Crumbtrail documentation
Self hosted SDK and CLI documentation for capturing complete sessions, detecting the moment a user gives up, and handing the reproduction to your coding agent.
Introduction
The SDKs and the CLI are open source, MIT licensed, and published to npm — the source lives in CrumbtrailDev/crumbtrail-js. crumbtrail-core is the browser SDK: it runs the collectors and the silent signal detectors inside your app. crumbtrail-node is the server: capture ingest, Express middleware, and an MCP server that exposes finished sessions as tools your coding agent can call. Everything else — React, React Native, Tauri — builds on those two. Adopt only what you need; none of it requires a Crumbtrail account.
Quickstart
One command does the whole setup. The wizard detects your framework, installs the right package, injects the Crumbtrail.init() call into your entry file, and waits for your first real event before it calls itself done:
npx crumbtrailIn a monorepo, run it from the repo root — it scans every workspace, shows you what it found, and wires the ones you pick. Prefer to do it by hand? The rest of this section is that same setup, unrolled.
1. Install and start the server
pnpm add crumbtrail-core crumbtrail-node
# start the local capture + MCP server on :9898
# (sessions land under ~/.crumbtrail/sessions)
npx crumbtrail-server serveOn pnpm 10+? Its supply chain check queries the registry for every dependency, and a version that was just published can fail a fresh lockfile with ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION until it ages in. If you hit that for crumbtrail-core, add it to minimumReleaseAgeExclude in pnpm-workspace.yaml (pnpm does not read this key from .npmrc).
2. Initialize in the browser
import { Crumbtrail } from "crumbtrail-core";
// "passive" — embedded end user capture: collectors on,
// silent signal detection enabled, no widget.
Crumbtrail.init("passive");
// …or configure explicitly:
Crumbtrail.init({
httpEndpoint: "http://localhost:9898",
autoFlagOnSignals: true,
});3. Verify end to end
Use your app as normal, then let the doctor prove the pipeline — capture, correlation, and MCP readability — before you trust it:
npx crumbtrail-server doctorPackages
Six published packages, all MIT licensed and all in one repo. Read the source before you ship it — that's the point of shipping it this way.
The setup wizard. `npx crumbtrail` detects your framework, wires in the SDK, and verifies the first event.
The browser SDK: collectors, redaction, and silent signal detection. Zero dependencies.
The self hosted server for capture ingest, Express middleware, and the MCP tools your agent calls.
React bindings with an error boundary that captures the session and a hook that records component state.
React Native and Expo support for errors, network, navigation, and view tree snapshots.
A Tauri v2 plugin for desktop sessions over native IPC. No server process required.
Contributions are welcome at CrumbtrailDev/crumbtrail-js. The hosted Crumbtrail cloud is offered by invitation only. These packages work without it.
Collectors
A collector subscribes to one source of browser events. Each is a boolean in Crumbtrail.init(); the full, light and passive presets pick sensible sets so you rarely toggle them by hand.
Interactions
Clicks, inputs and route changes, keyed to a stable component signature — not a brittle CSS path.
Keystrokes
Key events with all text and input values masked by default. One element can be unmasked only when it is explicitly marked for unmasking.
Console
console.log / warn / error, with level and serialized, redacted arguments.
Network
fetch and XHR — method, URL, status, timing and redacted bodies, with cross origin correlation headers.
Errors
Uncaught exceptions and unhandled promise rejections, with stacks.
Scroll & visibility
Throttled scroll position plus tab visibility — the raw material of the give up signal.
Cookies & storage
Cookie changes plus localStorage, sessionStorage, IndexedDB and Cache API writes, value capped and maskable.
Clipboard
Copy and paste events, length capped; raw contents off by default.
Performance
Timing marks, so a slow response is a recorded fact instead of a memory.
Environment & flags
Feature flags, config, build and runtime recorded alongside each session.
