hitkeep
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 50 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in .github/workflows/pipeline.yml
Permissions Pass
- Permissions — No dangerous permissions requested
This tool provides privacy-focused, self-hosted web analytics for both human teams and AI agents. It operates as a Model Context Protocol (MCP) server, allowing approved AI agents to securely query analytics data via a read-only API.
Security Assessment
The server provides a read-only interface for analytics, meaning it is designed to fetch and read reporting data rather than execute state-changing actions. It does not request dangerous local permissions. However, because it handles web traffic analytics, it inherently processes potentially sensitive user data (such as IP addresses, traffic patterns, and geographical locations). It functions as a network service and makes standard network requests. No hardcoded secrets were detected in the codebase. Overall risk is rated as Low for local execution, though standard data-handling precautions apply if you deploy it to ingest public web traffic.
Quality Assessment
The project is in excellent health and actively maintained, with the most recent code updates pushed today. It uses the permissive MIT license and demonstrates strong community trust and visibility for a newer tool, boasting 50 GitHub stars. The only minor automated flag is a recursive force deletion command (`rm -rf`) located within its GitHub Actions CI/CD pipeline; this is a standard practice for cleaning up build environments and poses absolutely no security risk to end-users.
Verdict
Safe to use.
HitKeep is privacy-first analytics for humans and AI agents, self-hosted or in managed EU/US cloud regions.
HitKeep
Privacy-first analytics for humans and AI agents, self-hosted or in EU/US cloud.
HitKeep is open source web analytics for teams that want useful product reporting without running PostgreSQL, Redis, ClickHouse, or a separate queue.
- Single Go binary with embedded DuckDB and NSQ
- Cookie-less tracker by default, with Do Not Track support
- Traffic, events, goals, funnels, ecommerce, UTM, and email reports
- Google Search Console aggregate import for query, page, country, and device reporting
- AI visibility analytics for crawler fetches and AI-referred visits
- Scoped API clients and a read-only MCP analytics server for approved agents
- Self-hosted or managed cloud with EU/US region choice
AI Performance · Website · Cloud · Live Demo · Docs · API · Releases
Why HitKeep
HitKeep is for teams that need clear web analytics, conversion reporting, and AI-era search visibility in one small operational footprint.
- Low-ops self-hosting: one binary, one data directory, embedded DuckDB and NSQ
- Useful reports: top pages, landing and exit pages, events, goals, funnels, ecommerce, UTM attribution, and Search Console aggregates
- Privacy defaults: focused data collection, cookie-less tracking, and DNT handling
- AI visibility: server-side crawler fetch analytics, AI-referred visits, and correlation reports
- Team controls: passkeys, TOTP, site/team permissions, share links, audit logs, API clients, and read-only MCP access
- Deployment choice: run it yourself or use managed cloud in the EU or US
Quick Start
Binary
Download the latest release for your system:
wget https://github.com/PascaleBeier/hitkeep/releases/latest/download/hitkeep-linux-arm64
chmod +x hitkeep-linux-arm64
export HITKEEP_JWT_SECRET="replace-this-with-a-long-random-string"
./hitkeep-linux-arm64 -public-url="http://localhost:8080"
Open http://localhost:8080 and create your first account.
Docker
services:
hitkeep:
image: pascalebeier/hitkeep:latest
restart: unless-stopped
ports:
- "8080:8080"
volumes:
- hitkeep_data:/var/lib/hitkeep/data
environment:
HITKEEP_JWT_SECRET: replace-this-with-a-long-random-string
command:
- "-public-url=http://localhost:8080"
volumes:
hitkeep_data: {}
docker compose up -d
For production setup, reverse proxies, SMTP, systemd, Kubernetes, S3 archiving, and every configuration flag, use the docs instead of this README:
Track Your Site
Once your instance is running and a site is created, add:
<script async src="https://your-hitkeep-instance.com/hk.js"></script>
Custom event example:
<script>
window.hk = window.hk || {};
window.hk.event?.("signup", { plan: "pro", source: "landing-page" });
</script>
Tracker options, ecommerce events, custom events, and advanced tracking examples live here:
- Tracking docs
- Custom events
- Ecommerce analytics
- Google Search Console integration
- MCP analytics access
- WordPress integration
- AI visibility analytics
- CloudFront AI crawler tracking
- AI chatbot analytics
- REST API reference
- Compliance overview
Product Tour
See five product screenshotsDashboard
Ecommerce
Search Console
AI Visibility
MCP Access
Documentation
The maintained reference lives on hitkeep.com.
Cloud
If you want the same product without running it yourself, start here:
Development
Prerequisites:
- Go 1.26+
- Node.js 24+
- Make
- A working C toolchain for DuckDB builds
Build from source:
git clone https://github.com/pascalebeier/hitkeep.git
cd hitkeep
make build
./hitkeep
For day-to-day development:
make dev
This starts the Go backend with live reload and the Angular dashboard on http://localhost:4200.
For a seeded local workspace with demo data:
make dev-seed
Contributor docs and local development guides:
License
Distributed under the MIT License. See LICENSE.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found