Docs

Crumbtrail documentation

Self hosted SDK and CLI documentation for capturing complete sessions, detecting the moment a user gives up, and handing the reproduction to your coding agent.

Introduction

The SDKs and the CLI are open source, MIT licensed, and published to npm — the source lives in CrumbtrailDev/crumbtrail-js. crumbtrail-core is the browser SDK: it runs the collectors and the silent signal detectors inside your app. crumbtrail-node is the server: capture ingest, Express middleware, and an MCP server that exposes finished sessions as tools your coding agent can call. Everything else — React, React Native, Tauri — builds on those two. Adopt only what you need; none of it requires a Crumbtrail account.

Quickstart

One command does the whole setup. The wizard detects your framework, installs the right package, injects the Crumbtrail.init() call into your entry file, and waits for your first real event before it calls itself done:

terminal
npx crumbtrail

In a monorepo, run it from the repo root — it scans every workspace, shows you what it found, and wires the ones you pick. Prefer to do it by hand? The rest of this section is that same setup, unrolled.

1. Install and start the server

terminal
pnpm add crumbtrail-core crumbtrail-node
# start the local capture + MCP server on :9898
# (sessions land under ~/.crumbtrail/sessions)
npx crumbtrail-server serve

On pnpm 10+? Its supply chain check queries the registry for every dependency, and a version that was just published can fail a fresh lockfile with ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION until it ages in. If you hit that for crumbtrail-core, add it to minimumReleaseAgeExclude in pnpm-workspace.yaml (pnpm does not read this key from .npmrc).

2. Initialize in the browser

app/entry.ts
import { Crumbtrail } from "crumbtrail-core";

// "passive" — embedded end user capture: collectors on,
// silent signal detection enabled, no widget.
Crumbtrail.init("passive");

// …or configure explicitly:
Crumbtrail.init({
  httpEndpoint: "http://localhost:9898",
  autoFlagOnSignals: true,
});

3. Verify end to end

Use your app as normal, then let the doctor prove the pipeline — capture, correlation, and MCP readability — before you trust it:

terminal
npx crumbtrail-server doctor

Packages

Six published packages, all MIT licensed and all in one repo. Read the source before you ship it — that's the point of shipping it this way.

The setup wizard. `npx crumbtrail` detects your framework, wires in the SDK, and verifies the first event.

The browser SDK: collectors, redaction, and silent signal detection. Zero dependencies.

The self hosted server for capture ingest, Express middleware, and the MCP tools your agent calls.

React bindings with an error boundary that captures the session and a hook that records component state.

React Native and Expo support for errors, network, navigation, and view tree snapshots.

A Tauri v2 plugin for desktop sessions over native IPC. No server process required.

Contributions are welcome at CrumbtrailDev/crumbtrail-js. The hosted Crumbtrail cloud is offered by invitation only. These packages work without it.

Collectors

A collector subscribes to one source of browser events. Each is a boolean in Crumbtrail.init(); the full, light and passive presets pick sensible sets so you rarely toggle them by hand.

Interactions

Clicks, inputs and route changes, keyed to a stable component signature — not a brittle CSS path.

Keystrokes

Key events with all text and input values masked by default. One element can be unmasked only when it is explicitly marked for unmasking.

Console

console.log / warn / error, with level and serialized, redacted arguments.

Network

fetch and XHR — method, URL, status, timing and redacted bodies, with cross origin correlation headers.

Errors

Uncaught exceptions and unhandled promise rejections, with stacks.

Scroll & visibility

Throttled scroll position plus tab visibility — the raw material of the give up signal.

Cookies & storage

Cookie changes plus localStorage, sessionStorage, IndexedDB and Cache API writes, value capped and maskable.

Clipboard

Copy and paste events, length capped; raw contents off by default.

Performance

Timing marks, so a slow response is a recorded fact instead of a memory.

Environment & flags

Feature flags, config, build and runtime recorded alongside each session.

Detection

The SDK keeps a rolling buffer of the last five minutes of session events. Four behavioral detectors watch that stream for the signals of a user giving up — none of them requires an exception. When one fires, Crumbtrail flags the reproduction window around it as a bug without further action.

