pypproxy 0.1.0__tar.gz → 0.3.0__tar.gz

{pypproxy-0.1.0 → pypproxy-0.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypproxy
-Version: 0.1.0
+Version: 0.3.0
 Summary: MITM HTTP/HTTPS proxy for inspecting and modifying traffic
 License-File: LICENSE
 Requires-Python: >=3.11
@@ -17,3 +17,5 @@ Requires-Dist: pyyaml>=6.0.3
 Requires-Dist: rich>=15.0.0
 Requires-Dist: uvicorn[standard]>=0.30.0
 Requires-Dist: websockets>=16.0
+Provides-Extra: frida
+Requires-Dist: frida>=16.0.0; extra == 'frida'

{pypproxy-0.1.0 → pypproxy-0.3.0}/docs/api.md

@@ -63,7 +63,7 @@ CRUD for intercept rules.
 | `GET /api/export/json` | Export all entries + rules as JSON |
 | `GET /api/export/har` | Export all entries as HAR 1.2 |
 | `POST /api/import/har` | Import entries from HAR body |
-| `POST /api/import/json` | Import entries from paxy JSON body |
+| `POST /api/import/json` | Import entries from pypproxy JSON body |
 | `POST /api/import/rules` | Import rules from JSON body |
 
 ---

{pypproxy-0.1.0 → pypproxy-0.3.0}/docs/architecture.md

@@ -8,24 +8,24 @@
 └────────────────────────┬─────────────────────────────────────┘
                          │ HTTP / CONNECT
 ┌────────────────────────▼─────────────────────────────────────┐
-│  paxy/proxy/proxy.py  (port :8080)                           │
+│  pypproxy/proxy/proxy.py  (port :8080)                           │
 │  asyncio TCP server                                          │
 │  ├─ HTTP  → intercept → forward upstream (httpx, HTTP/2)     │
 │  ├─ CONNECT → TLS termination (MITM)                         │
 │  │    ├─ HTTP/HTTPS → intercept → forward upstream           │
-│  │    ├─ WebSocket  → paxy/proto/ws.py                       │
-│  │    ├─ gRPC       → paxy/proto/grpc.py                     │
-│  │    └─ MQTT       → paxy/proto/mqtt.py                     │
+│  │    ├─ WebSocket  → pypproxy/proto/ws.py                       │
+│  │    ├─ gRPC       → pypproxy/proto/grpc.py                     │
+│  │    └─ MQTT       → pypproxy/proto/mqtt.py                     │
 │  └─ ignored hosts → raw TCP tunnel (passthrough)             │
 └─────────────┬────────────────────────┬───────────────────────┘
               │                        │
 ┌─────────────▼──────┐    ┌────────────▼──────────────────────┐
-│  paxy/cert/ca.py   │    │  paxy/interceptor/                 │
+│  pypproxy/cert/ca.py   │    │  pypproxy/interceptor/                 │
 │  CA + per-host TLS │    │  apply rules, record entries       │
 │  SSL Context cache │    └────────────┬───────────────────────┘
 │                    │                 │
-│  paxy/cert/        │    ┌────────────▼───────────────────────┐
-│  client_cert.py    │    │  paxy/store/store.py               │
+│  pypproxy/cert/        │    ┌────────────▼───────────────────────┐
+│  client_cert.py    │    │  pypproxy/store/store.py               │
 │  Mutual TLS certs  │    │  in-memory store + SQLite persist  │
 └────────────────────┘    │  asyncio pub/sub                   │
                           └────────────┬───────────────────────┘
@@ -33,7 +33,7 @@
           ┌────────────────────────────┼──────────────────────┐
           │                            │                      │
 ┌─────────▼──────────┐   ┌─────────────▼─────────┐  ┌────────▼──────────┐
-│  paxy/api/         │   │  paxy/ui/app.py        │  │  paxy/ui/cui.py   │
+│  pypproxy/api/         │   │  pypproxy/ui/app.py        │  │  pypproxy/ui/cui.py   │
 │  FastAPI REST API  │   │  NiceGUI 4-tab UI      │  │  rich terminal UI │
 │  + WebSocket /ws   │   │  Traffic/Resender/     │  │  (CUI mode)       │
 │  Bulk/Export APIs  │   │  Bulk/Diff             │  └───────────────────┘
@@ -44,34 +44,34 @@
 
