claude-tap is a local proxy and trace viewer for AI coding agents. Run your CLI through it, then inspect the real API traffic: system prompts, conversation history, tool schemas, tool calls, streaming responses, token usage, and request diffs.
It works with Claude Code, Codex CLI, Gemini CLI, Kimi CLI, OpenCode, Pi, Hermes Agent, Cursor CLI, and Qoder CLI.
Open a real agent run, inspect every request, and compare how context changes between turns.
Light viewer overview |
Dark mode for long review sessions |
Structured diff across adjacent requests |
- 👀 See the exact context: inspect prompts, messages, tool definitions, tool calls, tool results, streaming chunks, and token usage.
- 🔎 Debug behavior with evidence: compare adjacent requests and pinpoint which prompt, message, tool, or parameter changed.
- 📦 Share one portable artifact: each run writes a JSONL trace and a self-contained HTML viewer for review or archiving.
- 🔒 Keep traces on your machine: no hosted dashboard is required, and common auth headers are redacted before recording.
- 🧩 Use one workflow across clients: trace Claude Code, Codex CLI, Gemini CLI, Kimi CLI, OpenCode, Pi, Hermes Agent, Cursor CLI, and Qoder CLI.
| Client | Typical use |
|---|---|
| Claude Code | Anthropic API or Claude-compatible gateways such as DeepSeek / GLM |
| Codex CLI | OpenAI API key mode or ChatGPT subscription OAuth |
| Gemini CLI | Google OAuth / Code Assist traffic |
| Kimi CLI | Kimi Code or Moonshot Open Platform |
| OpenCode | Multi-provider OpenCode sessions |
| Pi | Pi sessions, including OpenAI Codex OAuth providers |
| Hermes Agent | Multi-provider Hermes TUI or gateway sessions |
| Cursor CLI | Cursor Agent sessions plus readable local transcript import |
| Qoder CLI | Qoder Agent sessions through forward proxy mode |
Requires Python 3.11+ and the client you want to trace.
# Recommended
uv tool install claude-tap
# Or with pip
pip install claude-tapUpgrade: claude-tap update, uv tool upgrade claude-tap, or pip install --upgrade claude-tap
Run the client you want to inspect through claude-tap. Flags after -- are passed to the selected client.
# Claude Code
claude-tap
# Claude Code with live browser viewer
claude-tap --tap-live
# Codex CLI
claude-tap --tap-client codex
# Gemini CLI
claude-tap --tap-client gemini -- -p "hello"
# Kimi CLI
claude-tap --tap-client kimi
# Pi
claude-tap --tap-client pi -- --model openai-codex/gpt-5.3-codex-spark -p "hello"
# Cursor CLI
claude-tap --tap-client cursor -- -p --trust --model auto "hello"
# Qoder CLI
claude-tap --tap-client qoder -- -p "hello" --permission-mode dont_askClaude Code examples
# Pass flags through to Claude Code
claude-tap -- --model claude-opus-4-6
claude-tap -c # continue last conversation
# Skip all permission prompts (auto-accept tool calls)
claude-tap -- --dangerously-skip-permissions
# Live viewer + skip permissions + specific model
claude-tap --tap-live -- --dangerously-skip-permissions --model claude-sonnet-4-6claude-tap auto-detects custom Claude Code upstreams from ANTHROPIC_BASE_URL
in your environment or Claude settings. Use --tap-target only when you want to
override that detected target.
Claude Code with DeepSeek API
Full English guide: Claude Code with DeepSeek API. Simplified Chinese version: Claude Code 搭配 DeepSeek API.
export ANTHROPIC_AUTH_TOKEN="<your DeepSeek API key>"
unset ANTHROPIC_API_KEY
export ANTHROPIC_MODEL="deepseek-v4-pro[1m]"
export ANTHROPIC_DEFAULT_OPUS_MODEL="deepseek-v4-pro[1m]"
export ANTHROPIC_DEFAULT_SONNET_MODEL="deepseek-v4-pro[1m]"
export ANTHROPIC_DEFAULT_HAIKU_MODEL="deepseek-v4-flash"
export CLAUDE_CODE_SUBAGENT_MODEL="deepseek-v4-flash"
export CLAUDE_CODE_EFFORT_LEVEL=max
export ANTHROPIC_BASE_URL=https://api.deepseek.com/anthropicclaude-tap -- --permission-mode bypassPermissionsclaude-tap reads the DeepSeek upstream from ANTHROPIC_BASE_URL, then launches Claude Code against the local proxy. Use --tap-target https://api.deepseek.com/anthropic only as a manual override.
