tracecat-mcp-community
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@tracecat-mcp-communitylist my recent workflows"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
tracecat-mcp-community
A full-stack Model Context Protocol (MCP) server for the Tracecat SOAR platform — 94 tools across 16 domains.
What is this?
An MCP server that gives AI assistants (Claude Code, Claude Desktop, etc.) full control over a Tracecat instance through natural language. Manage workflows, actions, cases, secrets, tables, schedules, graphs, and more — without leaving your editor.
94 tools covering the full Tracecat API surface, including write operations not exposed by the official MCP
Stdio transport — no OIDC/SSO setup required, works against any self-hosted Tracecat
Lazy authentication — MCP transport starts instantly, login happens on first tool call
Auto workspace detection — no manual workspace ID needed
Session cookie auth — handles Tracecat's cookie-based auth transparently
Community MCP vs Official MCP
Tracecat ships an official MCP server (HTTP transport, OIDC auth, bundled with the platform). This community MCP is a standalone alternative you can use instead — pick the one that fits your setup.
Community MCP (this project) | ||
Transport | stdio (local) | HTTP (remote) |
Auth | Session cookie (username/password) | OIDC / SSO |
Setup |
| Requires OIDC configured on the Tracecat instance |
Tool coverage | 94 tools — full CRUD + graph ops + autofix + variables/integrations | ~90 tools — read + basic CRUD, plus agents/skills (EE-oriented) |
Exclusive capabilities | Graph editing ( | Agent presets/skills/sessions (Enterprise Edition), official support, platform-integrated |
Best for | Local dev, self-hosted without SSO, workflow authoring/editing at scale | Teams already running Tracecat Cloud or self-hosted with OIDC |
You don't need both. This community MCP is designed to cover the full surface on its own.
Tools
Domain | Tools | Description |
Workflows | 9 | List, create, get, update, deploy, export, delete, validate, autofix |
Actions | 5 | List, create, get, update, delete workflow actions |
Executions | 6 | Run workflows, run drafts, list/get/cancel executions, compact view |
Cases | 15 | List, create, get, update, delete cases; comments; tasks CRUD; custom fields CRUD |
Secrets | 5 | Search, create, get, update, delete secrets |
Variables | 6 | List, search, get, create, update, delete non-sensitive workspace variables |
Tables | 5 | List, create, get, update, delete tables |
Columns | 2 | Create, delete table columns |
Rows | 6 | List, get, insert, update, delete, batch insert rows |
Schedules | 5 | List, create, get, update, delete schedules |
Graph | 5 | Get graph, add/delete edges, move nodes, update trigger position |
Folders | 5 | List, create, update, delete folders; move workflows into folders |
Workspaces | 5 | Get current, list, create, update, delete workspaces |
Integrations | 7 | List/get/test/disconnect/delete integrations; list/get OAuth providers |
Webhooks | 3 | Get/update webhook, rotate API keys |
Docs | 2 | Search Tracecat docs, list available tool documentation |
Templates | 2 | List and get community workflow templates |
System | 1 | Health check |
Total: 94 tools for complete Tracecat automation.
Quick Start
Option A: npx (fastest)
# Install globally
npm install -g tracecat-mcp-communityCreate a .env file wherever you run from (or in the package directory):
TRACECAT_API_URL=http://localhost/api
TRACECAT_USERNAME=your-email@example.com
TRACECAT_PASSWORD=your-password-here
TRACECAT_WORKSPACE_ID= # Optional — auto-detected if omittedAdd to your .mcp.json:
{
"mcpServers": {
"tracecat": {
"command": "npx",
"args": ["-y", "tracecat-mcp-community"]
}
}
}Option B: From source
git clone https://github.com/adrojis/tracecat-mcp-community.git
cd tracecat-mcp-community
npm install
cp .env.example .env # Edit with your credentials
npm run buildAdd to your .mcp.json:
{
"mcpServers": {
"tracecat": {
"command": "node",
"args": ["/absolute/path/to/tracecat-mcp-community/dist/index.js"]
}
}
}Option C: Docker
git clone https://github.com/adrojis/tracecat-mcp-community.git
cd tracecat-mcp-community
docker build -t tracecat-mcp-community .{
"mcpServers": {
"tracecat": {
"command": "docker",
"args": ["run", "-i", "--rm", "--env-file", "/path/to/.env", "tracecat-mcp-community"]
}
}
}Security:
.envis gitignored and never committed. Never hardcode credentials in source files. See SECURITY.md.
