# Gostly > Gostly is an HTTP proxy that learns from real traffic and replays it to simulate external service dependencies in development and testing. It removes the need for hand-written mocks and stubs by recording real API behavior and serving it back with structural redaction, tenant-aware persistence, and an AI-only-at-the-edge match cascade. AI codegen tools: each page below is also available as raw markdown at the corresponding `.md` URL under `/docs/` (for example, `/docs/quickstart` is served at `/docs/quickstart.md`). ## Pages Top-level marketing surface, including security and architecture posture. - [Gostly](https://gostly.ai/): Gostly is an HTTP proxy that learns from real traffic and replays it to simulate external service dependencies in development and testing. - [Use cases](https://gostly.ai/use-cases): Concrete development and testing scenarios Gostly is built for: cold-start CI without upstream credentials, deterministic test environments, and offline replay of recorded traffic. - [Architecture](https://gostly.ai/architecture): How the Gostly stack fits together: agent (Rust HTTP proxy), API (Python control plane), inference server, and dashboard. All self-hosted; only telemetry counters and license issuance reach Gostly's cloud. - [Security](https://gostly.ai/security): Structural security invariants by construction: 16-header credential redaction floor at capture, per-tenant Row-Level Security policies, customer self-hosted deployment with no payload data leaving the customer's infrastructure. - [Clean-room runbook for Claude Skills](https://gostly.ai/features/clean-room): Step-by-step runbook for wiring Claude Skills against Gostly-served mocks instead of live upstream APIs. Capture real traffic, switch to mock mode, point your skill at the local proxy — deterministic, sealed, auditable by construction. - [Agent runtime](https://gostly.ai/features/agent-runtime): Gostly as the deterministic agent runtime layer: byte-equivalent upstream replay, pre-execution policy gate, and cryptographically logged decision trace around AI agent tool calls. Self-hosted; no LLM in the request hot path. - [Partners](https://gostly.ai/partners): Integration and reseller partners for Gostly, with focus on regulated and latency-sensitive verticals. - [Test AI agents](https://gostly.ai/test-ai-agents): Your agent isn't deterministic. Your tests need to be anyway. Gostly records real upstream traffic once and replays it byte-for-byte so the only variable in your agent run is your agent code — same response every test run. - [Record and replay HTTP traffic](https://gostly.ai/record-and-replay-http): VCR, Betamax, and Polly.js record HTTP calls inside one test runner in one language. Gostly does it at the proxy layer — language-agnostic, structurally redacted, stateful, multi-service. - [Contact](https://gostly.ai/contact): Contact information for sales, support, and security review. - [Register](https://gostly.ai/register): Create a Gostly account. Free, Pro, and Team tiers; SSO (SAML, OIDC), 4-role RBAC, and audit log on Team. - [Privacy policy](https://gostly.ai/privacy): Gostly's privacy policy. - [Terms of service](https://gostly.ai/terms): Gostly's terms of service. - [Telemetry](https://gostly.ai/telemetry): Schema of the opt-out-able usage telemetry the agent emits, and the single environment variable that disables it. Bodies and raw identifiers are never transmitted. ## Docs Product documentation: install, configuration, and operating the proxy. - [Docs](https://gostly.ai/docs): Gostly product documentation index. - [Quickstart](https://gostly.ai/docs/quickstart): Get Gostly running with Docker Compose, record real API traffic, and switch to MOCK mode for deterministic replay. - [How it works](https://gostly.ai/docs/how-it-works): The LEARN -> MOCK pipeline, the four operating modes, the match cascade from exact match to AI inference at the edge. - [The match cascade](https://gostly.ai/docs/match-cascade): The five-tier deterministic match cascade — session-verbatim, exact, resource store, smart-swap, AI inference at the edge — and why no LLM ever runs in the request