 | Package | Responsibility |
 |---------|----------------|
-| `paxy/proxy` | asyncio TCP server; HTTP forwarding; TLS MITM for CONNECT; raw tunnel for ignored hosts |
-| `paxy/cert/ca` | CA certificate generation; per-host SSL Context cache |
-| `paxy/cert/client_cert` | Client certificate management for mutual TLS |
-| `paxy/interceptor` | Apply rules to requests and responses; record entries in the store |
-| `paxy/intercept` | Manual intercept manager; pause requests for user review |
-| `paxy/rule` | Rule evaluation engine; condition matching; priority ordering |
-| `paxy/store/store` | Thread-safe in-memory traffic store; asyncio pub/sub |
-| `paxy/store/db` | SQLite persistence via aiosqlite; load/save entries |
-| `paxy/store/filter_parser` | Filter expression parser (`host == x && method == POST`) |
-| `paxy/api` | FastAPI REST endpoints, WebSocket streaming, bulk/export APIs |
-| `paxy/ui/app` | NiceGUI 4-tab browser UI (Traffic, Resender, Bulk Sender, Diff) |
-| `paxy/ui/settings` | Settings page (rules, SSL passthrough, DNS, ports, client certs) |
-| `paxy/ui/detail` | Request/response detail panel with body view selector |
-| `paxy/ui/resender` | Resender tab — edit and re-send requests |
-| `paxy/ui/bulk_sender_ui` | Bulk Sender tab — parallel payload sending and race testing |
-| `paxy/ui/diff_view` | Diff tab — unified diff between two captured entries |
-| `paxy/ui/intercept_dialog` | Intercept dialog — pause, edit, forward or drop requests |
-| `paxy/ui/cui` | rich terminal UI (CUI mode) |
-| `paxy/proto/ws` | WebSocket frame relay and logging |
-| `paxy/proto/grpc` | gRPC length-prefix frame decoding |
-| `paxy/proto/mqtt` | MQTT frame decoding and detection |
-| `paxy/script` | Python script engine; `on_request` / `on_response` hooks |
-| `paxy/replay` | Async HTTP replay and parallel fuzzing via httpx |
-| `paxy/bulk` | Bulk sender and race condition test runner |
-| `paxy/dns` | Built-in DNS server with domain spoofing |
-| `paxy/exporter` | JSON/HAR export and rule import/export |
-| `paxy/codec` | Content-encoding decode (gzip/br/deflate); binary format decode (Protobuf/MessagePack/CBOR) |
-| `paxy/config` | YAML config loading |
+| `pypproxy/proxy` | asyncio TCP server; HTTP forwarding; TLS MITM for CONNECT; raw tunnel for ignored hosts |
+| `pypproxy/cert/ca` | CA certificate generation; per-host SSL Context cache |
+| `pypproxy/cert/client_cert` | Client certificate management for mutual TLS |
+| `pypproxy/interceptor` | Apply rules to requests and responses; record entries in the store |
+| `pypproxy/intercept` | Manual intercept manager; pause requests for user review |
+| `pypproxy/rule` | Rule evaluation engine; condition matching; priority ordering |
+| `pypproxy/store/store` | Thread-safe in-memory traffic store; asyncio pub/sub |
+| `pypproxy/store/db` | SQLite persistence via aiosqlite; load/save entries |
+| `pypproxy/store/filter_parser` | Filter expression parser (`host == x && method == POST`) |
+| `pypproxy/api` | FastAPI REST endpoints, WebSocket streaming, bulk/export APIs |
+| `pypproxy/ui/app` | NiceGUI 4-tab browser UI (Traffic, Resender, Bulk Sender, Diff) |
+| `pypproxy/ui/settings` | Settings page (rules, SSL passthrough, DNS, ports, client certs) |
+| `pypproxy/ui/detail` | Request/response detail panel with body view selector |
+| `pypproxy/ui/resender` | Resender tab — edit and re-send requests |
+| `pypproxy/ui/bulk_sender_ui` | Bulk Sender tab — parallel payload sending and race testing |
+| `pypproxy/ui/diff_view` | Diff tab — unified diff between two captured entries |
+| `pypproxy/ui/intercept_dialog` | Intercept dialog — pause, edit, forward or drop requests |
+| `pypproxy/ui/cui` | rich terminal UI (CUI mode) |
+| `pypproxy/proto/ws` | WebSocket frame relay and logging |
+| `pypproxy/proto/grpc` | gRPC length-prefix frame decoding |
+| `pypproxy/proto/mqtt` | MQTT frame decoding and detection |
+| `pypproxy/script` | Python script engine; `on_request` / `on_response` hooks |
+| `pypproxy/replay` | Async HTTP replay and parallel fuzzing via httpx |
+| `pypproxy/bulk` | Bulk sender and race condition test runner |
+| `pypproxy/dns` | Built-in DNS server with domain spoofing |
+| `pypproxy/exporter` | JSON/HAR export and rule import/export |
+| `pypproxy/codec` | Content-encoding decode (gzip/br/deflate); binary format decode (Protobuf/MessagePack/CBOR) |
+| `pypproxy/config` | YAML config loading |
 