Detection
The SDK keeps a rolling buffer of the last five minutes of session events. Four behavioral detectors watch that stream for the signals of a user giving up — none of them requires an exception. When one fires, Crumbtrail flags the reproduction window around it as a bug without further action.
Rage click
Four or more clicks on the same target within 1.5 seconds. The button that does nothing.
Retry storm
Four or more requests to the same endpoint within 5 seconds, or repeated failed responses. The user hammering refresh.
Slow response
Three or more responses of 3 seconds or longer inside a 10 second window. The app that feels broken.
Abandoned flow
Two or more filled inputs, then the tab hides with no submit. The form the user walked away from.
Enabled by autoFlagOnSignals — on in the passive and fullpresets. Every threshold above is a config key; tune them to your app's rhythm.
Session format
Each session is a directory of plain files you fully own: events.ndjson (the raw, append only log), a manifest, and a precomputed evidence index including a normalized, redacted search.jsonl. Agents read the index; the raw log stays cold.
{"t":1751818000123,"k":"clk","d":{…}}
{"t":1751818000304,"k":"net.req","d":{…}}
{"t":1751818000451,"k":"net.res","d":{…}}
{"t":1751818000460,"k":"err","d":{…}}Every event shares t (Unix milliseconds), k (a kind code — clk, net.req, con, err, db.diff, …) and d, the collector specific payload.
Integrations
Send evidence from your stack into a self hosted capture server. Choose the source that fits your application.
SDK and OTLP
Express / Node
createCrumbtrailExpressMiddleware correlates backend requests to the click that caused them, across origins.
OpenTelemetry / OTLP
Already on Sentry, Datadog, Grafana or Splunk? Point an exporter at the server — crumbtrail-server init --provider <name> prints the exact block.
Headless sessions
startHeadlessSession records backend job runs — imports, syncs, scheduled tasks — as sessions with no browser at all.
MCP for agents
The same binary serves MCP over stdio — so your coding agent pulls the evidence itself instead of guessing from a screenshot.
{
"mcpServers": {
"crumbtrail": {
"command": "npx",
"args": ["crumbtrail-server", "serve", "--mcp"]
}
}
}More than thirty tools in total. The ones you'll reach for most: getFixContext (the ranked causal window for one failure), getRegressionContext (what diverged between two releases), getEvidence, listBugs, listSessions and getEvents.
CLI reference
One binary, crumbtrail-server. Run any command with --help for flags.
serveRun the local capture + MCP server (default if no command given).
initInstall the SDK into your project and generate wiring helpers.
doctorVerify capture, correlation and MCP readability end to end.
scanFlag components and functions missing IDs or logging — coverage gaps.
fix-contextEmit the ranked, correlated, LLM ready fix context bundle for a session.
inspectSummarize a finalized session's manifest and artifacts.
compareCompare two recorded sessions or releases.
Self hosting
The capture server is a single process with no database. It appends plain files to disk. Run it anywhere Node runs; set CRUMBTRAIL_AUTH_TOKEN to require a token on ingest.
CRUMBTRAIL_AUTH_TOKEN=<token> \
npx crumbtrail-server serve --port 9898 --output /var/crumbtrail/sessionsSessions are plain files under the output directory — back them up, rotate them or delete them with ordinary tooling. Crumbtrail is flexible to deploy: run the server wherever your compliance posture wants it.
FAQ
Where do my sessions live?
Wherever you point the SDK. Self host the capture server in your own environment. Hosted access is invite only during the quiet period.
How do I avoid capturing passwords?
All text and input values are masked by default before an event is stored. Use data-crumbtrail-unmask on one reviewed element when its text is needed. Usedata-crumbtrail-block to exclude an element entirely.
Is the SDK really open source?
Yes — MIT, on GitHub at CrumbtrailDev/crumbtrail-js, no request or signup needed. Every package you install runs in your app or on your machine, so read it before you ship it. The hosted cloud is closed source, invite only, and optional; the SDKs work without it.
Ready to capture your first session?
Start with the self hosted SDK, or join the waitlist for hosted access.