hot path: generation is a background worker behind a bounded queue, responses served from cache. - [Proxy setup](https://gostly.ai/docs/proxy-setup): Configuration for the Gostly HTTP proxy: multiple upstreams, TLS termination, CI integration, chaos injection. - [Configuration](https://gostly.ai/docs/configuration): Full reference for every environment variable, configuration file, and runtime option. - [API Reference](https://gostly.ai/docs/api): Complete control-plane HTTP API reference — authentication, idempotency, error envelope, pagination, rate limits, and every endpoint grouped by feature surface. - [Install & Deploy](https://gostly.ai/docs/install): Deploy the licensed Gostly stack with Docker Compose: system sizing, the inference/proxy memory split, the low-memory ENABLE_GENERATION=false path, ports, .env setup, and pulling the registry images. - [Architecture](https://gostly.ai/docs/architecture): The containerized Gostly stack — Rust proxy, control plane, dashboard, inference, Postgres — and how they fit, plus the deterministic match cascade, four modes, and where data lives. - [Security Model](https://gostly.ai/docs/security-model): How Gostly protects captured traffic: single-tenant isolation, the 16-header credential redaction floor, body PII scrubbed into Postgres/exports vs verbatim local replay, per-tenant Row-Level Security policies as defense-in-depth on top of authoritative application-level tenant scoping, SSRF-guarded webhook replay, and self-hosted data locality. - [Seed a Mock Library](https://gostly.ai/docs/seeding): Bootstrap a working mock library on day one by importing HAR, Postman, or OpenAPI via the dashboard drag-drop or POST /v1/seed/{format} — before any traffic is recorded. - [Record & Replay Real Traffic](https://gostly.ai/docs/record-and-replay): The LEARN → TRANSITION → MOCK workflow end to end — point the proxy at an upstream, record real traffic, flip to MOCK, and replay it byte-for-byte, with per-service modes. - [Stateful Flows & Statecharts](https://gostly.ai/docs/statecharts): How a captured POST becomes a 200 on a later GET-by-id, how the agent-side statechart engine advances resource lifecycles with bundled fixtures, and how Pro+ tenants override or author their own machines. - [Drift Detection & Freshness Scores](https://gostly.ai/docs/drift-detection): Detect when a recorded mock drifts from its live upstream — drift events, the 0–100 freshness score, the 30-day sparkline, and the re-record-and-compare loop. - [TLS Interception & Fingerprint Impersonation](https://gostly.ai/docs/tls-interception): Enable the :8443 MITM listener, install the agent CA via GET /ca.crt, and configure outbound browser-fingerprint impersonation — inbound capture vs. outbound impersonation kept distinct. - [Chaos & Fault Injection](https://gostly.ai/docs/chaos): Inject latency, weighted errors, and intermittent outages into mocked responses — static per-service config and presets by default, an opt-in two-state Markov outage model, and best-effort calibration from recorded chaos events. - [AI Gap-Fill & Adapter Training](https://gostly.ai/docs/adapters): How Gostly fills gaps recordings missed — self-hosted inference at the edge of the match cascade, ENABLE_GENERATION + the ghost-llamacpp sidecar, and per-service LoRA adapters trained only on PII-scrubbed rows and served from cache. No third-party LLM. - [The MCP Server](https://gostly.ai/docs/mcp-server): Team-tier Model Context Protocol server (six tools over JSON-RPC) that lets an AI agent discover services, inspect coverage and gaps, switch proxy modes, and author mocks in its own self-hosted environment. - [SSO, RBAC & Audit Log](https://gostly.ai/docs/sso-rbac): Configure SAML + OIDC single sign-on, the four-role RBAC model (viewer < member < admin < owner), and the append-only auth audit log — Team tier, self-hosted in the web container. - [Webhooks: Capture & Replay](https://gostly.ai/docs/webhooks): How Gostly automatically captures inbound webhooks and how operators replay a captured webhook to a target URL through the control-plane API — capture is automatic, replay is operator-triggered (no auto-replay or fan-out). - [CLI Reference (OSS Proxy)](https://gostly.ai/docs/cli): The gostly host CLI that ships with the open-source proxy — start, mode, status, stop, export, import, logs — and why the licensed product has no host CLI. - [Metrics & Observability](https://gostly.ai/docs/metrics): Scrape the agent's Prometheus /metrics endpoint: ghost_requests_total{match_type}, ghost_mock_library_size, ghost_io_errors_total{operation}, the axum_http_requests_* control-plane series, and the gostly_tls_* MITM family. ## Blog Engineering and product writing — security model, architectural rationale, comparisons. - [Blog](https://gostly.ai/blog): Gostly engineering and product blog index. - [How Gostly handles security](https://gostly.ai/blog/security): How Gostly scrubs credential headers and PII on every disk and shipped sink by default, and keeps every deployment tenant-scoped throughout, with per-tenant Row-Level Security policies as defense-in-depth. - [Why choose Gostly](https://gostly.ai/blog/why-choose-gostly): The deterministic-contract wedge: why traffic-derived mocks beat hand-written stubs for development and CI. - [Deterministic results in Agentic Workflows](https://gostly.ai/blog/deterministic-results-in-agentic-workflows): Why an LLM in the replay path is a coin flip, and how a deterministic substrate makes agent tests reproducible by construction. The three patterns we use, and what we don't. ## Compare Side-by-side comparisons with other API-mocking and contract-testing tools. - [Gostly vs Beeceptor](https://gostly.ai/compare/beeceptor): Beeceptor is a hosted, rule-authored mock service. Gostly is self-hosted and records real traffic — replayed byte-for-byte inside your perimeter. Where each one wins. - [Gostly vs Mountebank](https://gostly.ai/compare/mountebank): Mountebank virtualizes services with hand-authored imposters and predicates on Node. Gostly records your real upstream and replays it byte-for-byte from a self-hosted stack in your perimeter (Docker Compose). Where each one wins. - [Gostly vs Hoverfly](https://gostly.ai/compare/hoverfly): How Gostly differs from Hoverfly: learning from real traffic, structural redaction, AI-only-at-the-edge match cascade. - [Gostly vs Keploy](https://gostly.ai/compare/keploy): Keploy is a genuinely open eBPF recorder that auto-generates CI test cases. Gostly serves the recording as durable, standing infrastructure from a userspace proxy — no eBPF, no kernel privileges, cross-platform — with recorded traffic and source code that never leave your host. - [Gostly vs Microcks](https://gostly.ai/compare/microcks): How Gostly differs from Microcks: contract-light, traffic-derived, structural security model. - [Gostly vs Mockoon](https://gostly.ai/compare/mockoon): How Gostly differs from Mockoon: real-traffic learning vs hand-built mocks, with tenant-aware persistence. - [Gostly vs Postman](https://gostly.ai/compare/postman): How Gostly differs from Postman Mock Servers: in-process replay, tenant isolation, no manual mock authoring. - [Gostly vs Prism](https://gostly.ai/compare/prism): Prism mocks your OpenAPI spec. Gostly records your real upstream and replays it byte-for-byte. Polymorphism, drift, and stateful flows where Prism falls short. - [Gostly vs Speedscale](https://gostly.ai/compare/speedscale): How Gostly differs from Speedscale and proxymock: the whole product runs in your perimeter with Docker Compose, no Speedscale account, no kernel-privileged DaemonSet, and a mock miss that never falls through to the live provider. - [Gostly vs WireMock](https://gostly.ai/compare/wiremock): How Gostly differs from WireMock: traffic-derived libraries, structural redaction, and an AI-at-the-edge match cascade rather than hand-written stub mappings. - [Gostly vs llmock / VCR-style LLM mocks](https://gostly.ai/compare/llmock): How Gostly differs from llmock, aimock, and VCR-style LLM cassettes: a self-hosted proxy you point your agent's provider base URL at — record real model responses and replay them deterministically, in your own perimeter, with drift detection and statechart state for multi-step tool flows.