 ## Key design decisions
 
@@ -82,11 +82,11 @@ This lets a single connection handle HTTP/1.1 keep-alive, CONNECT tunnels, WebSo
 
 ### TLS termination with `loop.start_tls()`
 
-After responding `200 Connection Established` to a CONNECT request, paxy calls `loop.start_tls()` to upgrade the existing asyncio transport to TLS server-side. Per-host certificates are cached as `ssl.SSLContext` objects.
+After responding `200 Connection Established` to a CONNECT request, pypproxy calls `loop.start_tls()` to upgrade the existing asyncio transport to TLS server-side. Per-host certificates are cached as `ssl.SSLContext` objects.
 
 ### SQLite persistence via aiosqlite
 
-All captured traffic is stored in memory for fast access. Writes to SQLite are fire-and-forget via `asyncio.run_coroutine_threadsafe`. On startup, `store.load_from_db()` restores prior sessions. The DB path defaults to `~/.paxy/paxy.db`.
+All captured traffic is stored in memory for fast access. Writes to SQLite are fire-and-forget via `asyncio.run_coroutine_threadsafe`. On startup, `store.load_from_db()` restores prior sessions. The DB path defaults to `~/.pypproxy/pypproxy.db`.
 
 ### Store pub/sub
 
@@ -98,11 +98,11 @@ All upstream requests use `httpx` with `http2=True`. httpx negotiates HTTP/2 via
 
 ### Filter expression engine
 
-The filter bar in the UI accepts a structured expression parsed by `paxy/store/filter_parser.py`. The parser tokenizes `field op value` conditions and evaluates them with AND/OR short-circuit logic against `Entry` objects in memory.
+The filter bar in the UI accepts a structured expression parsed by `pypproxy/store/filter_parser.py`. The parser tokenizes `field op value` conditions and evaluates them with AND/OR short-circuit logic against `Entry` objects in memory.
 
 ### Binary format detection
 
-`paxy/codec.py` implements `sniff_content_type()` which combines Content-Type inspection with a JSON parse attempt and a binary entropy heuristic to guess the best display mode. Protobuf decoding uses wire-type heuristics without requiring a `.proto` schema.
+`pypproxy/codec.py` implements `sniff_content_type()` which combines Content-Type inspection with a JSON parse attempt and a binary entropy heuristic to guess the best display mode. Protobuf decoding uses wire-type heuristics without requiring a `.proto` schema.
 
