npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

traceglass

v0.2.0

Published

Flight recorder & tamper-evident audit dashboard for autonomous agents

Readme

traceglass

A flight recorder for AI agents. Tamper-evident, replayable audit for autonomous agents — built for teams that have to prove what their agents did.

npx traceglass demo

That boots a local dashboard on a bundled sample run — a collections agent stuck in a tool loop — in about ten seconds, no input file required. Scrub it step by step: every tool call, every token, every rupee, and exactly what data the agent read or mutated — with a cryptographic guarantee that the record hasn't been altered since it was captured. Point it at your own trace with npx traceglass open ./trace.json.


Why this exists

Autonomous agents are moving into regulated work — lending, collections, underwriting, healthcare, claims. When an agent declines a loan, duns the wrong account, or burns ₹14 of compute in a stuck loop, someone has to answer for it: a regulator, an auditor, an incident review, a customer.

A pile of JSON logs is not an answer. You need to replay what happened, show what data was touched, and prove the record is the one that was captured — not something edited after the fact.

traceglass turns an agent trace into that record:

  • Replayable — step through the run on a timeline; watch cost and tokens climb; jump straight to the loop or the error.
  • Tamper-evident — every step is hash-chained (SHA-256, each step over the previous). Change one field in storage and the dashboard turns red and names the first broken step.
  • Compliance-first — each step surfaces the data it read or mutated, so "what did the agent see and change?" is answerable at a glance.
  • Cost- and loop-aware — automatic detection of stuck tool loops and steps that cost far more than the run's norm.

Local-first — your data never leaves your machine

This is a hard guarantee, not a setting:

  • No network egress. traceglass makes zero outbound network calls. No telemetry, no analytics, no phone-home.
  • No account, no cloud, no API key. Nothing to sign up for.
  • The dashboard binds to 127.0.0.1 on an ephemeral port — it is not reachable from your network.
  • Your traces stay on disk in a local append-only SQLite store (~/.traceglass). The bundled UI ships its own assets — no CDN fonts or scripts.

If your agent runs on sensitive financial or health data, that data can be loaded, replayed, and audited without a single byte going anywhere.

Quick start

# Kick the tires on a bundled sample run — no input needed
npx traceglass demo

# Replay your own trace (ingests it, then opens the dashboard on 127.0.0.1)
npx traceglass open ./trace.json

# Verify a stored run's integrity from the terminal (exit 1 if tampered)
npx traceglass verify <runId>

# Write a standalone, portable HTML audit report
npx traceglass report <runId> -o audit.html

# List everything you've ingested
npx traceglass list

The open command always prints the dashboard URL, so it works over SSH or in environments where a browser can't be launched automatically.

Input formats

traceglass ingests two formats and auto-detects which you gave it:

  1. OpenTelemetry OTLP/JSON traces — using gen_ai.* semantic conventions plus traceglass.* attributes for run/step metadata.
  2. Native traceglass JSON — a compact { id, name, steps[] } shape.

See fixtures/ for runnable examples of both, including a clean underwriting run and a collections agent stuck in a tool loop.

How tamper-evidence works

Each step's hash is SHA-256(canonical(step) + prevHash), where canonical is a stable, sorted-key serialization of the step's content. The run's anchor hash is the final step's hash. Re-hash the chain and compare: if any stored step was altered, its hash no longer matches and verification points at the first broken step. The store itself is append-only — there is no update path through the application.

Run status (did the agent succeed or fail?) and integrity (is the record authentic?) are deliberately shown as separate axes: a failed run with an intact chain is a faithfully recorded failure; a tampered record is a different problem entirely.

Development

This is an npm-workspaces monorepo (Node ≥20, TypeScript, ESM):

  • @traceglass/core — model (Zod), ingest (OTel + native), analysis (loops, cost), integrity (hash chain), append-only store, HTML report.
  • traceglass (packages/cli) — Fastify server + commander binary.
  • @traceglass/web — React + Vite dashboard (bundled into the CLI on build).
npm install
npm run build
npm test          # 46 tests across ingest, analysis, integrity, store, report, server, web

License

MIT — see LICENSE.