OpenNVR
Bring AI to the Edge. Own Your Security. Deploy Anywhere.
An AI-powered, zero-trust network video recorder with integrated intrusion detection, edge inference, and hardware-accelerated streaming — built for critical infrastructure, research, and enterprise surveillance.
AI-First Architecture
YOLOv11, InsightFace, BLIP, OWL-ViT built in. Access 100,000+ Hugging Face models. Plug any PyTorch or ONNX model in 30 minutes.
Zero-Trust Security
Cameras on non-routable VLANs, integrated Suricata IDS, JWT-authenticated streams, AES-256 encrypted credential vault.
Offline-First Edge
Full operation without cloud connectivity. All AI inference, recording, and access control runs locally on your hardware.
100% Open Source
AGPL v3 licensed. Full source transparency, no hidden telemetry, no vendor lock-in. Deploy on your infrastructure forever.
Not Just an NVR.
A Security Intelligence Platform.
OpenNVR combines professional network video recording, real-time AI inference, zero-trust networking, and compliance tooling into a single self-hosted platform.
Universal Camera Support
Full ONVIF discovery, RTSP ingestion, automatic credential encryption, and PTZ control. Tested with 100+ simultaneous streams including Hikvision and all ONVIF-compliant devices.
Edge AI Inference Engine
Dedicated KAI-C orchestration layer runs YOLOv8 person detection, YOLOv11 person counting, InsightFace biometrics, BLIP scene description, and OWL-ViT zero-shot detection — entirely on-device.
Integrated Suricata IDS
Built-in network intrusion detection scans all internal traffic. Detects malware lateral movement, unauthorized scanning, and camera exploit attempts in real time.
Hardware-Accelerated Streaming
MediaMTX powers WebRTC (sub-100ms LAN latency) and HLS output with automatic multi-relay scaling for poor-network conditions. NVIDIA GPU acceleration supported.
Flexible Recording & Storage
Continuous, scheduled, and AI-triggered recording. S3-compatible cloud storage, configurable retention policies, segment-based indexing, and multi-day timeline playback.
Zero-Trust Network Architecture
Cameras isolated on non-routable VLANs — hardware feeds are mathematically unreachable from the public internet. JWT JWKS endpoint validates every stream token at the media layer.
Granular RBAC & Audit
Admin, Operator, and Viewer roles with per-camera permission matrices. Mandatory MFA, automated JWT rotation, and complete audit logs exportable to CSV for compliance.
Modular Plugin Architecture
AI engine and video server are fully decoupled — a crashing AI model never drops a camera stream. Disable 100 models: zero memory overhead. Lazy-load only what you use.
Cloud AI Overflow
One-parameter switch sends inference to Hugging Face Inference API when local compute is saturated. Per-user call quotas and circuit breakers prevent runaway costs.
100,000+ Models.
Zero Vendor Lock-In.
OpenNVR ships with a built-in suite of production-ready AI models and connects to the entire Hugging Face ecosystem. Run everything locally, burst to cloud, or both.
Person Detection
Backend: ONNX Runtime
Speed: ~50ms CPU / <30ms GPU
Person Counting
Backend: PyTorch
Speed: Higher accuracy
Face Recognition & Biometrics
Backend: Buffalo-L model
Speed: ~100ms CPU / <50ms GPU
Scene Description
Backend: Salesforce BLIP
Speed: ~1.5s CPU / ~500ms GPU
Zero-Shot Object Detection
Backend: Hugging Face
Speed: Custom labels, no training
Bring Your Own Model
Plug any PyTorch, ONNX, or REST-based model in under 30 minutes using the BaseAdapter interface.
Research-Backed.
Built to Neutralise Real Threats.
OpenNVR was developed as a direct response to critical vulnerabilities documented in commercial IP camera systems — exposed streams, weak auth, unencrypted credentials, and no intrusion detection.
Non-Routable Camera VLANs
Camera networks have no routable path to the public internet. Hardware feeds are physically isolated from external access by design.
Integrated Suricata IDS
Real-time intrusion detection scans internal network traffic for lateral movement, port scanning, and known exploit signatures.
AES-256 Credential Vault
All camera passwords, API keys, and secrets encrypted at rest. Separate CREDENTIAL_ENCRYPTION_KEY never stored alongside data.
JWT Stream Authentication
Every RTSP/WebRTC/HLS stream requires a signed JWT. MediaMTX validates tokens via the backend JWKS endpoint — no token, no stream.
Per-Camera RBAC
Permissions are granted at the camera level per user action: view, record, configure, delete. Viewer accounts cannot affect recordings.
