Home/AI Agents/tracecat
tracecat logo

tracecat

Enrichment pending
TracecatHQ/tracecat

Open-source security automation platform for teams and AI agents

GraphCanon updated today · GitHub synced today

3.7k stars389 forksLast push today Python AGPL-3.0

Verify the decision

Maintenance and security

Full trust report
Maintenance
Very active (0d since push)
As of today
Provenance
Not a fork · Organization account
As of today
Security (OSV)
2 low (2 low)
As of today

Public GitHub metadata and optional OSV scans. Signals, not a guarantee. Trust methodology.

Install

pip install tracecat
PyPI

Similar tools

Same-category neighbours. No typed graph edges are catalogued for this tool yet.

Evidence and technical details

Sourced facts, taxonomy, compatibility claims, README excerpt, and machine-readable endpoints.

Overview

Open-source security automation platform for teams and AI agents

Capability facts

Deploy
Self-host

Source: dockerfile:Dockerfile · Jul 15, 2026

Docker
Dockerfile present

Source: dockerfile:Dockerfile · Jul 15, 2026

Languages
python

Source: github.language+pyproject.toml · Jul 15, 2026

Categories

Compatibility

Sourced claims from the README excerpt - not unsourced marketing copy.

Node.js runtimeNode.js

Source: README excerpt (regex_v1, Jul 15, 2026)

ient**: connect custom agents any MCP server (remote HTTP / OAuth or local via `npx` / `uvx` commands)
Source link
Python runtimePython

Source: README excerpt (regex_v1, Jul 15, 2026)

- **Code-native**: sync custom Python scripts from your Git repo into Tracecat.
Source link

Tags

README

The agentic security automation platform.


Introduction

Tracecat is the open source security automation platform for teams and AI agents.

  • Prompt-to-automations: build end-to-end automations with agents, workflows, cases, and tables from your own agent harness (e.g. Claude code, Codex, OpenCode).
  • Code-native: sync custom Python scripts from your Git repo into Tracecat.
  • All-in-one: agents, workflows, lookup tables, and case management. Everything security teams need to automate work in one place.
  • Deployment options: sign up for Tracecat managed Cloud, or self-host with Docker, AWS Fargate, or Kubernetes Helm.

Sandboxed-by-default with nsjail and run on Temporal for security, reliability, and scale.

Features

[!IMPORTANT] Tracecat is in active development. Review the release changelog before updating.

Key Capabilities

  • Agents: build custom agents with prompts, tools, and chat
  • Workflows: low-code builder with complex control flow (if-conditions, loops) and durable execution (Temporal)
  • Case management: track, automate, and resolve work items with agents and workflows
  • Integrations: over 100+ pre-built connectors to enterprise tools via HTTP, SMTP, gRPC, OAuth, and more
  • Tracecat MCP: turns prompts into automations through Claude Code, Codex, Copilot, etc.
  • MCP client: connect custom agents any MCP server (remote HTTP / OAuth or local via npx / uvx commands)
  • Custom registry: turn custom Python scripts into agent tools and workflow steps

Other OSS Highlights

  • Sandboxed: run untrusted code and agents within nsjail sandboxes or pid runtimes.
  • Lookup tables: store and query structured data
  • Variables: reuse values across workflows and agents
  • No SSO tax: SAML / OIDC support
  • Audit logs: exportable into your SIEM

Enterprise Edition

  • Pre-built MCP servers: over 100+ Tracecat hosted MCP servers for security operations
  • Fine-grained access control: RBAC, ABAC, OAuth2.0 scopes for humans and agents
  • Human-in-the-loop: review and approve sensitive tools calls from a unified inbox, Slack, or email
  • Workspace version control: sync workflows, agents, and table schemas to GitHub, GitLab, Bitbucket, etc.
  • Metrics and monitoring: for workflows, agents, and cases

Tech Stack

  • Backend: Python with FastAPI, SQLAlchemy, Pydantic, uv
  • Frontend: Next.js with TypeScript, React Query, Shadcn UI
  • Durable workflows and jobs: Temporal
  • Sandbox: nsjail
  • Database: PostgreSQL
  • Object store: S3-compatible

Open Source vs Enterprise

[!NOTE] Tracecat Enterprise is available as managed Cloud with US or EU hosting, or as a self-hosted deployment with dedicated support. Book a demo today.

This repo is available under the AGPL-3.0 license with the following exceptions:

  • packages/tracecat-ee directory is under Tracecat's paid EE (Enterprise Edition) license.
  • deployments/k8s is a git submodule under the source available PolyForm Shield License. It contains the Tracecat Helm chart and EKS deployment templates for internal use only. The Helm chart is distributed as a private OCI artifact hosted in AWS ECR.
  • Any code that gates ee features across the repo

Code that fall under the above exceptions must not be redistributed, sold, or otherwise commer

For agents

This page has a .md twin and JSON over the API.

Was this helpful?

Anonymous feedback helps us improve pages and translations.