MCPcopy
hub / github.com/TracecatHQ/tracecat

github.com/TracecatHQ/tracecat @1.0.0 sqlite

repository ↗ · DeepWiki ↗ · release 1.0.0 ↗
16,408 symbols 79,490 edges 1,993 files 7,665 documented · 47%
README
<img src="https://github.com/TracecatHQ/tracecat/raw/1.0.0/img/banner-light.svg" alt="The AI-native security automation platform.">






The AI-native security automation platform.

Commits License Discord

Introduction

Tracecat is the AI automation platform for built for security teams and agents.

  • Prompt-to-automations: build end-to-end automations with agents, workflows, cases, and tables from your own agent harness (e.g. Claude code, Codex, OpenCode).
  • Code-native: sync custom Python scripts from your Git repo into Tracecat.
  • All-in-one: agents, workflows, lookup tables, and case management. Everything technical teams need to automate work in one place.
  • Self-host anywhere: Docker, Kubernetes, AWS Fargate.

Sandboxed-by-default with nsjail and run on Temporal for security, reliability, and scale.

Features

[!IMPORTANT] Tracecat is in active development. Review the release changelog before updating.

Key Capabilities

  • Agents: build custom agents with prompts, tools, chat, and any MCP server (remote HTTP / OAuth or local via npx / uvx commands)
  • Workflows: low-code builder with complex control flow (if-conditions, loops) and durable execution (Temporal)
  • Case management: track, automate, and resolve work items with agents and workflows
  • Integrations: over 100+ pre-built connectors to enterprise tools via HTTP, SMTP, gRPC, OAuth, and more
  • MCP server: work with Tracecat through your own agent harness
  • Custom registry: turn custom Python scripts into agent tools and workflow steps

Other OSS Highlights

  • Sandboxed: run untrusted code and agents within nsjail sandboxes or pid runtimes.
  • Lookup tables: store and query structured data
  • Variables: reuse values across workflows and agents
  • No SSO tax: SAML / OIDC support
  • Audit logs: exportable into your SIEM

Enterprise Edition

  • Fine-grained access control: RBAC, ABAC, OAuth2.0 scopes for humans and agents
  • Human-in-the-loop: review and approve sensitive tools calls from a unified inbox, Slack, or email
  • Workflow version control: sync to GitHub, GitLab, Bitbucket, etc.
  • Metrics and monitoring: for workflows, agents, and cases

Tech Stack

  • Backend: Python with FastAPI, SQLAlchemy, Pydantic, uv
  • Frontend: Next.js with TypeScript, React Query, Shadcn UI
  • Durable workflows and jobs: Temporal
  • Sandbox: nsjail
  • Database: PostgreSQL
  • Object store: S3-compatible

Open Source vs Enterprise

This repo is available under the AGPL-3.0 license with the following exceptions:

  • packages/tracecat-ee directory is under Tracecat's paid EE (Enterprise Edition) license.
  • deployments/k8s is a git submodule under the source available PolyForm Shield License. It contains the Tracecat Helm chart and EKS deployment templates for internal use only, and its chart releases are published from that repo to public ECR.
  • Any code that gates ee features across the repo

Code that fall under the above exceptions must not be redistributed, sold, or otherwise commercialized without permission.

If you are interested in Tracecat's Enterprise License or managed Cloud offering, check out our website or book a meeting with us.

Community

Have questions? Feedback? Come hang out with us in the Tracecat Community Discord.

Contributors

Thank you all our amazing contributors for contributing code, integrations, docs, and support. Open source is only possible because of you. Check out our Contribution Guide for more information.

Tracecat is distributed under AGPL-3.0

Extension points exported contracts — how you extend this code

CaseFieldTypeOption (Interface)
Options for the case field type picker (SQL types + kind-based semantic types).
frontend/src/components/cases/add-custom-field-dialog.tsx
ClosureRow (Interface)
Row shape for the unified closure requirements table.
frontend/src/components/cases/closure-requirements-view.tsx
ChatReadinessOptions (Interface)
* Are we ready to chat? * Returns { ready, reason, modelInfo } * ready – boolean * reason – "no_model" | "no_cre
frontend/src/lib/hooks.tsx
OnCancel (Interface)
(no doc)
frontend/src/client/core/CancelablePromise.ts
ReactDiffViewerProps (Interface)
(no doc)
frontend/src/types/react-diff-viewer-continued.d.ts

Core symbols most depended-on inside this repo

get
called by 973
tracecat/redis/client.py
get
called by 793
tracecat/agent/llm_proxy/providers.py
append
called by 756
tracecat/agent/stream/connector.py
error
called by 726
tracecat/agent/stream/connector.py
cn
called by 668
frontend/src/lib/utils.ts
info
called by 582
tracecat/dsl/workflow_logging.py
toast
called by 521
frontend/src/components/ui/use-toast.ts
execute
called by 425
tracecat/sandbox/executor.py

Shape

Function 8,491
Method 4,707
Class 2,142
Route 665
Interface 393
Enum 10

Languages

Python80%
TypeScript20%

Modules by API surface

frontend/src/client/services.gen.ts378 symbols
tests/unit/test_mcp_server.py240 symbols
tracecat/mcp/server.py174 symbols
tracecat/expressions/functions.py131 symbols
frontend/src/lib/hooks.tsx127 symbols
tracecat/db/models.py117 symbols
tests/unit/test_functions.py117 symbols
tests/unit/test_tables_service.py100 symbols
tests/registry/test_cases_characterization.py96 symbols
tracecat/cases/schemas.py95 symbols
tests/unit/test_tracecat_llm_proxy.py85 symbols
tests/unit/test_rbac_scopes.py83 symbols

Dependencies from manifests, versioned

@ai-sdk/react2.0.59 · 1×
@biomejs/biome2.0.4 · 1×
@biomejs/cli-darwin-arm642.2.4 · 1×
@codemirror/autocomplete6.19.0 · 1×
@codemirror/commands6.8.1 · 1×
@codemirror/lang-json6.0.2 · 1×
@codemirror/lang-python6.2.1 · 1×
@codemirror/lang-yaml6.1.2 · 1×
@codemirror/lint6.8.5 · 1×
@codemirror/state6.5.2 · 1×
@codemirror/view6.38.4 · 1×

Datastores touched

dbDatabase · 1 repos
(mongodb)Database · 1 repos
(mysql)Database · 1 repos
tracecatDatabase · 1 repos

For agents

$ claude mcp add tracecat \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact