Keploy shipped 13 release events in 30 days, and the interesting part is not the count alone. The April release notes are packed with replay, proxy, Postgres, gRPC, TLS, mock-window, and runner fixes. That points to a team grinding on determinism, not just shipping surface-area features.

Keploy positions itself as an AI-powered API, integration, and unit testing agent. Its GitHub README describes a developer-centric API and integration testing tool that records API calls, database queries, and streaming events, then replays them as tests. The repo description is tighter: an open-source platform for creating safe, isolated production sandboxes for API, integration, and E2E testing.

The ToolVitals data backs up the activity story. Keploy has 17,367 GitHub stars, 30 GitHub releases in 90 days, a 100 shipping score, a 95 health score, and a 96 ToolVitals score. It is Apache-2.0 and classified by ToolVitals as OSI-approved OSS.

The signal: replay systems are messy, and Keploy is fixing the messy parts

The v3.5.4 through v3.5.11 releases cluster around one theme: making captured traffic replay correctly under awkward real-world conditions.

v3.5.4 included a Postgres V3 cell schema change and a supervisor fix for session-window buffering. v3.5.6 added Postgres V3 record and replay fixes, moved compose DNS settings to keploy-agent, and added AGENTS.md plus Claude Code skills for agent-assisted contribution. v3.5.8 and v3.5.9 repeated fixes around a Postgres TLS-upgrade race, gRPC capture timestamps, and a CLI runtime-override hook. v3.5.10 kept going with TLS relay timestamp preservation and gRPC response stamping. v3.5.11 fixed upstream certificate verification behavior on destination-side TLS.

That is not glamorous work. It is the stuff that decides whether record and replay testing is trusted or quietly disabled after the third flaky run.

The product bet is clear. Keploy wants to turn real traffic into usable tests and mocks across APIs, databases, queues, and external dependencies. Its own README says it uses eBPF to capture traffic at the network layer, with no SDK required. If that model works, teams get tests from behavior instead of asking every service owner to hand-write fragile integration fixtures.

The April release stream suggests Keploy is still deep in protocol edge cases. That is normal for this category. Postgres TLS, gRPC timing, parser fallback, and mock lifetime are exactly where replay tools either mature or become demos.

One caveat on the open-source story

ToolVitals marks Keploy as OSI-approved OSS under Apache-2.0, and GitHub reports Apache-2.0 for the repository. That supports calling Keploy open source.

There is also a nuance in v3.5.6: the release notes mention changing install.sh to default to Keploy with paid features, with an —oss opt-out. ToolVitals does not track hosted pricing for this payload, so this post should not infer a full commercial packaging model from that line alone. The conservative read is simple: the repo is Apache-2.0, while at least one installer change references paid-feature packaging.

What ToolVitals cannot infer

ToolVitals can see public activity signals. For Keploy, that means stars, releases, release cadence, health score, shipping score, license signal, website availability, and the public text of release notes.

ToolVitals cannot tell you whether Keploy will fit your CI constraints. It cannot measure replay accuracy on your services. It cannot verify code quality, user satisfaction, enterprise adoption, revenue, support speed, or whether the AI-generated coverage claims hold for your stack.

The April data says Keploy is alive and shipping hard. It does not prove the product will work cleanly against your database drivers, TLS setup, queue traffic, or test isolation rules.

Keploy is smaller than the giant developer-tool projects in this slice, but it is not quiet. LangChain has 137,322 stars and 18 release events in 30 days. Keploy has 17,367 stars and 13 release events in 30 days. That is a lower star base, but similar short-term shipping intensity.

React Email is a closer star comparison at 19,212 stars, with 19 release events in 30 days. Keploy trails it on release count, but both show a 100 shipping score in the ToolVitals payload.

n8n has 189,099 stars and 41 release events in 30 days, but it is fair-code, not OSI-approved open source. Keploy is OSI-approved OSS under Apache-2.0, which matters if your team has strict license gates.

Recommendation

If your team owns API-heavy services and spends too much time maintaining integration fixtures, evaluate Keploy against one ugly service, not a toy app. Pick a service with Postgres or gRPC, TLS, and at least one external dependency. Record real flows, replay them in CI, then count false failures.

If the replay output is stable, Keploy deserves a deeper look because the public release stream shows the team is attacking the exact protocol-level problems that make this category hard. If it flakes on your stack, the ToolVitals data still tells you something useful: this is an active project, so a focused bug report has a better shot than it would in a quieter repo.

Sources