 ### GUI / CUI startup
 

{pypproxy-0.1.0 → pypproxy-0.3.0}/docs/configuration.md

@@ -5,7 +5,7 @@ paxy can be configured via CLI flags or a YAML file. CLI flags take precedence o
 ## YAML config file
 
 ```bash
-uv run python main.py --config paxy.yaml
+uv run python main.py --config pypproxy.yaml
 ```
 
 ### Full example

{pypproxy-0.1.0 → pypproxy-0.3.0}/docs/getting-started.md

@@ -9,7 +9,7 @@
 
 ```bash
 git clone https://github.com/ykus4/pypproxy
-cd paxy
+cd pypproxy
 uv sync
 ```
 

{pypproxy-0.1.0 → pypproxy-0.3.0}/docs/index.md

@@ -2,7 +2,7 @@
 layout: home
 
 hero:
-  name: paxy
+  name: pypproxy
   text: MITM Proxy
   tagline: Intercept, inspect, and modify HTTP/HTTPS traffic from browsers and mobile apps. Written in Python.
   actions:

{pypproxy-0.1.0 → pypproxy-0.3.0}/docs/protocols.md

@@ -21,7 +21,7 @@ Open the **GraphQL** tab or right-click a GraphQL entry → **Open in GraphQL ta
 
 **Schema Introspection**
 
-Enter the endpoint URL and click **Introspect**. paxy sends a full `__schema` introspection query and displays the type tree. The schema is cached per-host and available for query completion.
+Enter the endpoint URL and click **Introspect**. pypproxy sends a full `__schema` introspection query and displays the type tree. The schema is cached per-host and available for query completion.
 
 **Query Editor**
 
@@ -44,7 +44,7 @@ Shows the operation type (query/mutation/subscription), operation name, and top-
 ### Modifier utilities (`paxy.graphql.modifier`)
 
 ```python
-from paxy.graphql.modifier import set_variable, build_query, build_mutation
+from pypproxy.graphql.modifier import set_variable, build_query, build_mutation
 
 # Replace a variable in a captured request body
 new_body = set_variable(entry.req_body, "userId", "456")
@@ -65,8 +65,8 @@ WebSocket connections are detected automatically and intercepted as part of the
 ### How it works
 
 1. The client sends a CONNECT request to the proxy.
-2. paxy terminates TLS (same as HTTPS MITM).
-3. When paxy sees `Upgrade: websocket` in the decrypted stream, it switches to WebSocket relay mode.
+2. pypproxy terminates TLS (same as HTTPS MITM).
+3. When pypproxy sees `Upgrade: websocket` in the decrypted stream, it switches to WebSocket relay mode.
 4. Frames are relayed between client and server while being logged.
 
 ### Frame intercept
@@ -106,7 +106,7 @@ All upstream requests use `httpx` with HTTP/2 support enabled. Connections negot
 
 ## Certificate pinning
 
-Add pinned hosts to the `ignore` list in config or the **SSL Passthrough** settings tab. paxy tunnels those hosts without TLS interception.
+Add pinned hosts to the `ignore` list in config or the **SSL Passthrough** settings tab. pypproxy tunnels those hosts without TLS interception.
 
 ```yaml
 proxy:

{pypproxy-0.1.0 → pypproxy-0.3.0}/docs/scripting.md

@@ -17,7 +17,7 @@ script:
 
 ## Hook functions
 
-Define any of these functions in your script. paxy calls them automatically.
+Define any of these functions in your script. pypproxy calls them automatically.
 
 ### `on_request(method, host, path, body)`
 
@@ -90,7 +90,7 @@ def on_response(status: int, body: bytes) -> bytes:
 
 ## Notes
 
-- The script is loaded once at startup. Restart paxy to pick up changes.
+- The script is loaded once at startup. Restart pypproxy to pick up changes.
 - Both hooks may be called concurrently from multiple requests. Protect shared state with a lock if needed.
-- Use `sys.stderr` for logging to avoid mixing output with paxy's own logs.
+- Use `sys.stderr` for logging to avoid mixing output with pypproxy's own logs.
 - The full Python standard library and any packages in the project's virtualenv are available.

{pypproxy-0.1.0 → pypproxy-0.3.0}/docs/web-ui.md

@@ -2,14 +2,14 @@
 
 ## GUI Mode
 
-Start paxy in GUI mode (the default) and open `http://localhost:8081`.
+Start pypproxy in GUI mode (the default) and open `http://localhost:8081`.
 The UI is built with [NiceGUI](https://nicegui.io/) and runs in the same Python process as the proxy.
 
