Tracecat is not just shipping another SOAR dashboard. The signal in the data is narrower and more interesting: 12 release events in 30 days, 30 releases in 90 days, and recent notes clustered around agents, MCP, approvals, sandboxing, and LLM provider plumbing.

ToolVitals gives Tracecat a 98 shipping score, 92 health score, and 94 ToolVitals score. That is a strong maintenance profile for a tool with 3,601 GitHub stars, especially in a security automation category where trust depends on boring operational details as much as shiny AI demos.

The release stream points at agent-native security work

Tracecat’s website positions it as an open source security automation platform for teams and AI agents. It emphasizes workflows, cases, agents, skills, tools, integrations, and human approval flows. The repo README uses similar language: Tracecat is an agentic security automation platform with agents, workflows, case management, integrations, MCP support, and custom Python scripts that can become tools and workflow steps.

The recent releases match that positioning. Tracecat 1.0.0-beta.45 included an LLM provider cutover and fixes for custom model providers. Tracecat 1.0.0-beta.46 fixed sandbox DNS resolution for local and hosted agent execution and increased the Claude shim buffer limit for larger agent responses. The 1.0.0-beta.47 release candidates added agent tool cap handling, approval fixes, workspace-scoped route aliases, PAT data models, and Skills UI cleanup.

That pattern matters. Tracecat is spending release energy on the unglamorous parts of agent automation: auth scopes, approval continuations, sandbox DNS, provider routing, MCP payloads, action masking, and explicit third-party tool consent. For security teams, that is the right kind of boring.

The bet is not generic automation

Tracecat overlaps with workflow automation, but the product framing is security-first. The website talks about SIEM, EDR, CNAPP, IdP integrations, cases, containment approvals, and agents working inside security workflows. The README says it supports Docker, Kubernetes, and AWS Fargate self-hosting, runs workflows on Temporal, and sandboxes untrusted code with nsjail.

That suggests Tracecat is betting on a tighter wedge than horizontal automation. It wants to be the agent workbench for security teams that need workflows, case handling, tool permissions, and auditability in the same product.

The AGPL-3.0 license is also part of the story. ToolVitals classifies Tracecat as OSI-approved OSS, and the repository license is AGPL-3.0. The README also discloses enterprise exceptions for packages and gated enterprise features, so buyers should read the repo’s license notes before assuming every component is covered by the same terms.

What ToolVitals cannot infer

ToolVitals sees shipping frequency, stars, releases, health signals, SSL, uptime, and related public activity. It does not see code quality, security posture, customer satisfaction, revenue, deployment success, support quality, or whether Tracecat works well inside a real SOC.

The payload also has null values for GitHub commits in the last 30 days and active contributors. So the responsible read is this: ToolVitals can say Tracecat has 12 release events in 30 days, 30 releases in 90 days, 3,601 stars, and strong health and shipping scores. It cannot infer exact 30-day commit velocity or contributor breadth from this payload.

The recent releases are still useful evidence. They show what the team is touching. They do not prove maturity.

How Tracecat compares

n8n is much larger by GitHub attention, with 188,094 stars, a 100 shipping score, and 45 release events in 30 days. But ToolVitals classifies n8n as fair-code, not OSI-approved open source, because its Sustainable Use License is not OSI-approved. That distinction matters if your automation platform must be open source under an OSI-approved license.

Skyvern is closer in shape. It has 21,630 stars, a 98 shipping score, and 17 release events in 30 days. Tracecat has fewer stars at 3,601 and fewer 30-day release events at 12, but it is aimed at security automation rather than browser automation.

Kestra is another automation reference point, with 26,865 stars, a 100 shipping score, and 13 release events in 30 days under Apache-2.0. Tracecat’s release count is nearly the same, but its product focus is narrower: AI-native SOAR, cases, agents, MCP, and security team workflows.

Recommendation

If your team is trying to automate security operations with human approvals, agent tools, MCP-connected systems, and self-hosted control, evaluate Tracecat now. The release stream shows active work on exactly those failure points.

Do not treat the 94 ToolVitals score as proof that it is production-ready for your SOC. Treat it as a screening signal. Build a pilot around one real workflow, such as OAuth grant review, cloud finding triage, or endpoint containment approval, then test the parts that ToolVitals cannot measure: permission boundaries, audit logs, rollback behavior, operator UX, and failure handling.

Sources