There are two capture surfaces. With PKAP/Live Network Capture, Heron can only parse the full LLM payload where the traffic is already plaintext, for example behind a TLS terminator, on an inference host, in local/dev traffic, or after termination from a trusted packet source. If Heron has encrypted TLS packets on the wire, it can still see transport-level signals such as endpoint, time, size, retry, and flow size, but not signal, response, or tool payload.
The EBPF path is different: on Linux, Heron can bind to a host-side TLS library boundary, for example `SSL_read` / `SSL_write`, where the process already sees the plaintext before encryption or after decryption. This enables payload reconstruction and process attribution (‘pid’, commands, executables) without proxy, but only for processes/containers/runtimes on hosts you are authorized to device and the TLS stack Heron supports.
What remains inaccessible: traffic from hosts we’re not running on, isolated processes beyond our permissions, payloads that never exceed observed limits, unsupported TLS/protocol paths, and data that the provider never returns to the client. So the design is passive and no-proxy, but it’s not magical remote TLS breaking.
<a href