 ## Layout
 
 ```
 ┌──────────────────────────────────────────────────────────────┐
-│  toolbar: paxy ● | Filter expression | Intercept | Clear | ⚙ │
+│  toolbar: pypproxy ● | Filter expression | Intercept | Clear | ⚙ │
 ├─────────────────────────────────────────────────────────────-┤
 │  Traffic | Resender | Bulk Sender | Diff                      │
 ├──────────────────────────┬───────────────────────────────────┤

pypproxy-0.3.0/pypproxy/ab_test/runner.py

@@ -0,0 +1,136 @@
+from __future__ import annotations
+
+import json
+import time
+from dataclasses import dataclass
+
+import httpx
+
+from pypproxy.store.models import Entry
+
+
+@dataclass
+class ABResult:
+    endpoint_a: str
+    endpoint_b: str
+    method: str
+    status_a: int
+    status_b: int
+    body_a: bytes
+    body_b: bytes
+    duration_a_ms: int
+    duration_b_ms: int
+    error_a: str = ""
+    error_b: str = ""
+
+    @property
+    def status_diff(self) -> bool:
+        return self.status_a != self.status_b
+
+    @property
+    def body_diff(self) -> bool:
+        return self.body_a != self.body_b
+
+    def to_dict(self) -> dict:
+        import base64
+
+        return {
+            "endpoint_a": self.endpoint_a,
+            "endpoint_b": self.endpoint_b,
+            "method": self.method,
+            "status_a": self.status_a,
+            "status_b": self.status_b,
+            "body_a": base64.b64encode(self.body_a).decode() if self.body_a else "",
+            "body_b": base64.b64encode(self.body_b).decode() if self.body_b else "",
+            "duration_a_ms": self.duration_a_ms,
+            "duration_b_ms": self.duration_b_ms,
+            "error_a": self.error_a,
+            "error_b": self.error_b,
+            "status_diff": self.status_diff,
+            "body_diff": self.body_diff,
+        }
+
+    def diff_summary(self) -> str:
+        lines: list[str] = []
+        if self.status_diff:
+            lines.append(f"Status: A={self.status_a} B={self.status_b}")
+        else:
+            lines.append(f"Status: both {self.status_a}")
+        if self.body_diff:
+            lines.append(f"Body differs ({len(self.body_a):,} B vs {len(self.body_b):,} B)")
+            # Try JSON diff summary
+            try:
+                da = json.loads(self.body_a)
+                db = json.loads(self.body_b)
+                if isinstance(da, dict) and isinstance(db, dict):
+                    added = set(db) - set(da)
+                    removed = set(da) - set(db)
+                    changed = {k for k in da if k in db and da[k] != db[k]}
+                    if added:
+                        lines.append(f"  + fields added: {', '.join(sorted(added)[:5])}")
+                    if removed:
+                        lines.append(f"  - fields removed: {', '.join(sorted(removed)[:5])}")
+                    if changed:
+                        lines.append(f"  ~ fields changed: {', '.join(sorted(changed)[:5])}")
+            except Exception:
+                pass
+        else:
+            lines.append("Body: identical")
+        lines.append(f"Latency: A={self.duration_a_ms}ms B={self.duration_b_ms}ms")
+        return "\n".join(lines)
+
+
+async def run_ab_test(
+    entry: Entry,
+    override_host_b: str,
+    override_scheme_b: str = "",
+    timeout: int = 30,
+) -> ABResult:
+    """Send the same request to two different hosts and compare responses."""
+    scheme = entry.scheme
+    path = entry.path
+    query = entry.query
+    headers = {
+        k: ", ".join(v)
+        for k, v in entry.req_headers.items()
+        if k.lower() not in ("host", "content-length", "connection")
+    }
+    body = entry.req_body
+
+    url_a = f"{scheme}://{entry.host}{path}" + (f"?{query}" if query else "")
+    scheme_b = override_scheme_b or scheme
+    url_b = f"{scheme_b}://{override_host_b}{path}" + (f"?{query}" if query else "")
+
+    status_a = status_b = 0
+    body_a = body_b = b""
+    dur_a = dur_b = 0
+    err_a = err_b = ""
+
+    async def _fetch(url: str) -> tuple[int, bytes, int, str]:
+        start = time.monotonic()
+        try:
