Status: Alpha — this project is under active development and may change without notice.
Openbase is an open-source data analytics and business intelligence platform.
It started from frustration with Metabase limitations, and evolved into a flexible alternative focused on modular dashboards, data source integrations, and practical admin workflows.
Current milestone: v0.1 stabilization (March 2026).
- Editor RBAC with separate editor auth/session handling.
- Controlled PostgreSQL write flows via admin-managed writable tables.
- MySQL and DuckDB data source support (read-only adapters), alongside PostgreSQL/SQLite/MongoDB.
- Security hardening (input sanitization, security headers, request rate limiting, audit logging).
- Optional encryption at rest for data source connection settings.
- AI Chat-assisted dashboarding:
- User provides a natural-language request.
- LLM selects the most suitable saved query/query input.
- LLM recommends and configures the best-fit visualization/module type.
- Guided admin setup (magic link + password) on first run.
- Admin management with session-based authentication.
- Editor RBAC with separate editor users/sessions and scoped dashboard access.
- Controlled PostgreSQL data entry via admin-defined writable tables (INSERT/UPDATE).
- Dashboard editor with drag/resize canvas and configurable modules.
- Configurable text modules (
header,subheader) for sectioning. - Data sources with a browser for tables/collections and rows.
- PostgreSQL, MySQL, DuckDB, SQLite, and MongoDB connectors.
- Public dashboard sharing with tokenized links.
- PDF export for shared dashboards.
- Audit logging for auth and editor write actions.
docker-compose up --buildThen open http://localhost:3000 and complete the setup flow on first run.
-
Install dependencies:
npm install
-
Set the database URL (PostgreSQL required for the app metadata):
export DATABASE_URL=postgres://postgres:postgres@localhost:5432/openbaseOptional environment variables:
# Required to encrypt data source connection configs at rest export OPENBASE_ENCRYPTION_KEY=your-32-byte-key # Base directory for SQLite/DuckDB files (defaults to process cwd) export OPENBASE_DATA_DIR=/workspace
Apply the schema in
db/schema.sqlif you are not using Docker. -
Start the dev server:
npm run dev
-
Before opening a PR, run:
npm run build
-
Run end-to-end tests (Playwright):
npm run test:e2e
- PostgreSQL: URI or host/user/database credentials. Supports query execution, table browsing, and writable-table workflows.
- MySQL: URI or host/user/database credentials. Read-only querying and table browsing.
- DuckDB: File path (or
:memory:). Read-only mode with path validation underOPENBASE_DATA_DIR. - SQLite: Local file path. Read-only mode with path validation under
OPENBASE_DATA_DIR. - MongoDB: Connection URI and database name; collections are listed and browsable.
- Admins manage editors at
/admin/editors. - Admins define writable PostgreSQL tables at
/admin/writable-tables. - Admins assign dashboard/table permissions per editor.
- Editors sign in at
/editor/login, access assigned dashboards at/editor, and perform data entry at/editor/data-entry.
- Recursive API input sanitization for request payloads.
- Security headers (CSP,
X-Content-Type-Options,X-Frame-Options,Referrer-Policy). - In-memory sliding-window rate limiting for login/admin/write/public routes.
- Optional AES-256-GCM encryption for data source connection settings (
OPENBASE_ENCRYPTION_KEY). - Audit log tracking for login/logout and editor write events.
Manual pipeline triggers in /admin/ingestion can call external workers if webhook URLs are configured.
INGESTION_WEBHOOK_BASE_URL: Base URL used as<base>/<pipeline-id>.INGESTION_WEBHOOK_AMAZON_FORECAST_URL: Override URL foramazon-forecast.INGESTION_WEBHOOK_AMAZON_ACTUALS_URL: Override URL foramazon-actuals.INGESTION_WEBHOOK_FORECAST_OUTLIERS_URL: Override URL forforecast-outliers.INGESTION_WEBHOOK_TIMEOUT_MS: Request timeout (default30000).
Worker responses may include { "message": "...", "rowCount": 123 } for ingestion run logs.