Skip to content

Releases: thevibeworks/cctrace

v0.2.0

Choose a tag to compare

@lroolle lroolle released this 07 Jul 04:59

What's new

Theme toggle

The web UI now supports system / light / dark themes. Defaults to your OS preference; click the toggle button in the header to override. Persisted in localStorage, works in both live and snapshot views.

GitHub link in UI

Quick-access link to the repo in the header bar.

Brand icon

A "cc" monogram threaded by the dot→ring trace line — in both READMEs, the web UI header, and the browser favicon. Theme-aware across all contexts.

npm release

Install directly:

bun add -g @thevibeworks/cctrace
# or run without installing:
bunx @thevibeworks/cctrace

Mermaid architecture diagram

The "How it works" section now renders as a proper flowchart on GitHub (replaces the ASCII sketch).


Full changelog: v0.1.1...v0.2.0

v0.1.1 — body/URL redaction (security fix)

Choose a tag to compare

@lroolle lroolle released this 06 Jul 09:58

Security fix

Header-only redaction could persist a live OAuth token. Claude Code refreshes its credential ~hourly against a host cctrace intercepts, and the refresh_token/access_token ride in the response body (auth codes in the URL), not the header — so a trace that crossed a refresh wrote a live token into the .html the UI invites you to share.

v0.1.1 redacts bodies and URLs too, at a single choke point (src/redact.ts) across all capture modes (mitm / base-url / node), so the .jsonl, the shareable .html, and the live WebSocket all get redacted data.

If you ran v0.1.0 and shared any trace, re-authenticate Claude Code (/login) to rotate the token.

Also in this release

  • Drop SSL_CERT_FILE / HTTP_PROXY from Claude's env — they leaked into its subprocesses (curl/python/MCP) and broke their networking. NODE_EXTRA_CA_CERTS alone suffices (verified against the real 2.1.201 binary).
  • Record empty-body responses (204/304, 3xx redirects) instead of dropping them.
  • 0600 perms on the MITM CA/leaf keys.
  • Cross-platform browser open; --mode now errors on typos.
  • Bilingual README (English + 简体中文), positioning table, branded preview asset.
  • SECURITY.md, CONTRIBUTING.md, CI (bun test), issue/PR templates.

Full notes in CHANGELOG.md.

v0.1.0

Choose a tag to compare

@lroolle lroolle released this 06 Jul 08:22

First release. TLS-intercepting HTTP tracer for Claude Code's native binary.

What it does

Runs Claude Code normally while capturing every API call — /v1/messages, OAuth, usage/credits, MCP registry, telemetry — and streams them to a live, categorized web UI.

Highlights

  • MITM proxy (default) — zero-config TLS interception via HTTPS_PROXY + an auto-generated CA. Captures everything, including OAuth/usage endpoints that bypass ANTHROPIC_BASE_URL.
  • Three capture modes behind one abstraction: mitm, base-url (lightweight), node (legacy npm installs).
  • Categorized web UI — filter chips (Messages, Usage/Credits, OAuth, MCP, Bootstrap, Telemetry), SSE decoding, offline HTML snapshots.
  • Response streams are tee'd — Claude gets bytes with no buffering. Live server auto-picks a free port if the default is busy.

Requirements

Bun, openssl, and Claude Code.

git clone https://github.com/thevibeworks/cctrace && cd cctrace
bun install && bun link
cctrace