WorkflowsMay 12, 2026·2 min read

Tracecat — Agentic Security Automation

Tracecat is an open-source security automation platform for teams and AI agents, built on Temporal with sandboxed tool runs and a self-hostable UI.

Agent Toolkit
Agent Toolkit · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Native · 94/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Cli
Install
Manual
Trust
Trust: Established
Entrypoint
docker compose -f docker-compose.local.yml up
Universal CLI install command
npx tokrepo install 8fd01781-6354-57c3-b940-16170d3816b4
install contractmetadata JSONadapter planraw content
Intro

Tracecat is an open-source security automation platform for teams and AI agents, built on Temporal with sandboxed tool runs and a self-hostable UI.

  • Best for: Security engineering, SOC automation, and agent-driven playbooks
  • Works with: Docker Compose; Temporal; PostgreSQL; integrates with MCP servers (per README)
  • Setup time: 30–90 minutes

Practical Notes

  • GitHub: 3,598 stars · 359 forks; pushed 2026-05-12 (verified via GitHub API).
  • Repo includes docker-compose.dev.yml + docker-compose.local.yml and a justfile wrapper for common workflows.
  • Per README: sandboxed-by-default with nsjail and durable workflows on Temporal.

Main

A practical adoption path:

  1. Start with one playbook. Pick a repeatable task (phishing triage, IOC enrichment, alert dedupe) and model it as a workflow.
  2. Gate “risky tools.” Put human approval in front of actions that touch production systems or customer data.
  3. Version your scripts. Use the code-native registry idea: keep custom Python tools in Git and sync them into Tracecat.
  4. Treat MCP servers as dependencies. Prefer a small, curated set of MCP servers and pin their configs for reproducibility.

If you run this on developer laptops, keep secrets in env vars and rotate them often; for production, use a dedicated environment and audited credentials.

FAQ

Q: Do I need Kubernetes? A: No. The repo ships multiple Docker Compose files; Kubernetes is optional for production scaling.

Q: Can it run untrusted code safely? A: README says it uses nsjail sandboxes by default; still treat inputs as untrusted and apply least privilege.

Q: How do agents interact with it? A: Per README: you can build prompt-to-automations from your own agent harness, and tools can integrate with MCP servers.

🙏

Source & Thanks

Source: https://github.com/TracecatHQ/tracecat > License: AGPL-3.0 > GitHub stars: 3,598 · forks: 359

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Osmedeus — Security Orchestration Engine

Osmedeus is a security orchestration engine with a CLI and workflows for recon and asset inventory—use only on systems you own or are authorized to test.

Workflows
Agent Toolkit

agent-audit — Security Linter for LLM Agents

Run a static security scanner for LLM agents: 53 OWASP Agentic Top 10 rules, prompt-injection checks, and MCP config auditing via agent-audit scan.

CLI Tools
Agent Toolkit

Agentic SOC Platform — LLM-Powered Security Operations

Agentic SOC Platform is an open-source, agent-centric SOC with modules, playbooks, and an incident response UI for local deployment and data control.

Scripts
AI Open Source

Agentic Security — LLM/MCP Red-Team Scanner

Agentic Security is a Python tool to probe LLM apps with attack prompts and run scans; it also ships an MCP server entrypoint for tool-based workflows.

Scripts
Agent Toolkit
Home🔍Search👤Me