https://github.com/tracecathq/tracecat

Open source Tines / Splunk SOAR alternative. All-in-one automation platform (workflows, tables, cases) for security and IT teams.
https://github.com/tracecathq/tracecat

automation cybersecurity event-driven fastapi incident-response llm low-code monitoring nextjs openapi orchestration pydantic security temporalio workflow-engine

Last synced: 20 days ago
JSON representation

Open source Tines / Splunk SOAR alternative. All-in-one automation platform (workflows, tables, cases) for security and IT teams.

• Host: GitHub
• URL: https://github.com/tracecathq/tracecat
• Owner: TracecatHQ
• License: agpl-3.0
• Created: 2024-02-27T06:48:32.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2025-05-10T02:28:58.000Z (11 months ago)
• Last Synced: 2025-05-10T03:36:44.889Z (11 months ago)
• Topics: automation, cybersecurity, event-driven, fastapi, incident-response, llm, low-code, monitoring, nextjs, openapi, orchestration, pydantic, security, temporalio, workflow-engine
• Language: Python
• Homepage: https://tracecat.com
• Size: 49.6 MB
• Stars: 2,627
• Watchers: 24
• Forks: 203
• Open Issues: 31
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

README

          


  

    

    

    

  

  


    The AI-native security automation platform.

  


  






![Commits](https://img.shields.io/github/commit-activity/m/TracecatHQ/tracecat?style=for-the-badge&logo=github&color=6E7ED8)

![License](https://img.shields.io/badge/License-AGPL%203.0-6E7ED8?style=for-the-badge&logo=agpl)

[![Discord](https://img.shields.io/badge/Discord-Join-5865F2?style=for-the-badge&logo=discord&logoColor=white)](https://discord.gg/H4XZwsYzY4)



## Introduction

[Tracecat](https://tracecat.com) is the AI-native automation platform for technical operations.

Purpose-built for agents and open source for builders:

- **Prompt-to-automations**: build end-to-end automations with agents, workflows, and tables from your own agent harness (e.g. Claude code, Codex, OpenCode).

- **Code-native**: sync custom Python scripts from your Git repo into Tracecat.

- **All-in-one**: agents, workflows, lookup tables, and case management. Everything technical teams need to automate work in one place. 

- **Self-host anywhere**: Docker, Kubernetes, AWS Fargate.

Sandboxed-by-default with [`nsjail`](https://github.com/google/nsjail) and run on [Temporal](https://temporal.io) for security, reliability, and scale.

## Features

### Key Capabilities

- **Agents**: build custom agents with prompts, tools, chat, and any MCP server (remote HTTP / OAuth or local via `npx` / `uvx` commands)

- **Workflows**: low-code builder with complex control flow (if-conditions, loops) and durable execution (Temporal)

- **Case management**: track, automate, and resolve work items with agents and workflows

- **Integrations**: over 100+ pre-built connectors to enterprise tools via HTTP, SMTP, gRPC, OAuth, and more

- **MCP server**: work with Tracecat through your own agent harness

- **Custom registry**: turn custom Python scripts into agent tools and workflow steps

### Other OSS Highlights

- **Sandboxed**: run untrusted code and agents within `nsjail` sandboxes or `pid` runtimes.

- **Lookup tables**: store and query structured data

- **Variables**: reuse values across workflows and agents

- **No SSO tax**: SAML / OIDC support

- **Audit logs**: exportable into your SIEM

### Enterprise Edition

- **Fine-grained access control**: RBAC, ABAC, OAuth2.0 scopes for humans and agents

- **Human-in-the-loop**: review and approve sensitive tools calls from a unified inbox, Slack, or email

- **Workflow version control**: sync to GitHub, GitLab, Bitbucket, etc.

- **Metrics and monitoring**: for workflows, agents, and cases

## Getting Started

> [!IMPORTANT]

> Tracecat is in active development. Review the release [changelog](https://github.com/TracecatHQ/tracecat/releases) before updating.

### Self-hosting

### Run Tracecat locally

Deploy a local Tracecat stack using Docker Compose. View full instructions [here](https://docs.tracecat.com/self-hosting/deployment-options/docker-compose).

```bash

# Setup environment variables and secrets

curl -o env.sh https://raw.githubusercontent.com/TracecatHQ/tracecat/1.0.0-beta.15/env.sh

curl -o .env.example https://raw.githubusercontent.com/TracecatHQ/tracecat/1.0.0-beta.15/.env.example

chmod +x env.sh && ./env.sh

# Download Caddyfile

curl -o Caddyfile https://raw.githubusercontent.com/TracecatHQ/tracecat/1.0.0-beta.15/Caddyfile

# Download Docker Compose file

curl -o docker-compose.yml https://raw.githubusercontent.com/TracecatHQ/tracecat/1.0.0-beta.15/docker-compose.yml

# Start Tracecat

docker compose up -d

```

### Cloud deployments

For production deployments, check out one of the following IaaC (Infrastructure as Code) options:

- Kubernetes (Helm chart) under [`deployments/helm`](https://github.com/TracecatHQ/tracecat/tree/main/deployments/helm)

- AWS ECS Fargate (Terraform) under [`deployments/fargate`](https://github.com/TracecatHQ/tracecat/tree/main/deployments/fargate)

- AWS EKS (Terraform) under [`deployments/eks`](https://github.com/TracecatHQ/tracecat/tree/main/deployments/eks)

## Tech Stack

- Backend: Python with FastAPI, SQLAlchemy, Pydantic, uv

- Frontend: Next.js with TypeScript, React Query, Shadcn UI

- Durable workflows and jobs: Temporal

- Sandbox: nsjail

- Database: PostgreSQL

- Object store: S3-compatible

## Open Source vs Enterprise

This repo is available under the [AGPL-3.0 license](https://github.com/TracecatHQ/tracecat/blob/main/LICENSE) with the following exceptions:

- `packages/tracecat-ee` directory is under Tracecat's paid EE (Enterprise Edition) license.

- `deployments/helm` and `deployments/eks` directory is under the source available [PolyForm Shield License](https://polyformproject.org/licenses/shield/1.0.0/). This allows you to use the Tracecat Helm chart and EKS deployment templates for internal use only.

- Any code that gates `ee` features across the repo

Code that fall under the above exceptions must not be redistributed, sold, or otherwise commercialized without permission.

*If you are interested in Tracecat's Enterprise License or managed Cloud offering, check out [our website](https://tracecat.com) or [book a meeting with us](https://cal.com/team/tracecat).*

## Community

Have questions? Feedback? Come hang out with us in the [Tracecat Community Discord](https://discord.gg/H4XZwsYzY4).

## Contributors

Thank you all our amazing contributors for contributing code, integrations, docs, and support. Open source is only possible because of you.

Check out our [Contribution Guide](CONTRIBUTING.md) for more information.



  











  **`Tracecat`** is distributed under [**AGPL-3.0**](https://github.com/TracecatHQ/tracecat/blob/main/LICENSE)