npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@openthomas/thomas

v0.2.0

Published

Open-source flight recorder for AI agents — the orchestrator's instrument panel.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

thomaslwangthomaslwang

Keywords

Readme

Thomas

Get Thomas on the wire.

The orchestrator's instrument panel for AI agents.

The 2026 founder's job is to orchestrate agents — Claude Code shipping code, Claude Cowork running ops, Hermes answering support, a dozen agents working in parallel while you sleep. You cannot orchestrate what you cannot see.

Thomas is the local-first flight recorder. Every model call, every tool call, every MCP message, every file change, every dollar — all captured on your own machine, decoded into an execution graph you can actually read. The paid tiers add the control plane on top: block risky actions, set budgets, route models, govern across a team.

Quick start

npm install -g @openthomas/thomas

thomas wire                  # detect agents, install taps, start daemon
# …run your agent as usual…
thomas                       # open the UI at http://localhost:9877

thomas wire is byte-exact reversible: thomas unwire restores every file it touched. No accounts, no telemetry, no cloud — your traces stay on your machine. Read PRIVACY.md for the precise list of every file Thomas writes and the only place it sends data (forwarding your own agent's traffic to the model provider your agent already calls — and nowhere else).

How Thomas fits the founder journey

Anthropic's Founder's Playbook names four stages every AI-native startup moves through. AI compresses each — and introduces new failure modes the playbook explicitly warns about. Thomas is the instrument set that lets the orchestrator see and control what AI is doing on their behalf, at every stage.

| Stage | Where you are | Thomas (free) gives | Natural upgrade | |---|---|---|---| | Idea | Ten hypotheses, ten Claude bills running in parallel | Cost X-ray per agent, per project, per day | Personal: budget caps so rabbit holes can't drain credits | | MVP | Agentic coding, unattended runs. "Code that works is not code that is secure." — playbook | Full action trace, risk flags (destructive shell, secret leak, retry storm), mock replay | Personal: approval gates, budget caps, model routing | | Launch | Real users on the line. The playbook prescribes "the observability layer that makes SLAs actually enforceable." | Audit trail per run, shareable post-mortem reports | Personal: live blocking + alerts. Solo: multi-project workspaces, CI replay, eval suites built from real production traces | | Scale | First hires, multiple machines, enterprise procurement asking for proof you are "a dependable infrastructure partner." | (free keeps recording) | Team: RBAC, SSO, shared policies, fleet management, audit log for compliance |

Same job, new instruments. The playbook closes with "Same job, new rules" — the founder's work hasn't changed, only the path. Thomas is one of the instruments that makes the new path navigable.

Thomas (free) → Thomas Personal / Solo / Team

The free package — Thomas — is the see layer. Capture, decode, timeline, cost X-ray, risk flags, mock replay, shareable reports. MIT licensed, fully local, complete on its own.

The paid tiers — Personal / Solo / Team — are the control layer that builds on the same daemon: act on what you saw, set budgets, route models, sync across machines, govern across team members.

| | Thomas (free) | Personal | Solo | Team | |---|---|---|---|---| | Local capture, decode, timeline | ✅ | ✅ | ✅ | ✅ | | Cost X-ray, risk flags (read-only) | ✅ | ✅ | ✅ | ✅ | | Shareable reports, mock replay | ✅ | ✅ | ✅ | ✅ | | Active blocking & policy | — | ✅ | ✅ | ✅ | | Approval gates (live YES/NO on risky actions) | — | ✅ | ✅ | ✅ | | Budget caps & model routing | — | ✅ | ✅ | ✅ | | Encrypted cloud sync across your machines | — | ✅ | ✅ | ✅ | | Multi-project workspaces | — | — | ✅ | ✅ | | CI replay (live, deterministic) | — | — | ✅ | ✅ | | Eval suites built from your real traces | — | — | ✅ | ✅ | | RBAC, SSO, shared policies | — | — | — | ✅ | | Fleet management & audit log | — | — | — | ✅ |

Paid features ship in the same binary, gated by a cloud-issued license token — no plugins to install, no separate CLI to learn. The free package never calls cloud, never phones home, and is a complete flight recorder forever.

Today (v0.1): free only. Personal launches in v0.4; Solo and Team follow.

What you'll see

$ thomas list
ID            STARTED              AGENT        STATUS  DUR     ACT  COST     IN/OUT  CACHE R/W
────────────  ───────────────────  ───────────  ──────  ──────  ───  ───────  ──────  ─────────
ru_aBc1xYz9   2026-05-16 14:23:11  claude-code  done    1.4s    1    $0.0024  120/45  0/0
ru_fOj6Ce1H   2026-05-16 14:22:18  hermes       done    7.8s    1    $0.97    1/396   565K/5K
$ thomas tail
14:42:49  claude-code   mcp_call    → filesystem  tools/list
14:42:49  claude-code   mcp_call    ← filesystem  tools/list
14:43:21  claude-code   model_call  claude-opus-4-7  200  6/8  $0.0007
!  14:44:02  hermes        model_call  Xiangxin-2XL-Chat  200  1/1547  $1.367

What it captures

  • Model calls — Anthropic, OpenAI, Gemini, OpenRouter, vLLM, and any OpenAI-compatible endpoint. Streaming and non-streaming. Full prompt / response / tool_use blocks.
  • MCP messages — JSON-RPC over stdio. Per-frame capture (request / response / notification) with method, params, result, error.
  • Tool calls — tool_use blocks (bash, file edit, web fetch, …) inline with the model response that produced them.
  • Cost / tokens / latency — including cache_read / cache_write attribution. See exactly when a prompt cache charged you.
  • Risk signals — destructive shell (rm -rf, curl | sh), possible secret leak (keys, tokens, bearer creds), cost spikes, retry storms. Read-only labels in the trace. You decide what to do.

Why not Langfuse / Helicone / LangSmith?

Those tools watch model calls. Thomas watches agent runtimes — the full execution graph including tool calls, MCP, file ops, and inter-agent traffic.

If you've ever asked what did my agent actually do?, that's the gap.

Supported agents

| Agent | Auto-wire | Notes | |---|---|---| | Claude Code | ✅ | via ~/.claude/settings.json env block + MCP wrap | | OpenClaw | ✅ | restarts the launchd daemon on wire | | Hermes | ✅ | paste /model <name> --global to apply live | | OpenCode | ✅ | | | Codex | ⓘ manual | | | Cursor | ⓘ manual | | | Gemini CLI | ⓘ manual | |

Custom agent? Point its base URL at http://localhost:9877/wire/<your-name>/<provider> and Thomas will record everything.

Architecture

Thomas runs as a single always-on Node.js daemon, installed via launchd on macOS or systemd on Linux. Four layers: capture (HTTP reverse proxy + MCP stdio tap) → decode (Anthropic SSE, OpenAI chat, MCP JSON-RPC per-protocol decoders) → store (local SQLite) → present (Hono REST + SSE + React UI on localhost:9877). All data stays on disk under ~/.thomas/. Source: github.com/openthomas-com/thomas.

Status

v0.1. Solo-built and used daily by the author. Tested against real Claude Code / OpenClaw / Hermes traffic. Bug reports and PRs welcome.

License

MIT.