OpenReplay

Self-hosted session replay and product analytics suite that lets you see exactly what users do on your web app — without sending data to third parties.

12.2Kstars
754forks
Custom / Unknown
TypeScript

OpenReplay is an open-source, self-hostable session replay and product analytics platform designed for developer and product teams who need deep visibility into user behavior without sacrificing data privacy. Unlike SaaS-based observability tools, OpenReplay stores everything on your own infrastructure — whether that’s AWS, Google Cloud, Azure, DigitalOcean, or a bare Kubernetes cluster — giving you full control over sensitive user data and eliminating compliance overhead.

At its core, OpenReplay captures and replays every user interaction in the browser: clicks, scrolls, form inputs, page navigations, and viewport changes. But it goes further than traditional screen recorders. Its DevTools integration exposes the full technical context behind each session — network requests and responses, JavaScript errors and stack traces, Redux/VueX/NgRx/MobX store state, console logs, CPU and memory usage, and over 40 Web Vitals metrics. This means that when something breaks in production, developers can replay the exact session and debug it the same way they’d use Chrome DevTools — without needing to reproduce the issue locally.

OpenReplay ships as a polyglot monorepo. The browser tracker is a lightweight (~26KB brotli-compressed) TypeScript library that captures DOM mutations using a MutationObserver-based approach. The backend is split between a Python/FastAPI API service and high-throughput Go microservices that handle event ingestion, session stitching, and data processing at scale. ClickHouse handles analytical queries for product analytics, while PostgreSQL manages transactional data. Kafka provides the event streaming backbone, and the whole stack can be orchestrated via Helm charts or Docker Compose.

The platform includes an integrated Assist module for real-time co-browsing via WebRTC, enabling support teams to see a user’s live screen without any third-party tool. Spot, a Chrome extension, lets engineers record bugs directly from their browser and capture full technical context automatically. The product analytics layer provides funnels, heatmaps, user journeys, and trend analysis — all grounded in actual session data rather than sampled aggregates.

What You Get

  • Session Replay with Full Technical Context - Pixel-accurate reconstruction of every user session including mouse movements, clicks, scrolls, form inputs, DOM state, network requests/responses, console logs, JS errors, and store state (Redux, VueX, NgRx, MobX, Pinia, Zustand) — all synchronized on a single timeline.
  • Spot Chrome Extension - A browser extension for developers to record bugs directly from their environment, automatically capturing the full technical payload: network calls, console output, JS errors, and DOM state at the moment of the bug — shareable as a video with embedded dev data.
  • Built-in DevTools Panel - An in-app debugging interface that mirrors browser DevTools within each session replay: network tab with request/response bodies, console log viewer, store inspector, performance flamechart, and 40+ Web Vitals metrics tied precisely to user actions.
  • Assist — Real-Time Co-Browsing - Live session viewing and co-browsing via WebRTC that lets support engineers see a user’s screen in real time and optionally take remote control, without any third-party screen sharing software.
  • Omni-Search Without Instrumentation - A session search engine that queries across user attributes, technical events, URLs, errors, and performance metrics without requiring pre-defined event tracking — find sessions by any combination of criteria instantly.
  • Product Analytics (Funnels, Heatmaps, Journeys, Trends) - Built-in analytics cards for visualizing conversion funnels, click and attention heatmaps, user journey sunbursts, and trend charts — all backed by actual session data rather than statistical sampling.
  • Fine-Grained Privacy and Data Sanitization - Per-field configuration for capturing, obscuring, or ignoring sensitive data using CSS selectors and regex rules, with a privateMode flag that prevents any sensitive data from leaving the browser — enabling GDPR, CCPA, and HIPAA compliance without data masking on the server.
  • MCP App for AI-Native Access - A Model Context Protocol application that connects Claude Desktop (or any MCP host) to an OpenReplay instance, enabling chart viewing, session replay, and analytics queries directly from within an AI chat interface.
  • Multi-Cloud and Kubernetes Deployment - Production-ready Helm charts and step-by-step deployment guides for AWS, GCP, Azure, DigitalOcean, Scaleway, OVHcloud, and Kubernetes, with offline/air-gapped deployment support and centralized secret management.
  • Backend Log Integrations - Native integrations with Sentry, Datadog, CloudWatch, Stackdriver, Elastic, and others to correlate frontend session replays with backend error traces in a single view.

Common Use Cases

  • Reproducing production bugs - A frontend engineer receives a bug report about a checkout failure; they open the session replay in OpenReplay, see the exact Redux action that caused the invalid state, the 422 API response in the network tab, and the JS error in the console — fixing in minutes what would have taken hours to reproduce locally.
  • Supporting a confused user in real time - A support agent uses Assist to co-browse with a user who can’t complete onboarding, sees them clicking a disabled button that’s visually indistinguishable from an enabled one, and guides them through the flow — resolving the ticket without asking for screenshots or a Zoom call.
  • Diagnosing conversion drop-off - A product manager builds a funnel from landing page to signup completion, discovers a 40% drop at the email verification step, filters for sessions of users who dropped off, and watches three replays to see that the verification email was landing in spam — leading to a direct fix.
  • Auditing a UI redesign before rollout - A UX researcher uses heatmaps and session replays on a beta feature to identify that users are clicking a non-interactive icon expecting it to open a menu, validating a design change before it ships to 100% of traffic.
  • Monitoring Web Vitals regressions - A performance-focused team sets up trend cards for LCP and INP, spots a regression after a third-party script update, then uses Omni-Search to find the sessions where LCP exceeded 4 seconds and inspects the network waterfall to find the blocking resource.

