outputPer1kTokens": 15.00,
"currency": "USD"
}
Alerts
Define rules to get notified when things need attention.
Alert Rules
Alert rules evaluate conditions against incoming events. When a condition matches, Candor creates an alert and optionally sends a webhook notification.
Alert notifications are sent as HTTP POST requests to your configured webhook URL. Each payload includes the alert details, triggering event, and session context.
webhook-payload.json
1// Webhook payload example
2{
3"id": "alert-uuid",
4"rule": "High Error Rate",
5"severity": "warning",
6"message": "Error rate exceeded 10% in the last 5 minutes",
7"timestamp": "2026-02-23T14:30:00Z",
8"session": {
9"id": "session-uuid",
10"agentId": "claude-desktop"
11 },
12"event": {
13"id": "event-uuid",
14"method": "tools/call",
15"toolName": "file_write",
16"status": "error",
17"error": "Permission denied"
18 }
19}
Condition Types
Type
Description
Parameters
error_rate
Triggers when error rate exceeds threshold
threshold (0-1), window
latency
Triggers when p95 latency exceeds threshold
thresholdMs, window
cost_spike
Triggers when session cost exceeds budget
maxCostUsd
tool_failure
Triggers on specific tool error
toolName, errorPattern
session_duration
Triggers when session exceeds time limit
maxDurationMs
event_count
Triggers when events per session exceed limit
maxEvents
Deployment
Deploy Candor for team-wide or production observability.
Railway
Railway is the recommended deployment platform. Deploy the dashboard, proxy, and PostgreSQL database as connected services.
bash
# Install Railway CLI
npm install -g @railway/cli
# Login
railway login
# Initialize project
railway init
# Add PostgreSQL
railway add --plugin postgresql
# Deploy
railway up
# Set environment variables
railway variables set DATABASE_URL=<auto-provided>
npm start (or use PM2/systemd for process management)
Troubleshooting
Common issues and frequently asked questions.
Common Issues
Port already in use
If port 3100 is occupied, either stop the conflicting process or use candor start --port 4100 to specify an alternative port.
Wallet connection fails
Make sure you have Phantom or Solflare browser extension installed. Candor does not support hardware wallets (Ledger) due to USB dependency constraints.
Events not appearing in dashboard
Check that your MCP client is routing through the Candor proxy port (default: 3100). Use candor status to verify the proxy is running and upstreams are connected.
High memory usage
If the proxy is consuming too much memory, reduce MAX_EVENTS_PER_SESSION and LOG_RETENTION_DAYS in your environment variables.