Rage click

Four or more clicks on the same target within 1.5 seconds. The button that does nothing.

Retry storm

Four or more requests to the same endpoint within 5 seconds, or repeated failed responses. The user hammering refresh.

Slow response

Three or more responses of 3 seconds or longer inside a 10 second window. The app that feels broken.

Abandoned flow

Two or more filled inputs, then the tab hides with no submit. The form the user walked away from.

Enabled by autoFlagOnSignals — on in the passive and fullpresets. Every threshold above is a config key; tune them to your app's rhythm.

Session format

Each session is a directory of plain files you fully own: events.ndjson (the raw, append only log), a manifest, and a precomputed evidence index including a normalized, redacted search.jsonl. Agents read the index; the raw log stays cold.

~/.crumbtrail/sessions/<session-id>/events.ndjson
{"t":1751818000123,"k":"clk","d":{…}}
{"t":1751818000304,"k":"net.req","d":{…}}
{"t":1751818000451,"k":"net.res","d":{…}}
{"t":1751818000460,"k":"err","d":{…}}

Every event shares t (Unix milliseconds), k (a kind code — clk, net.req, con, err, db.diff, …) and d, the collector specific payload.

Integrations

Send evidence from your stack into a self hosted capture server. Choose the source that fits your application.

SDK and OTLP

Express / Node

createCrumbtrailExpressMiddleware correlates backend requests to the click that caused them, across origins.

OpenTelemetry / OTLP

Already on Sentry, Datadog, Grafana or Splunk? Point an exporter at the server — crumbtrail-server init --provider <name> prints the exact block.

Headless sessions

startHeadlessSession records backend job runs — imports, syncs, scheduled tasks — as sessions with no browser at all.

MCP for agents

The same binary serves MCP over stdio — so your coding agent pulls the evidence itself instead of guessing from a screenshot.

claude_desktop_config.json
{
  "mcpServers": {
    "crumbtrail": {
      "command": "npx",
      "args": ["crumbtrail-server", "serve", "--mcp"]
    }
  }
}

More than thirty tools in total. The ones you'll reach for most: getFixContext (the ranked causal window for one failure), getRegressionContext (what diverged between two releases), getEvidence, listBugs, listSessions and getEvents.

CLI reference

One binary, crumbtrail-server. Run any command with --help for flags.

serve

Run the local capture + MCP server (default if no command given).

init

Install the SDK into your project and generate wiring helpers.

doctor

Verify capture, correlation and MCP readability end to end.

scan

Flag components and functions missing IDs or logging — coverage gaps.

fix-context

Emit the ranked, correlated, LLM ready fix context bundle for a session.

inspect

Summarize a finalized session's manifest and artifacts.

compare

Compare two recorded sessions or releases.

Self hosting

The capture server is a single process with no database. It appends plain files to disk. Run it anywhere Node runs; set CRUMBTRAIL_AUTH_TOKEN to require a token on ingest.

terminal
CRUMBTRAIL_AUTH_TOKEN=<token> \
npx crumbtrail-server serve --port 9898 --output /var/crumbtrail/sessions

Sessions are plain files under the output directory — back them up, rotate them or delete them with ordinary tooling. Crumbtrail is flexible to deploy: run the server wherever your compliance posture wants it.

FAQ

Where do my sessions live?

Wherever you point the SDK. Self host the capture server in your own environment. Hosted access is invite only during the quiet period.

How do I avoid capturing passwords?

All text and input values are masked by default before an event is stored. Use data-crumbtrail-unmask on one reviewed element when its text is needed. Usedata-crumbtrail-block to exclude an element entirely.

Is the SDK really open source?

Yes — MIT, on GitHub at CrumbtrailDev/crumbtrail-js, no request or signup needed. Every package you install runs in your app or on your machine, so read it before you ship it. The hosted cloud is closed source, invite only, and optional; the SDKs work without it.

Ready to capture your first session?

Start with the self hosted SDK, or join the waitlist for hosted access.

Join waitlist