Under The Hood

Architecture OpenReplay is a distributed, service-oriented system with clearly separated responsibilities across its components. The browser tracker operates as a modular TypeScript library that intercepts DOM mutations via MutationObserver, monkey-patches browser APIs for network and console capture, and serializes events into a compact binary stream dispatched asynchronously to the ingest backend. The backend is structured as independent microservices — a Python FastAPI API layer for session querying and configuration, Go services for high-throughput event ingestion (ender, db, sink), a separate analytics query layer backed by ClickHouse, and a WebRTC-based Assist service. This separation of concerns allows each layer to scale independently; the ingest pipeline can process thousands of concurrent sessions while the API serves dashboard queries without contention. The EE (Enterprise Edition) layer adds additional modules in-tree under the ee/ directory, using the same service contracts as the core.

Tech Stack The tracker is written in TypeScript and compiled to both ESM and CJS with Rollup, targeting modern browsers with sub-26KB brotli-compressed payload. The API backend is Python 3 using FastAPI with psycopg3 for async PostgreSQL access and ClickHouse for analytical queries. Go microservices (Go 1.26) handle event ingestion with Confluent Kafka as the event bus and Valkey (Redis fork) for caching and stream processing. The frontend is a React + TypeScript SPA built with Webpack and styled with Tailwind CSS, with Cypress and Playwright for E2E testing. Infrastructure is managed via Helm charts for Kubernetes, with Docker Compose support for single-node deployments. The MCP app is a TypeScript/Node.js application using Vite for the UI and exposing MCP server tools for AI integration.

Code Quality The codebase demonstrates extensive testing across multiple layers: 21+ unit test files in the frontend (Jest), Cypress integration tests for session replay and UI flows, Playwright tests for broader E2E coverage, and Python unit tests for the API layer. TypeScript is used with strict typing throughout the tracker and frontend, with generated protobuf/message types ensuring type safety at the serialization boundary. The backend Go code uses go vet, and the monorepo has Lefthook for pre-commit hooks. CI is handled via GitHub Actions with Renovate for dependency management and ggshield for secret scanning. Code organization in the tracker is clean and modular — each browser capability (console, network, mouse, CSS, selection, etc.) is an isolated module with its own types. The API layer shows some coupling in the Python code but benefits from FastAPI’s typed request/response schemas via Pydantic.

What Makes It Unique OpenReplay’s core technical differentiator is its DOM-diffing session replay approach: rather than recording a video, it serializes the minimal DOM mutations and browser events needed to reconstruct the user’s exact viewport state at any moment, enabling frame-accurate replay at a fraction of the storage cost of video-based alternatives. The integrated DevTools panel, which surfaces network, console, store state, and performance data synchronized with the replay timeline, eliminates the context switch that makes traditional session replay tools useful only for UX analysis but not debugging. The recent addition of an MCP application — which allows AI agents to query OpenReplay analytics and view session replays programmatically — is an early and unusual move in the observability space, positioning the platform as AI-native for developer workflows.

Self-Hosting

OpenReplay uses a multi-license model reflecting a common open-core structure. The core platform outside the ee/ directory is licensed under AGPL v3, which allows commercial use and modification but requires that any modifications distributed to others (including via network service) be released under the same AGPL terms. The tracker libraries themselves are MIT-licensed, so embedding the tracker in a commercial web application is unrestricted. Enterprise Edition features — including enhanced co-browsing, SCIM provisioning, SSO with custom IdP group support, video export of replays, and certain ClickHouse optimization features — reside under a proprietary Enterprise License that requires a commercial agreement with OpenReplay.

Running OpenReplay yourself requires a reasonably sophisticated infrastructure team. The recommended self-hosted setup deploys multiple services: the Python API, multiple Go microservices, PostgreSQL, ClickHouse, Kafka (or a compatible stream broker), Valkey, and object storage (S3-compatible). For Kubernetes, Helm charts are provided and actively maintained, with recent additions for centralized secret management and offline/air-gapped deployments. The team is responsible for database migrations (automated via the deployment scripts), ClickHouse performance tuning for large session volumes, and scaling the ingestion pipeline under load. A single-VM deployment via Docker Compose is available but suitable for low-traffic evaluation rather than production.

The OpenReplay Cloud hosted offering provides a fully managed version with no infrastructure responsibility, plus access to all Enterprise Edition features, priority support with SLAs, and managed upgrades. Self-hosters on the community (AGPL) tier have access to GitHub Issues and the Slack community for support, but no SLA or guaranteed response time. The gap between self-hosted AGPL and the Enterprise tier is meaningful for teams needing SSO, SCIM, or video export, and those features are only available through a commercial license agreement — something worth factoring into the total cost of ownership comparison.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search