## Introduction
[Tracecat](https://tracecat.com) is the open source security automation platform for teams and AI agents.
- **Prompt-to-automations**: build end-to-end automations with agents, workflows, cases, and tables from your own agent harness (e.g. Claude code, Codex, OpenCode).
- **Code-native**: sync custom Python scripts from your Git repo into Tracecat.
- **All-in-one**: agents, workflows, lookup tables, and case management. Everything technical teams need to automate work in one place.
- **Self-host anywhere**: Docker, Kubernetes, AWS Fargate.
Sandboxed-by-default with [`nsjail`](https://github.com/google/nsjail) and run on [Temporal](https://temporal.io) for security, reliability, and scale.
## Features
> [!IMPORTANT]
> Tracecat is in active development. Review the release [changelog](https://github.com/TracecatHQ/tracecat/releases) before updating.
### Key Capabilities
- **Agents**: build custom agents with prompts, tools, chat, and any MCP server (remote HTTP / OAuth or local via `npx` / `uvx` commands)
- **Workflows**: low-code builder with complex control flow (if-conditions, loops) and durable execution (Temporal)
- **Case management**: track, automate, and resolve work items with agents and workflows
- **Integrations**: over 100+ pre-built connectors to enterprise tools via HTTP, SMTP, gRPC, OAuth, and more
- **MCP server**: work with Tracecat through your own agent harness
- **Custom registry**: turn custom Python scripts into agent tools and workflow steps
### Other OSS Highlights
- **Sandboxed**: run untrusted code and agents within `nsjail` sandboxes or `pid` runtimes.
- **Lookup tables**: store and query structured data
- **Variables**: reuse values across workflows and agents
- **No SSO tax**: SAML / OIDC support
- **Audit logs**: exportable into your SIEM
### Enterprise Edition
- **Fine-grained access control**: RBAC, ABAC, OAuth2.0 scopes for humans and agents
- **Human-in-the-loop**: review and approve sensitive tools calls from a unified inbox, Slack, or email
- **Workflow version control**: sync to GitHub, GitLab, Bitbucket, etc.
- **Metrics and monitoring**: for workflows, agents, and cases
## Tech Stack
- Backend: Python with FastAPI, SQLAlchemy, Pydantic, uv
- Frontend: Next.js with TypeScript, React Query, Shadcn UI
- Durable workflows and jobs: Temporal
- Sandbox: nsjail
- Database: PostgreSQL
- Object store: S3-compatible
## Open Source vs Enterprise
This repo is available under the [AGPL-3.0 license](https://github.com/TracecatHQ/tracecat/blob/main/LICENSE) with the following exceptions:
- `packages/tracecat-ee` directory is under Tracecat's paid EE (Enterprise Edition) license.
- `deployments/k8s` is a git submodule under the source available [PolyForm Shield License](https://polyformproject.org/licenses/shield/1.0.0/). It contains the Tracecat Helm chart and EKS deployment templates for internal use only. The Helm chart is distributed as a private OCI artifact hosted in AWS ECR.
- Any code that gates `ee` features across the repo
Code that fall under the above exceptions must not be redistributed, sold, or otherwise commercialized without permission.
*If you are interested in Tracecat's Enterprise License or managed Cloud offering, check out [our website](https://tracecat.com) or [book a meeting with us](https://cal.com/team/tracecat).*
## Community
Have questions? Feedback? Come hang out with us in the [Tracecat Community Discord](https://discord.gg/H4XZwsYzY4).
## Contributors
Thank you all our amazing contributors for contributing code, integrations, docs, and support. Open source is only possible because of you.
Check out our [Contribution Guide](CONTRIBUTING.md) for more information.
**`Tracecat`** is distributed under [**AGPL-3.0**](https://github.com/TracecatHQ/tracecat/blob/main/LICENSE)
