npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

tracecat-mcp-community

v1.0.0

Published

MCP server for Tracecat SOAR platform — 49 tools for workflows, actions, cases, secrets, tables, and more

Downloads

19

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

adrojisadrojis

Keywords

mcptracecatsoarsecurityautomationmodel-context-protocolclaudeai

Readme

tracecat-mcp-community

A Model Context Protocol (MCP) server for the Tracecat SOAR platform — 49 tools across 12 domains.

License: MIT npm version Node.js CI Tracecat MCP Docker

What is this?

An MCP server that gives AI assistants (Claude Code, Claude Desktop, etc.) full control over a Tracecat instance through natural language. Manage workflows, actions, cases, secrets, tables, schedules, and more — without leaving your editor.

  • 49 tools covering the full Tracecat API surface
  • Lazy authentication — MCP transport starts instantly, login happens on first tool call
  • Auto workspace detection — no manual workspace ID needed
  • Session cookie auth — handles Tracecat's cookie-based auth transparently

Tools

| Domain | Tools | Description | |---|---|---| | Workflows | 9 | List, create, get, update, deploy, export, delete, validate, autofix | | Actions | 5 | List, create, get, update, delete workflow actions | | Executions | 5 | Run workflows, list/get/cancel executions, compact view | | Cases | 7 | List, create, get, update, delete cases; add/list comments | | Secrets | 5 | Search, create, get, update, delete secrets | | Tables | 5 | List, create, get, update, delete tables | | Columns | 2 | Create, delete table columns | | Rows | 6 | List, get, insert, update, delete, batch insert rows | | Schedules | 5 | List, create, get, update, delete schedules | | Graph | 3 | Add edges, move nodes, update trigger position | | Webhooks | 1 | Generate/rotate webhook API keys | | Docs | 2 | Search Tracecat docs, list available tool documentation | | Templates | 2 | List and get community workflow templates | | System | 1 | Health check |

Total: 49 tools for complete Tracecat automation.

Quick Start

Option A: npx (fastest)

# Install globally
npm install -g tracecat-mcp-community

Create a .env file wherever you run from (or in the package directory):

TRACECAT_API_URL=http://localhost/api
[email protected]
TRACECAT_PASSWORD=your-password-here
TRACECAT_WORKSPACE_ID=              # Optional — auto-detected if omitted

Add to your .mcp.json:

{
  "mcpServers": {
    "tracecat": {
      "command": "npx",
      "args": ["-y", "tracecat-mcp-community"]
    }
  }
}

Option B: From source

git clone https://github.com/adrojis/tracecat-mcp-community.git
cd tracecat-mcp-community
npm install
cp .env.example .env    # Edit with your credentials
npm run build

Add to your .mcp.json:

{
  "mcpServers": {
    "tracecat": {
      "command": "node",
      "args": ["/absolute/path/to/tracecat-mcp-community/dist/index.js"]
    }
  }
}

Option C: Docker

git clone https://github.com/adrojis/tracecat-mcp-community.git
cd tracecat-mcp-community
docker build -t tracecat-mcp-community .
{
  "mcpServers": {
    "tracecat": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--env-file", "/path/to/.env", "tracecat-mcp-community"]
    }
  }
}

Security: .env is gitignored and never committed. Never hardcode credentials in source files. See SECURITY.md.

Then restart Claude Code and verify with /mcp — you should see the tracecat server with 49 tools.

Configuration

| Variable | Required | Default | Description | |---|---|---|---| | TRACECAT_API_URL | No | http://localhost/api | Tracecat API base URL | | TRACECAT_USERNAME | Yes | — | Login email | | TRACECAT_PASSWORD | Yes | — | Login password | | TRACECAT_WORKSPACE_ID | No | Auto-detected | Workspace ID (uses first workspace if omitted) |

Credentials are loaded from .env via dotenv. The .env file must be in the project root (next to package.json).

Architecture

src/
├── index.ts          # Entry point — StdioTransport + env loading
├── server.ts         # McpServer creation + tool registration
├── client.ts         # HTTP client with lazy auth + auto workspace injection
├── types.ts          # TypeScript interfaces
└── tools/
    ├── workflows.ts  # Workflow CRUD + deploy/export/validate/autofix
    ├── actions.ts    # Action CRUD with YAML inputs
    ├── cases.ts      # Case management + comments
    ├── executions.ts # Run, list, cancel, inspect executions
    ├── secrets.ts    # Secret management
    ├── tables.ts     # Tables, columns, and rows
    ├── graph.ts      # Graph operations (edges, node positions)
    ├── webhooks.ts   # Webhook key rotation
    ├── schedules.ts  # Cron/interval scheduling
    ├── docs.ts       # Documentation search
    ├── templates.ts  # Community workflow templates
    └── system.ts     # Health check

Key Design Decisions

| Decision | Rationale | |---|---| | Lazy initialization | MCP transport starts immediately; login happens on first tool call. Avoids blocking Claude Code startup. | | Session cookies | Tracecat currently uses fastapiusersauth cookies, not API keys. The client handles login and cookie extraction automatically. See note below on upcoming API token support. | | YAML string inputs | Action inputs are sent as YAML strings per the Tracecat API contract, not JSON objects. | | POST for updates | Actions, secrets, and schedules use POST for updates instead of the conventional PATCH. | | Auto workspace injection | workspace_id is auto-detected and injected as a query parameter on every request. | | Optimistic locking | Graph operations read base_version before patching to prevent concurrent edit conflicts. |

Authentication Roadmap

This server currently authenticates via username/password (session cookies). The Tracecat team is actively working on API token authentication, which will provide a simpler and more secure connection method — no more password in .env.

We will add API token support as soon as it becomes available upstream. The username/password method will remain supported for backward compatibility.

API Quirks

These behaviors differ from typical REST conventions and are handled transparently by the server:

| Quirk | Details | |---|---| | workspace_id as query param | Must be ?workspace_id=..., not a header | | POST for updates | /actions/{id}, /secrets/{id}, /schedules/{id} use POST | | Actions list endpoint | GET /actions?workflow_id=... (not nested under /workflows) | | Action inputs format | YAML string, not JSON object | | Workflow list pagination | Returns { items: [...], next_cursor }, not a plain array |

Development

# Watch mode (auto-reload)
npm run dev

# Build TypeScript
npm run build

# Run directly
node dist/index.js

Testing

npm run build
npm test

Tests use Node.js built-in test runner (no extra dependencies). See CONTRIBUTING.md for guidelines.

MCP Inspector

The MCP Inspector is a visual debugging tool that lets you browse and test all 49 tools interactively in your browser — useful for verifying your setup, exploring tool schemas, and testing API calls without Claude.

From the project root:

npx @modelcontextprotocol/inspector node dist/index.js

This starts a local web UI (default: http://localhost:6274). Click the Tools tab to see all available tools, inspect their input schemas, and execute them against your Tracecat instance.

Roadmap

This project is under active development. Tracecat's API surface evolves fast, and we intend to keep up — expect new tools, refinements, and breaking-change adaptations as the platform matures.

Planned areas of improvement:

  • More tools — covering new Tracecat API endpoints as they ship
  • Better error handling — structured error responses with actionable hints
  • OAuth/OIDC support — for Tracecat instances using SSO instead of basic auth
  • Test suite — automated integration tests against a live Tracecat instance

Contributions, issues, and feature requests are welcome.

Related Projects

Note: This project was previously named tracecat-mcp. It has been renamed to tracecat-mcp-community to clearly distinguish it from Tracecat's official MCP server which uses OAuth authentication.

  • Tracecat — The open-source SOAR platform
  • MCP SDK — Model Context Protocol TypeScript SDK

License

MIT