TREK
TREK is a self-hosted travel planner with real-time collaboration, interactive maps, budgeting, packing lists, and a journal. It supports PWA installation, SSO/2FA/passkeys, and runs on Docker. The application emphasizes user control via self-hosting and includes an AI interface (MCP) for automation.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | mauriceboe/TREK |
| Owner | mauriceboe |
| Primary language | TypeScript |
| License | AGPL-3.0 — OSI-approved |
| Stars | 9.5k |
| Forks | 791 |
| Open issues | 32 |
| Latest release | v3.2.1 (2026-07-05) |
| Last updated | 2026-07-07 |
| Source | https://github.com/mauriceboe/TREK |
What TREK is
TypeScript-based web application with WebSocket real-time sync, Leaflet/Mapbox GL maps, Service Worker offline support, and a built-in MCP server (OAuth 2.1) for AI integration. Deployable via Docker with SQLite or PostgreSQL backend, optional Immich/Synology photo integration, and multi-currency expense tracking.
Get the TREK source
Clone the repository and explore it locally.
git clone https://github.com/mauriceboe/TREK.gitcd TREK# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- AGPL-3.0 requires source availability of any network-served modifications; confirm internal modification policy before deployment.
- Encryption key (ENCRYPTION_KEY env var) is critical; establish key rotation, backup, and escrow procedures to avoid data loss.
- Real-time WebSocket sync depends on network stability; behind high-latency or unreliable proxies, latency/dropped events may degrade UX.
- Addon architecture (cost tracking, collaboration, AI/MCP) must be explicitly enabled; plan which addons suit your use case to avoid feature surprise.
- Multi-currency and Splitwise-style expense splitting require clear accounting practices; document settlement workflows with teams.
When to avoid it — and what to weigh
- Proprietary backend integrations required — TREK is AGPL-3.0 licensed; any proprietary modifications or embedded deployment require source disclosure or commercial license negotiation (not evident in repo).
- Zero operational overhead or SaaS-only preference — Self-hosting demands infrastructure provisioning, Docker/Kubernetes knowledge, backup management, and ongoing maintenance. No official managed SaaS offering is mentioned.
- Compliance-heavy regulated environments without code audit — Audit trail clarity, compliance certifications (SOC 2, HIPAA, GDPR data processing), and formal security assessment are not documented. Enterprise contracts unknown.
- Lightweight document management or high-volume file storage — Document uploads capped at 50 MB per file with unclear total storage scaling. Not designed for archival-grade record management.
License & commercial use
TREK is licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring that any modifications or network service deployment disclose source code under the same license. Proprietary use or closed-source deployment is not permitted without an explicit commercial license agreement.
Requires careful review. AGPL-3.0 is not a permissive open-source license. Running TREK for internal use or as a service to customers likely triggers source disclosure obligations. No commercial license grant or exception is evident in the provided data. Organizations with proprietary requirements should contact the author (mauriceboe) or legal counsel before deployment.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
TREK implements 2FA (TOTP + backup codes), passkey/WebAuthn, and SSO (OIDC). Encryption key management is operator responsibility. Real-time WebSocket sync and multi-user access require network-level security (HTTPS, TLS). MCP/OAuth 2.1 scope granularity (27 scopes) suggests thoughtful permission design. No independent security audit, penetration test results, or vulnerability disclosure policy are documented. File upload (50 MB cap) and email/webhook notification channels should be validated for injection risk.
Alternatives to consider
Wanderlog (SaaS)
Proprietary, cloud-hosted travel planner with similar features (maps, budgets, collaboration) but managed infrastructure and no self-hosting option. Better for teams avoiding operational overhead; worse for privacy/compliance.
Google Maps + Sheets
Free, no-install alternative for lightweight trip coordination and expense tracking. Lacks real-time sync, offline PWA, and native collaboration UX; suitable only for simple, synchronous workflows.
Nextcloud + Plugins (Deck, Calendar, Files)
Open-source self-hosted suite supporting task management, calendaring, and file sharing. Less specialized for travel; requires manual integration of maps and budgets but offers tighter privacy/compliance control under AGPLv3 or AGPL-compatible licenses.
Build on TREK with DEV.co software developers
Start with the Docker quick-start (30 seconds), review AGPL-3.0 obligations with legal, test SSO/MCP integration, and plan encryption key management. Confirm team collaboration needs align with real-time WebSocket architecture.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
TREK FAQ
Can TREK be used in a commercial product or service?
Is there a managed hosting option or official SaaS?
What happens if I lose the ENCRYPTION_KEY?
Does TREK work offline?
Software development & web development with DEV.co
Need help beyond evaluating TREK? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.
Evaluate TREK for your travel coordination or self-hosted deployment?
Start with the Docker quick-start (30 seconds), review AGPL-3.0 obligations with legal, test SSO/MCP integration, and plan encryption key management. Confirm team collaboration needs align with real-time WebSocket architecture.