MFA & Audit Logging
Mandatory TOTP-based MFA for all admin accounts. Every action — login, config change, recording access — is logged with IP and user-agent.
Compliance Reports
Recording coverage by camera and date, system uptime statistics, user access history — all exportable to CSV for ISO 27001 / GDPR audits.
Automated JWT Rotation
Stream authentication tokens rotate automatically. Stale tokens from captured traffic cannot be replayed to access live streams.
Threats Directly Mitigated
Any Camera. Any Protocol.
Full Control.
OpenNVR discovers and connects to cameras automatically via ONVIF UDP broadcast, resolves RTSP URIs from media profiles, and encrypts all credentials in the vault the moment they are saved.
- ONVIF device discovery with UDP broadcast cache
- Automatic RTSP stream URI resolution from profiles
- Hikvision HTTP Digest + WS-Security dual auth support
- Pan-Tilt-Zoom control with preset save / load / delete
- 100+ simultaneous streams tested
- Main stream (high quality) + substream (low bandwidth) per camera
- Real-time online / offline / degraded status with streaming validation
- VLAN isolation — cameras on non-routable segments by design
Streaming Protocols
Recording Modes
Performance
100+
Concurrent streams
<100ms
WebRTC LAN latency
~30ms
YOLOv8 GPU inference
~1 GB
Per camera per day
Bring Your Own AI Model — In 30 Minutes
The AI Adapter clean architecture makes it trivial to plug any model — HuggingFace, your own research, or a commercial vendor API — without touching core routing logic.
from .base_adapter import BaseAdapter
import onnxruntime as ort
class YourModelAdapter(BaseAdapter):
def __init__(self, model_path: str):
super().__init__(model_path)
self.session = ort.InferenceSession(model_path)
def get_supported_tasks(self):
return ["your_custom_task"]
def infer_local(self, task, input_data):
frame = self.load_image(input_data["frame"]["uri"])
result = self._run_model(frame)
return {"detections": result}CONFIG = {
"adapters": {
"your_model_adapter": {
"enabled": True,
"weights_path": "weights/your_model.onnx"
}
},
"routing": {
"your_custom_task": "your_model_adapter"
},
"warmup": ["your_model_adapter"] # pre-load on startup
}# Start the AI adapter microservice
uvicorn adapter.main:app --reload --port 9100
# Test inference
curl -X POST http://localhost:9100/infer \
-H "Content-Type: application/json" \
-d '{
"task": "your_custom_task",
"input": {"frame": {"uri": "kavach://frames/camera_0/latest.jpg"}}
}'Fits Into Your Existing Stack
OpenNVR ships with native integrations for alerting, cloud storage, metrics, and messaging — no middleware required.
Slack
Detection event alerts to channels
Microsoft Teams
Incident notifications to Teams
Webhooks
Generic HTTP POST for any event
MQTT
Publish detection events to broker
S3 / MinIO
Cloud recording storage upload
Prometheus
Metrics export for monitoring
Syslog
System event forwarding
Email / SMTP
Alerting and compliance reports
From Home Lab to Enterprise Cluster
Docker Compose for single-node deployments. Kubernetes-ready for horizontal scaling. S3-backed storage for unlimited retention.
Minimum (1–5 cameras)
- 4-core CPU
- 8 GB RAM
- 1 TB storage
- Docker Compose
- No GPU required
Recommended (10–20 cameras + AI)
- 6+ core CPU
- 16 GB RAM
- 1 TB+ SSD
- NVIDIA RTX 4060+
- Docker Compose / K8s
Enterprise (100+ cameras)
- 16+ core / dual-socket
- 32–64 GB RAM
- NAS or S3 (10 TB+)
- Multi NVIDIA A100/H100
- Kubernetes cluster
Tech Stack
- Backend: Python 3.11 + FastAPI
- Frontend: React + Vite + Tailwind
- Media: MediaMTX (WebRTC/HLS)
- AI: KAI-C + Adapter microservice
- DB: PostgreSQL 15 + Alembic
2-Minute Docker Quick Start
Everything runs in Docker. One command spins up the API, frontend, database, AI adapter, and media server.
# 1. Copy environment defaults
cp .env.docker .env
# 2. Start all services
docker compose up -d
# 3. Open in browser
http://localhost:8000
# admin / SecurePass123!Own Your Surveillance Infrastructure.
No Subscriptions. No Vendor Cloud.
OpenNVR is fully open source, self-hosted, and built for environments where security and data sovereignty are non-negotiable.