+            h = dict(headers)
+            h["host"] = url.split("/")[2].split(":")[0]
+            async with httpx.AsyncClient(verify=False, timeout=timeout, http2=True) as client:
+                resp = await client.request(method=entry.method, url=url, headers=h, content=body)
+            return resp.status_code, resp.content, int((time.monotonic() - start) * 1000), ""
+        except Exception as e:
+            return 0, b"", int((time.monotonic() - start) * 1000), str(e)
+
+    (status_a, body_a, dur_a, err_a), (status_b, body_b, dur_b, err_b) = await __import__(
+        "asyncio"
+    ).gather(_fetch(url_a), _fetch(url_b))
+
+    return ABResult(
+        endpoint_a=url_a,
+        endpoint_b=url_b,
+        method=entry.method,
+        status_a=status_a,
+        status_b=status_b,
+        body_a=body_a,
+        body_b=body_b,
+        duration_a_ms=dur_a,
+        duration_b_ms=dur_b,
+        error_a=err_a,
+        error_b=err_b,
+    )

pypproxy-0.3.0/pypproxy/analytics/stats.py

@@ -0,0 +1,225 @@
+from __future__ import annotations
+
+from collections import Counter, defaultdict
+from dataclasses import dataclass
+from typing import Any
+
+from pypproxy.store.models import Entry, Filter
+from pypproxy.store.store import Store
+
+
+@dataclass
+class HostStats:
+    host: str
+    count: int
+    methods: dict[str, int]
+    status_codes: dict[int, int]
+    avg_duration_ms: float
+    max_duration_ms: int
+    error_rate: float  # 4xx+5xx / total
+    protocols: dict[str, int]
+
+
+@dataclass
+class EndpointStats:
+    method: str
+    path: str
+    count: int
+    avg_duration_ms: float
+    status_codes: dict[int, int]
+    error_rate: float
+
+
+@dataclass
+class TrafficSummary:
+    total: int
+    hosts: list[HostStats]
+    top_endpoints: list[EndpointStats]
+    status_distribution: dict[str, int]  # "2xx", "3xx", "4xx", "5xx"
+    method_distribution: dict[str, int]
+    protocol_distribution: dict[str, int]
+    avg_duration_ms: float
+    p95_duration_ms: int
+    p99_duration_ms: int
+    errors: list[dict]  # top 5xx/4xx entries
+
+    def to_dict(self) -> dict[str, Any]:
+        return {
+            "total": self.total,
+            "hosts": [
+                {
+                    "host": h.host,
+                    "count": h.count,
+                    "methods": h.methods,
+                    "status_codes": {str(k): v for k, v in h.status_codes.items()},
+                    "avg_duration_ms": round(h.avg_duration_ms, 1),
+                    "max_duration_ms": h.max_duration_ms,
+                    "error_rate": round(h.error_rate, 3),
+                    "protocols": h.protocols,
+                }
+                for h in self.hosts
+            ],
+            "top_endpoints": [
+                {
+                    "method": e.method,
+                    "path": e.path,
+                    "count": e.count,
+                    "avg_duration_ms": round(e.avg_duration_ms, 1),
+                    "status_codes": {str(k): v for k, v in e.status_codes.items()},
+                    "error_rate": round(e.error_rate, 3),
+                }
+                for e in self.top_endpoints
+            ],
+            "status_distribution": self.status_distribution,
+            "method_distribution": self.method_distribution,
+            "protocol_distribution": self.protocol_distribution,
+            "avg_duration_ms": round(self.avg_duration_ms, 1),
+            "p95_duration_ms": self.p95_duration_ms,
+            "p99_duration_ms": self.p99_duration_ms,
+            "errors": self.errors,
+        }
+
+
+def compute(store: Store, f: Filter | None = None) -> TrafficSummary:
+    entries, _ = store.list(f or Filter(), 0, 0)
+    return compute_from_entries(entries)
+
+
+def compute_from_entries(entries: list[Entry]) -> TrafficSummary:
+    if not entries:
+        return TrafficSummary(
+            total=0,
+            hosts=[],
+            top_endpoints=[],
+            status_distribution={},
+            method_distribution={},
+            protocol_distribution={},
+            avg_duration_ms=0,
