Self-host
Run it inside your boundary in minutes
StepStitch is Apache-2.0 and self-hosted by default. The SDK has zero runtime dependencies; the service is one container. Your traces never leave your infrastructure.
1. Install the browser SDK
Capture structural footsteps, redacted in the page.
npm install @stepstitch/trackerimport { createTracker } from '@stepstitch/tracker';
const tracker = createTracker({
ingestEndpoint: '/api/stepstitch/v1/session',
profile: 'financial-services-enterprise',
});
tracker.start(); // OFF until consent; honors GPC/DNT2. Deploy the service
One container with a Postgres database. Railway, Docker, or your own Kubernetes.
# Railway: deploys the Dockerfile + Postgres
railway up# Or build the image yourself
docker build -t stepstitch .
docker run -p 8000:8000 \
-e DATABASE_URL=... \
-e STEPSTITCH_ADMIN_TOKEN=... \
-e STEPSTITCH_INGEST_TOKEN=... \
-e STEPSTITCH_PROFILE=financial-services-enterprise \
stepstitch3. Pick a privacy profile
A profile can only tighten the privacy boundary, never loosen it. Drift is guarded by a named test.
financial-services-enterprise
Default. Free text scrubbed (280 chars), forbidden keys dropped and reported.
healthcare-strict
HIPAA posture. Free text disabled; forbidden keys rejected with 422.
internal-enterprise
Internal tools. Longer notes scrubbed, forbidden keys dropped.
open-source-default
Open-source projects. Scrub + drop, relaxed retention.
Optional: the MCP connector
Expose the eight read-only and draft tools to any agent network.
pip install 'stepstitch-service[mcp]'
export STEPSTITCH_BASE_URL="https://stepstitch.internal/api/stepstitch/v1"
export STEPSTITCH_TOKEN="<admin-bearer>"
python -m stepstitch_service.mcp_cli