Then restart Claude Code and verify with /mcp — you should see the tracecat server with 94 tools.
Configuration
Variable | Required | Default | Description |
| No |
| Tracecat API base URL |
| Yes | — | Login email |
| Yes | — | Login password |
| No | Auto-detected | Workspace ID (uses first workspace if omitted) |
Credentials are loaded from .env via dotenv. The .env file must be in the project root (next to package.json).
Architecture
src/
├── index.ts # Entry point — StdioTransport + env loading
├── server.ts # McpServer creation + tool registration
├── client.ts # HTTP client with lazy auth + auto workspace injection
├── types.ts # TypeScript interfaces
└── tools/
├── workflows.ts # Workflow CRUD + deploy/export/validate/autofix
├── actions.ts # Action CRUD with YAML inputs
├── cases.ts # Case CRUD + comments + tasks + custom fields
├── executions.ts # Run (live + draft), list, cancel, inspect executions
├── secrets.ts # Secret management
├── variables.ts # Non-sensitive workspace variables CRUD
├── tables.ts # Tables, columns, and rows
├── graph.ts # Graph operations (get graph, edges, node positions)
├── folders.ts # Folder CRUD + move workflow into folder
├── workspaces.ts # Workspace CRUD + current-workspace info
├── integrations.ts # OAuth integrations + providers
├── webhooks.ts # Webhook get/update + key rotation
├── schedules.ts # Cron/interval scheduling
├── docs.ts # Documentation search
├── templates.ts # Community workflow templates
└── system.ts # Health checkKey Design Decisions
Decision | Rationale |
Lazy initialization | MCP transport starts immediately; login happens on first tool call. Avoids blocking Claude Code startup. |
Session cookies | Tracecat currently uses |
YAML string inputs | Action |
POST for updates | Actions, secrets, and schedules use |
Auto workspace injection |
|
Optimistic locking | Graph operations read |
Authentication Roadmap
This server currently authenticates via username/password (session cookies). The Tracecat team is actively working on API token authentication, which will provide a simpler and more secure connection method — no more password in .env.
We will add API token support as soon as it becomes available upstream. The username/password method will remain supported for backward compatibility.
API Quirks
These behaviors differ from typical REST conventions and are handled transparently by the server:
Quirk | Details |
| Must be |
POST for updates |
|
Actions list endpoint |
|
Action inputs format | YAML string, not JSON object |
Workflow list pagination | Returns |
Development
# Watch mode (auto-reload)
npm run dev
# Build TypeScript
npm run build
# Run directly
node dist/index.jsTesting
npm run build
npm testTests use Node.js built-in test runner (no extra dependencies). See CONTRIBUTING.md for guidelines.
MCP Inspector
The MCP Inspector is a visual debugging tool that lets you browse and test all 94 tools interactively in your browser — useful for verifying your setup, exploring tool schemas, and testing API calls without Claude.
From the project root:
npx @modelcontextprotocol/inspector node dist/index.jsThis starts a local web UI (default: http://localhost:6274). Click the Tools tab to see all available tools, inspect their input schemas, and execute them against your Tracecat instance.
Roadmap
This project is under active development. Tracecat's API surface evolves fast, and we intend to keep up — expect new tools, refinements, and breaking-change adaptations as the platform matures.
Planned areas of improvement:
More tools — covering new Tracecat API endpoints as they ship
Better error handling — structured error responses with actionable hints
OAuth/OIDC support — for Tracecat instances using SSO instead of basic auth
Test suite — automated integration tests against a live Tracecat instance
Contributions, issues, and feature requests are welcome.
Related Projects
Tracecat official MCP — HTTP/OIDC MCP bundled with the platform (alternative to this one)
tracecat-skills — Claude Code skills for Tracecat workflow building
Tracecat — The open-source SOAR platform
MCP SDK — Model Context Protocol TypeScript SDK
Note: This project was previously named
tracecat-mcp. It was renamed totracecat-mcp-communityin April 2026 to distinguish it from Tracecat's official MCP server (HTTP + OIDC), which shipped shortly after.
License
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/adrojis/tracecat-mcp-community'
If you have feedback or need assistance with the MCP directory API, please join our Discord server