+            p95_duration_ms=0,
+            p99_duration_ms=0,
+            errors=[],
+        )
+
+    # Per-host aggregation
+    host_data: dict[str, dict] = defaultdict(
+        lambda: {
+            "count": 0,
+            "methods": Counter(),
+            "status_codes": Counter(),
+            "durations": [],
+            "protocols": Counter(),
+        }
+    )
+    endpoint_data: dict[tuple[str, str], dict] = defaultdict(
+        lambda: {
+            "count": 0,
+            "durations": [],
+            "status_codes": Counter(),
+        }
+    )
+    status_dist: Counter = Counter()
+    method_dist: Counter = Counter()
+    proto_dist: Counter = Counter()
+    all_durations: list[int] = []
+    error_entries: list[Entry] = []
+
+    for e in entries:
+        h = host_data[e.host]
+        h["count"] += 1
+        h["methods"][e.method] += 1
+        if e.status_code:
+            h["status_codes"][e.status_code] += 1
+        if e.duration_ms:
+            h["durations"].append(e.duration_ms)
+            all_durations.append(e.duration_ms)
+        h["protocols"][e.protocol] += 1
+
+        ep_key = (e.method, e.path)
+        ep = endpoint_data[ep_key]
+        ep["count"] += 1
+        if e.duration_ms:
+            ep["durations"].append(e.duration_ms)
+        if e.status_code:
+            ep["status_codes"][e.status_code] += 1
+
+        if e.status_code:
+            bucket = f"{e.status_code // 100}xx"
+            status_dist[bucket] += 1
+            if e.status_code >= 400:
+                error_entries.append(e)
+
+        method_dist[e.method] += 1
+        proto_dist[e.protocol] += 1
+
+    # Build host stats
+    hosts = []
+    for host, d in sorted(host_data.items(), key=lambda x: -x[1]["count"])[:20]:
+        total_h = d["count"]
+        errors_h = sum(v for k, v in d["status_codes"].items() if k >= 400)
+        durations = d["durations"]
+        hosts.append(
+            HostStats(
+                host=host,
+                count=total_h,
+                methods=dict(d["methods"]),
+                status_codes=dict(d["status_codes"]),
+                avg_duration_ms=sum(durations) / len(durations) if durations else 0,
+                max_duration_ms=max(durations) if durations else 0,
+                error_rate=errors_h / total_h if total_h else 0,
+                protocols=dict(d["protocols"]),
+            )
+        )
+
+    # Build endpoint stats
+    endpoints = []
+    for (method, path), d in sorted(endpoint_data.items(), key=lambda x: -x[1]["count"])[:20]:
+        total_ep = d["count"]
+        errors_ep = sum(v for k, v in d["status_codes"].items() if k >= 400)
+        durations = d["durations"]
+        endpoints.append(
+            EndpointStats(
+                method=method,
+                path=path,
+                count=total_ep,
+                avg_duration_ms=sum(durations) / len(durations) if durations else 0,
+                status_codes=dict(d["status_codes"]),
+                error_rate=errors_ep / total_ep if total_ep else 0,
+            )
+        )
+
+    # Percentiles
+    sorted_dur = sorted(all_durations)
+    n = len(sorted_dur)
+    p95 = sorted_dur[int(n * 0.95)] if n > 0 else 0
+    p99 = sorted_dur[int(n * 0.99)] if n > 0 else 0
+    avg = sum(all_durations) / n if n > 0 else 0
+
+    # Top errors
+    errors = sorted(
+        [
+            {
+                "id": e.id,
+                "method": e.method,
+                "host": e.host,
+                "path": e.path,
+                "status": e.status_code,
+            }
+            for e in error_entries
+            if e.status_code >= 500
+        ],
+        key=lambda x: x["status"],
+        reverse=True,
+    )[:10]
+
+    return TrafficSummary(
+        total=len(entries),
+        hosts=hosts,
+        top_endpoints=endpoints,
+        status_distribution=dict(status_dist),
+        method_distribution=dict(method_dist),
+        protocol_distribution=dict(proto_dist),
+        avg_duration_ms=avg,
+        p95_duration_ms=p95,
+        p99_duration_ms=p99,
+        errors=errors,
+    )