GitHunt
TR

TracecatHQ/tracecat

Open source AI automation platform for security teams.

agentsautomationevent-drivenfastapillmlow-codemonitoringnextjsopenapiorchestrationpydanticsecuritytemporalioworkflow-engine
The open source AI automation platform for security teams.

Open source AI automation platform for security teams.


Commits
License
Discord

Introduction

Tracecat is the open source AI platform for security teams.
It includes everything security teams need to automate work: agents, workflows, case management, and over 100+ integrations.

Purpose-built for agents and (human) builders:

  • Visual builder: build custom agents and workflows with a simple, intuitive UI
  • Tracecat MCP: build and run agents and workflows from your own harness (e.g. Claude code, Codex)
  • Code-native: sync custom Python scripts from your Git repo into Tracecat
  • Self-host anywhere: Docker, Kubernetes, AWS Fargate.

Sandboxed-by-default with nsjail and run on Temporal for security, reliability, and scale.

Features

Key Capabilities

  • Agents: build custom agents with prompts, tools, chat, and any MCP server (remote HTTP / OAuth or local via npx / uvx commands)
  • Workflows: low-code builder with complex control flow (if-conditions, loops) and durable execution (Temporal)
  • Case management: track, automate, and resolve work items with agents and workflows
  • Integrations: over 100+ pre-built connectors to enterprise tools via HTTP, SMTP, gRPC, OAuth, and more
  • MCP server: work with Tracecat through your own agent harness
  • Custom registry: turn custom Python scripts into agent tools and workflow steps

Other OSS Highlights

  • Sandboxed: run untrusted code and agents within nsjail sandboxes or pid runtimes.
  • Lookup tables: store and query structured data
  • Variables: reuse values across workflows and agents
  • No SSO tax: SAML / OIDC support
  • Audit logs: exportable into your SIEM

Enterprise Edition

  • Fine-grained access control: RBAC, ABAC, OAuth2.0 scopes for humans and agents
  • Human-in-the-loop: review and approve sensitive tools calls from a unified inbox, Slack, or email
  • Workflow version control: sync to GitHub, GitLab, Bitbucket, etc.
  • Metrics and monitoring: for workflows, agents, and cases

Getting Started

Important

Tracecat is in active development. Review the release changelog before updating.

Self-hosting

Run Tracecat locally

Deploy a local Tracecat stack using Docker Compose. View full instructions here.

# Setup environment variables and secrets
curl -o env.sh https://raw.githubusercontent.com/TracecatHQ/tracecat/1.0.0-beta.15/env.sh
curl -o .env.example https://raw.githubusercontent.com/TracecatHQ/tracecat/1.0.0-beta.15/.env.example
chmod +x env.sh && ./env.sh

# Download Caddyfile
curl -o Caddyfile https://raw.githubusercontent.com/TracecatHQ/tracecat/1.0.0-beta.15/Caddyfile

# Download Docker Compose file
curl -o docker-compose.yml https://raw.githubusercontent.com/TracecatHQ/tracecat/1.0.0-beta.15/docker-compose.yml

# Start Tracecat
docker compose up -d

Cloud deployments

For production deployments, check out one of the following IaaC (Infrastructure as Code) options:

Tech Stack

  • Backend: Python with FastAPI, SQLAlchemy, Pydantic, uv
  • Frontend: Next.js with TypeScript, React Query, Shadcn UI
  • Durable workflows and jobs: Temporal
  • Sandbox: nsjail
  • Database: PostgreSQL
  • Object store: S3-compatible

Open Source vs Enterprise

This repo is available under the AGPL-3.0 license with the following exceptions:

  • packages/tracecat-ee directory is under Tracecat's paid EE (Enterprise Edition) license.
  • deployments/helm and deployments/eks directory is under the source available PolyForm Shield License. This allows you to use the Tracecat Helm chart and EKS deployment templates for internal use only.
  • Any code that gates ee features across the repo

Code that fall under the above exceptions must not be redistributed, sold, or otherwise commercialized without permission.

If you are interested in Tracecat's Enterprise License or managed Cloud offering, check out our website or book a meeting with us.

Community

Have questions? Feedback? Come hang out with us in the Tracecat Community Discord.

Contributors

Thank you all our amazing contributors for contributing code, integrations, docs, and support. Open source is only possible because of you.
Check out our Contribution Guide for more information.



Tracecat is distributed under AGPL-3.0

Languages

Python63.1%TypeScript33.7%HCL1.8%SCSS0.6%Shell0.4%Go Template0.2%Dockerfile0.1%JavaScript0.1%Just0.0%CSS0.0%Mako0.0%
GNU Affero General Public License v3.0
Created February 27, 2024
Updated March 10, 2026