Codex CLI auth modes and examples
Codex CLI supports two authentication modes with different upstream targets:
| Auth Mode | How to authenticate | Upstream target | Notes |
|---|---|---|---|
| OAuth (ChatGPT subscription) | codex login |
https://chatgpt.com/backend-api/codex |
Default for ChatGPT Plus/Pro/Team users |
| API Key | Set OPENAI_API_KEY |
https://api.openai.com (default) |
Pay-per-use via OpenAI Platform |
claude-tap auto-detects the Codex target from your auth state when possible.
# OAuth users (ChatGPT Plus/Pro/Team) — auto-detected after `codex login`
claude-tap --tap-client codex
# If auto-detection cannot read your Codex auth file, specify the target explicitly
claude-tap --tap-client codex --tap-target https://chatgpt.com/backend-api/codex
# API Key users — default OpenAI API target works out of the box
claude-tap --tap-client codex
# With specific model
claude-tap --tap-client codex -- --model codex-mini-latest
# Full auto-approval (skip all permission prompts)
claude-tap --tap-client codex -- --full-auto
# OAuth + full auto + live viewer
claude-tap --tap-client codex --tap-live -- --full-autoKimi CLI examples
Kimi CLI uses reverse proxy mode by default through KIMI_BASE_URL. Use your existing Kimi CLI auth/config; the default upstream target is the Kimi Code API.
claude-tap --tap-client kimi
claude-tap --tap-client kimi -- --thinking
# Use Moonshot Open Platform instead of Kimi Code
claude-tap --tap-client kimi --tap-target https://api.moonshot.ai/v1Gemini CLI examples
Gemini CLI uses forward proxy mode by default. Google OAuth / Code Assist traffic goes to several Google endpoints, so forward proxy capture is the safest default. Reverse mode remains available for API-key or Vertex-style flows that honor GOOGLE_GEMINI_BASE_URL or GOOGLE_VERTEX_BASE_URL.
# Google OAuth / Code Assist
claude-tap --tap-client gemini -- -p "hello"
# Live viewer
claude-tap --tap-client gemini --tap-live -- -p "hello"
# Reverse mode for compatible API-key / Vertex flows
claude-tap --tap-client gemini --tap-proxy-mode reverse -- -p "hello"OpenCode examples
OpenCode is a multi-provider terminal AI assistant. Because it can talk to many providers, claude-tap defaults to forward proxy mode for opencode: it injects HTTPS_PROXY plus the local CA into the child process so traffic to any provider is captured.
# Forward proxy mode — captures every provider opencode talks to (default)
claude-tap --tap-client opencode
# With live viewer
claude-tap --tap-client opencode --tap-live
# Reverse mode — only works when using Anthropic provider (single ANTHROPIC_BASE_URL)
claude-tap --tap-client opencode --tap-proxy-mode reversePi examples
Pi is a multi-provider coding agent. claude-tap defaults to forward proxy mode for Pi because Pi can use subscription OAuth providers such as openai-codex and custom API-key providers from its model registry.
# OpenAI Codex OAuth via Pi's openai-codex provider
claude-tap --tap-client pi -- --model openai-codex/gpt-5.3-codex-spark -p "hello"
# With live viewer
claude-tap --tap-client pi --tap-live -- --model openai-codex/gpt-5.3-codex-spark -p "hello"
# Read-only tool capture
claude-tap --tap-client pi -- --model openai-codex/gpt-5.3-codex-spark --tools bash -p "Run pwd"Pi stores OAuth credentials in ~/.pi/agent/auth.json after /login. If you keep Pi credentials in another directory, set PI_CODING_AGENT_DIR before launching claude-tap.
Hermes Agent examples
Hermes Agent is a multi-provider Python AI agent (Nous Portal, OpenRouter, NVIDIA NIM, Xiaomi MiMo, GLM, Kimi, MiniMax, Hugging Face, OpenAI, Anthropic, custom). Because it can talk to any of these providers — and httpx / requests both honor HTTPS_PROXY natively — claude-tap defaults to forward proxy mode for hermes: it injects HTTPS_PROXY plus the local CA into the child process so any provider is captured.
# Interactive TUI — the recommended way for local trace capture.
claude-tap --tap-client hermes --tap-live
# Gateway mode — captures LLM calls triggered by incoming platform messages (Slack, Telegram, etc.).
# Requires a messaging platform configured in ~/.hermes/.env.
# claude-tap auto-rewrites `gateway start` → `gateway run` so the gateway runs in the
# foreground and inherits HTTPS_PROXY; without this, the daemon spawned by systemd/launchd
# would not go through the proxy and no traces would be recorded.
claude-tap --tap-client hermes -- gateway start
# Reverse mode is opt-in and only useful when ~/.hermes is configured with an
# OpenAI-compatible provider that reads OPENAI_BASE_URL.
claude-tap --tap-client hermes --tap-proxy-mode reverseNote: Gateway mode only produces traces when a configured messaging platform (Slack, Telegram, etc.) delivers a message to the bot. Without an active platform integration, the gateway makes no LLM calls and no traces are recorded.
Cursor CLI examples
Cursor CLI uses forward proxy mode by default. Use --model auto on free plans, and omit --mode ask when you want tool calls.
claude-tap --tap-client cursor -- -p --trust --model auto "hello"
claude-tap --tap-client cursor -- -p --trust --model auto --continue "continue"- OpenClaw setup guide for integrating
claude-tapwith OpenClaw. Simplified Chinese version: OpenClaw 设置指南. - Claude Code with DeepSeek API for routing Claude Code through DeepSeek's Anthropic-compatible API. Simplified Chinese version: Claude Code 搭配 DeepSeek API.
- Client support matrix for exact environment variables, proxy modes, and URL rewrite rules.
Qoder CLI examples
Qoder CLI talks to multiple Qoder endpoints, so claude-tap defaults to forward proxy mode for --tap-client qoder.
# Browser login, PAT, or job token must be configured before launch.
qodercli login
claude-tap --tap-client qoder -- -p "hello" --permission-mode dont_askViewer, export, and advanced options
# Live viewer while a client runs
claude-tap --tap-live
# Browse saved traces without launching a client
claude-tap dashboard
# Regenerate a self-contained HTML viewer from JSONL
claude-tap export .traces/2026-02-28/trace_141557.jsonl -o trace.html
# Store traces in another directory, or keep fewer sessions
claude-tap --tap-output-dir ./my-traces
claude-tap --tap-max-traces 10
# Start only the proxy for custom setups
claude-tap --tap-no-launch --tap-port 8080
# Disable auto-open of the generated viewer after exit
claude-tap --tap-no-openIn proxy-only mode, start your client in another terminal and point its base URL or proxy settings at the local proxy. Use the client support matrix for exact wiring.
All flags are forwarded to the selected client, except these --tap-* ones:
--tap-client CLIENT Client to launch: claude (default), codex, gemini, kimi, opencode, pi, hermes, cursor, or qoder
--tap-target URL Upstream API URL (default: auto per client)
--tap-live Start real-time viewer (auto-opens browser)
--tap-live-port PORT Port for live viewer server (default: auto)
--tap-no-open Don't auto-open HTML viewer after exit (on by default)
--tap-output-dir DIR Trace output directory (default: ./.traces)
--tap-port PORT Proxy port (default: auto)
--tap-host HOST Bind address (default: 127.0.0.1, or 0.0.0.0 in --tap-no-launch mode)
--tap-no-launch Only start the proxy, don't launch client
--tap-max-traces N Max trace sessions to keep (default: 50, 0 = unlimited)
--tap-no-update-check Disable PyPI update check on startup
--tap-no-auto-update Check for updates but don't auto-download
--tap-proxy-mode MODE Proxy mode: reverse or forward (default: reverse for claude/codex/kimi, forward for gemini/opencode/pi/hermes/cursor/qoder)
The viewer is a single self-contained HTML file (zero external dependencies):
- Structural diff — compare consecutive requests to see exactly what changed: new/removed messages, system prompt diffs, character-level inline highlighting
- Path filtering — filter by API endpoint (e.g.,
/v1/messagesonly) - Model grouping — sidebar groups requests by model, with Claude-family priority ordering
- Token usage breakdown — input / output / cache read / cache creation
- Tool inspector — expandable cards with tool name, description, and parameter schema
- Search — full-text search across messages, tools, prompts, and responses
- Dark mode — toggle light/dark themes (respects system preference)
- Keyboard navigation —
j/kor arrow keys - Copy helpers — one-click copy of request JSON or cURL command
- i18n — English, 简体中文, 日本語, 한국어, Français, العربية, Deutsch, Русский
How it works
How it works:
claude-tapstarts a reverse or forward proxy and spawns the selected client- Base URL clients are pointed at the reverse proxy; clients without base URL support use proxy/CA environment variables
- SSE and WebSocket streams are forwarded as chunks/messages arrive with low proxy overhead
- Each request-response pair or WebSocket session is recorded to a dated
trace_*.jsonl - On exit, a self-contained HTML viewer is generated
- Live mode (optional) broadcasts updates to browser via SSE
Key features: 🔒 Common auth headers auto-redacted · ⚡ Low-overhead streaming · 📦 Self-contained viewer · 🔄 Real-time live mode
Thanks goes to these contributors:
 liaohch3 💻 📖 🚧 |
 BKK 💻 |
 YoungCan-Wang 💻 |
 0xkrypton 💻 |
 CYJiang 💻 |
 陈展鹏 📖 |
 devtalker 💻 |
 Yaguang Ding 💻 |
 Sephy 💻 |
Contributions are welcome. Start with CONTRIBUTING.md.
MIT