Two OSS products on one rrweb-based substrate. Both ship as npm packages today.
| Product | One line | Install |
|---|---|---|
| tracelane | The recorder for your WebdriverIO and Playwright tests — Cypress on the roadmap. Self-contained HTML for every run — replay failures, audit successes, attach to any bug tracker. No SaaS, no dashboard, no signup. | npx @tracelane/cli init |
| peek | Your real browser, exposed to your AI coding agent over MCP — the agent reads recorded sessions and, with your explicit consent, drives the live page. Never leaves your machine. | npm install -g @peekdev/cli && npx peek init |
Above: npx @tracelane/cli init in a real WebdriverIO project — detect runner, install, edit wdio.conf.ts, ignore reports dir.
Above: peek sessions list then peek sessions show ... --format markdown — a recorded browser session as queryable structured output, AI-ready.
| Package | Status | What it does |
|---|---|---|
@tracelane/wdio |
alpha | WebdriverIO Service — capture + write HTML report |
@tracelane/playwright |
alpha | Playwright Reporter + auto-fixture — capture + write HTML report |
@tracelane/cypress |
planned | JSON-output adapter (no Test Replay overlap) |
@tracelane/core |
alpha | Framework-agnostic capture engine — depended on by the adapters |
@tracelane/report |
alpha | Self-contained HTML report builder |
Docs: tracelane.cubenest.in (source under apps/tracelane-docs/). The tracelane-wdio README is the right starting point.
| Package | Status | What it does |
|---|---|---|
@peekdev/cli |
alpha | peek init installer + peek sessions query / export |
@peekdev/mcp |
alpha | stdio MCP server — exposes captured sessions, plus consent-gated live read + act tools, to Claude Code, Cursor, Cline, Windsurf |
peek-extension |
alpha · on the Chrome Web Store | Chrome MV3 extension — the real browser, recorded |
Docs: peek.cubenest.in (source under apps/peek-docs/).
peek requires Node.js ≥ 22. Its native
better-sqlite3dependency only ships prebuilt binaries for Node 22+; on older Node (notably Windows, which has no C/C++ toolchain by default) the install falls back to compiling from source and fails.
@cubenest/rrweb-core — vendored PostHog rrweb fork, PII masking primitives, large-DOM throttling, screenshot fallback, network/console capture abstractions, compression helpers. Used by both products. The fork is pinned by SHA + the substrate's NOTICE attributes both PostHog's plugin lineage and the upstream rrweb roots.
Same recording engine, same trust model, two different consumer surfaces:
- tracelane ships test-time captures into a self-contained HTML artifact your team and AI agents can read offline.
- peek ships live-browser captures into an MCP server your AI coding agent can query — and, with your explicit per-origin consent, drive the live page through.
peek's live read + act tools are gated by a five-level per-origin permission model (0 Off → 1 Read-only → 2 Suggest-only → 3 Act-with-confirm → 4 YOLO, the default is Level 1) with a destructive-action blocklist that always prompts. No telemetry, no cloud — everything stays in ~/.peek.
Shared upstream means one fork to track, one masking surface to harden, one license + DCO + security policy.
Pre-1.0. Alpha packages live on npm. Branch protection is on main (PR + CI + DCO + linear history). All workflows use Trusted Publishing OIDC + SLSA provenance. Renovate runs with a 7-day cooldown (21 days for the @posthog/rrweb lineage) and config:best-practices. tracelane has publicly launched (npm alpha + a live demo report); peek is alpha on npm and its Chrome MV3 extension is available on the Chrome Web Store.
Report a vulnerability via SECURITY.md. The shared threat model for both products lives in docs/SECURITY-NOTES.md.
Apache-2.0. See LICENSE.
Apache 2.0. DCO sign-off required on all contributions. See CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md.
- GitHub Sponsors — github.com/sponsors/harry-harish (opening for launch)
- The work is open-source and sustainable; sponsorship keeps it that way. See
docs/SUSTAINABILITY.mdfor the maintenance cadence.