Releases: thevibeworks/cctrace
Release list
v0.2.0
What's new
Theme toggle
The web UI now supports system / light / dark themes. Defaults to your OS preference; click the toggle button in the header to override. Persisted in localStorage, works in both live and snapshot views.
GitHub link in UI
Quick-access link to the repo in the header bar.
Brand icon
A "cc" monogram threaded by the dot→ring trace line — in both READMEs, the web UI header, and the browser favicon. Theme-aware across all contexts.
npm release
Install directly:
bun add -g @thevibeworks/cctrace
# or run without installing:
bunx @thevibeworks/cctraceMermaid architecture diagram
The "How it works" section now renders as a proper flowchart on GitHub (replaces the ASCII sketch).
Full changelog: v0.1.1...v0.2.0
v0.1.1 — body/URL redaction (security fix)
Security fix
Header-only redaction could persist a live OAuth token. Claude Code refreshes its credential ~hourly against a host cctrace intercepts, and the refresh_token/access_token ride in the response body (auth codes in the URL), not the header — so a trace that crossed a refresh wrote a live token into the .html the UI invites you to share.
v0.1.1 redacts bodies and URLs too, at a single choke point (src/redact.ts) across all capture modes (mitm / base-url / node), so the .jsonl, the shareable .html, and the live WebSocket all get redacted data.
If you ran v0.1.0 and shared any trace, re-authenticate Claude Code (
/login) to rotate the token.
Also in this release
- Drop
SSL_CERT_FILE/HTTP_PROXYfrom Claude's env — they leaked into its subprocesses (curl/python/MCP) and broke their networking.NODE_EXTRA_CA_CERTSalone suffices (verified against the real 2.1.201 binary). - Record empty-body responses (204/304, 3xx redirects) instead of dropping them.
0600perms on the MITM CA/leaf keys.- Cross-platform browser open;
--modenow errors on typos. - Bilingual README (English + 简体中文), positioning table, branded preview asset.
SECURITY.md,CONTRIBUTING.md, CI (bun test), issue/PR templates.
Full notes in CHANGELOG.md.
v0.1.0
First release. TLS-intercepting HTTP tracer for Claude Code's native binary.
What it does
Runs Claude Code normally while capturing every API call — /v1/messages, OAuth, usage/credits, MCP registry, telemetry — and streams them to a live, categorized web UI.
Highlights
- MITM proxy (default) — zero-config TLS interception via
HTTPS_PROXY+ an auto-generated CA. Captures everything, including OAuth/usage endpoints that bypassANTHROPIC_BASE_URL. - Three capture modes behind one abstraction:
mitm,base-url(lightweight),node(legacy npm installs). - Categorized web UI — filter chips (Messages, Usage/Credits, OAuth, MCP, Bootstrap, Telemetry), SSE decoding, offline HTML snapshots.
- Response streams are
tee'd — Claude gets bytes with no buffering. Live server auto-picks a free port if the default is busy.
Requirements
Bun, openssl, and Claude Code.
git clone https://github.com/thevibeworks/cctrace && cd cctrace
bun install && bun link
cctrace