Esta página se muestra en inglés. Una traducción al español está en curso.
SkillsMay 12, 2026·2 min de lectura

Tracecat — Agentic Security Automation

Tracecat is an open-source security automation platform for teams and AI agents, built on Temporal with sandboxed tool runs and a self-hostable UI.

Listo para agents

Instalación lista para agent

Este activo puede instalarse después de elegir el runtime, revisar el plan y ejecutar el comando correspondiente.

Native · 98/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
Asset
Comando de instalación directa
npx -y tokrepo@latest install 8fd01781-6354-57c3-b940-16170d3816b4 --target codex

Ejecutar después de confirmar el plan con dry-run.

Introducción

Tracecat is an open-source security automation platform for teams and AI agents, built on Temporal with sandboxed tool runs and a self-hostable UI.

  • Best for: Security engineering, SOC automation, and agent-driven playbooks
  • Works with: Docker Compose; Temporal; PostgreSQL; integrates with MCP servers (per README)
  • Setup time: 30–90 minutes

Practical Notes

  • GitHub: 3,598 stars · 359 forks; pushed 2026-05-12 (verified via GitHub API).
  • Repo includes docker-compose.dev.yml + docker-compose.local.yml and a justfile wrapper for common workflows.
  • Per README: sandboxed-by-default with nsjail and durable workflows on Temporal.

Main

A practical adoption path:

  1. Start with one playbook. Pick a repeatable task (phishing triage, IOC enrichment, alert dedupe) and model it as a workflow.
  2. Gate “risky tools.” Put human approval in front of actions that touch production systems or customer data.
  3. Version your scripts. Use the code-native registry idea: keep custom Python tools in Git and sync them into Tracecat.
  4. Treat MCP servers as dependencies. Prefer a small, curated set of MCP servers and pin their configs for reproducibility.

If you run this on developer laptops, keep secrets in env vars and rotate them often; for production, use a dedicated environment and audited credentials.

FAQ

Q: Do I need Kubernetes? A: No. The repo ships multiple Docker Compose files; Kubernetes is optional for production scaling.

Q: Can it run untrusted code safely? A: README says it uses nsjail sandboxes by default; still treat inputs as untrusted and apply least privilege.

Q: How do agents interact with it? A: Per README: you can build prompt-to-automations from your own agent harness, and tools can integrate with MCP servers.

🙏

Fuente y agradecimientos

Source: https://github.com/TracecatHQ/tracecat > License: AGPL-3.0 > GitHub stars: 3,598 · forks: 359

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados