DEV.co
Open-Source DevOps · mauriceboe

TREK

TREK is a self-hosted travel planner with real-time collaboration, interactive maps, budgeting, packing lists, and a journal. It supports PWA installation, SSO/2FA/passkeys, and runs on Docker. The application emphasizes user control via self-hosting and includes an AI interface (MCP) for automation.

Source: GitHub — github.com/mauriceboe/TREK
9.5k
GitHub stars
791
Forks
TypeScript
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorymauriceboe/TREK
Ownermauriceboe
Primary languageTypeScript
LicenseAGPL-3.0 — OSI-approved
Stars9.5k
Forks791
Open issues32
Latest releasev3.2.1 (2026-07-05)
Last updated2026-07-07
Sourcehttps://github.com/mauriceboe/TREK

What TREK is

TypeScript-based web application with WebSocket real-time sync, Leaflet/Mapbox GL maps, Service Worker offline support, and a built-in MCP server (OAuth 2.1) for AI integration. Deployable via Docker with SQLite or PostgreSQL backend, optional Immich/Synology photo integration, and multi-currency expense tracking.

Quickstart

Get the TREK source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/mauriceboe/TREK.gitcd TREK# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Team travel planning with offline-first PWA

Multi-user trip coordination with instant WebSocket sync, offline tile caching, and installable iOS/Android support—ideal for group travel where connectivity is sporadic.

Privacy-focused self-hosted travel management

Organizations or individuals requiring on-premises data control can self-host TREK on their infrastructure, avoiding SaaS vendor lock-in and third-party data exposure.

AI-driven travel automation and trip summarization

MCP server with 150+ tools and granular OAuth scopes allows AI assistants to autonomously create trips, optimize itineraries, manage budgets, and generate trip summaries via LLM prompts.

Implementation considerations

  • AGPL-3.0 requires source availability of any network-served modifications; confirm internal modification policy before deployment.
  • Encryption key (ENCRYPTION_KEY env var) is critical; establish key rotation, backup, and escrow procedures to avoid data loss.
  • Real-time WebSocket sync depends on network stability; behind high-latency or unreliable proxies, latency/dropped events may degrade UX.
  • Addon architecture (cost tracking, collaboration, AI/MCP) must be explicitly enabled; plan which addons suit your use case to avoid feature surprise.
  • Multi-currency and Splitwise-style expense splitting require clear accounting practices; document settlement workflows with teams.

When to avoid it — and what to weigh

  • Proprietary backend integrations required — TREK is AGPL-3.0 licensed; any proprietary modifications or embedded deployment require source disclosure or commercial license negotiation (not evident in repo).
  • Zero operational overhead or SaaS-only preference — Self-hosting demands infrastructure provisioning, Docker/Kubernetes knowledge, backup management, and ongoing maintenance. No official managed SaaS offering is mentioned.
  • Compliance-heavy regulated environments without code audit — Audit trail clarity, compliance certifications (SOC 2, HIPAA, GDPR data processing), and formal security assessment are not documented. Enterprise contracts unknown.
  • Lightweight document management or high-volume file storage — Document uploads capped at 50 MB per file with unclear total storage scaling. Not designed for archival-grade record management.

License & commercial use

TREK is licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring that any modifications or network service deployment disclose source code under the same license. Proprietary use or closed-source deployment is not permitted without an explicit commercial license agreement.

Requires careful review. AGPL-3.0 is not a permissive open-source license. Running TREK for internal use or as a service to customers likely triggers source disclosure obligations. No commercial license grant or exception is evident in the provided data. Organizations with proprietary requirements should contact the author (mauriceboe) or legal counsel before deployment.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

TREK implements 2FA (TOTP + backup codes), passkey/WebAuthn, and SSO (OIDC). Encryption key management is operator responsibility. Real-time WebSocket sync and multi-user access require network-level security (HTTPS, TLS). MCP/OAuth 2.1 scope granularity (27 scopes) suggests thoughtful permission design. No independent security audit, penetration test results, or vulnerability disclosure policy are documented. File upload (50 MB cap) and email/webhook notification channels should be validated for injection risk.

Alternatives to consider

Wanderlog (SaaS)

Proprietary, cloud-hosted travel planner with similar features (maps, budgets, collaboration) but managed infrastructure and no self-hosting option. Better for teams avoiding operational overhead; worse for privacy/compliance.

Google Maps + Sheets

Free, no-install alternative for lightweight trip coordination and expense tracking. Lacks real-time sync, offline PWA, and native collaboration UX; suitable only for simple, synchronous workflows.

Nextcloud + Plugins (Deck, Calendar, Files)

Open-source self-hosted suite supporting task management, calendaring, and file sharing. Less specialized for travel; requires manual integration of maps and budgets but offers tighter privacy/compliance control under AGPLv3 or AGPL-compatible licenses.

Software development agency

Build on TREK with DEV.co software developers

Start with the Docker quick-start (30 seconds), review AGPL-3.0 obligations with legal, test SSO/MCP integration, and plan encryption key management. Confirm team collaboration needs align with real-time WebSocket architecture.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

TREK FAQ

Can TREK be used in a commercial product or service?
Not without explicit agreement. AGPL-3.0 requires source disclosure for any network-delivered service. A commercial license may exist (not detailed here); contact the author or legal counsel.
Is there a managed hosting option or official SaaS?
Not mentioned in the repository. TREK is positioned as self-hosted only. Demo at demo.liketrek.com is present, but no commercial hosting tier is advertised.
What happens if I lose the ENCRYPTION_KEY?
Unknown—no disaster recovery or key escrow procedure is documented. Data encrypted with that key may be unrecoverable. Establish backup and key management protocols before production.
Does TREK work offline?
Partial: PWA with Service Worker caches tiles and API responses. Full offline editing is not documented; syncing resumes when connectivity is restored via WebSocket.

Software development & web development with DEV.co

Need help beyond evaluating TREK? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.

Evaluate TREK for your travel coordination or self-hosted deployment?

Start with the Docker quick-start (30 seconds), review AGPL-3.0 obligations with legal, test SSO/MCP integration, and plan encryption key management. Confirm team collaboration needs align with real-time WebSocket architecture.