tracecat-mcp-community 1.0.0

package/.env.example

@@ -0,0 +1,7 @@
+## Tracecat MCP Server - Credentials
+## Copy this file to .env and fill in your values.
+## DO NOT commit .env to version control.
+TRACECAT_API_URL=http://localhost/api
+TRACECAT_USERNAME=your-email@example.com
+TRACECAT_PASSWORD=your-password-here
+TRACECAT_WORKSPACE_ID=

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 adrojis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,267 @@
+<p align="center">
+  <img src="assets/banner.png" alt="Tracecat MCP Banner" width="100%">
+</p>
+
+# tracecat-mcp-community
+
+**A Model Context Protocol (MCP) server for the [Tracecat](https://tracecat.com) SOAR platform — 49 tools across 12 domains.**
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![npm version](https://img.shields.io/npm/v/tracecat-mcp-community.svg)](https://www.npmjs.com/package/tracecat-mcp-community)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)](https://nodejs.org)
+[![CI](https://github.com/adrojis/tracecat-mcp-community/actions/workflows/ci.yml/badge.svg)](https://github.com/adrojis/tracecat-mcp-community/actions/workflows/ci.yml)
+[![Tracecat](https://img.shields.io/badge/Tracecat-v1.0.0--beta.31-purple.svg)](https://github.com/TracecatHQ/tracecat)
+[![MCP](https://img.shields.io/badge/MCP-Server-green.svg)](https://modelcontextprotocol.io)
+[![Docker](https://img.shields.io/badge/Docker-ready-blue.svg)](#docker)
+
+---
+
+## What is this?
+
+An [MCP server](https://modelcontextprotocol.io) that gives AI assistants (Claude Code, Claude Desktop, etc.) full control over a [Tracecat](https://github.com/TracecatHQ/tracecat) instance through natural language. Manage workflows, actions, cases, secrets, tables, schedules, and more — without leaving your editor.
+
+- **49 tools** covering the full Tracecat API surface
+- **Lazy authentication** — MCP transport starts instantly, login happens on first tool call
+- **Auto workspace detection** — no manual workspace ID needed
+- **Session cookie auth** — handles Tracecat's cookie-based auth transparently
+
+---
+
+## Tools
+
+| Domain | Tools | Description |
+|---|---|---|
+| **Workflows** | 9 | List, create, get, update, deploy, export, delete, validate, autofix |
+| **Actions** | 5 | List, create, get, update, delete workflow actions |
+| **Executions** | 5 | Run workflows, list/get/cancel executions, compact view |
+| **Cases** | 7 | List, create, get, update, delete cases; add/list comments |
+| **Secrets** | 5 | Search, create, get, update, delete secrets |
+| **Tables** | 5 | List, create, get, update, delete tables |
+| **Columns** | 2 | Create, delete table columns |
+| **Rows** | 6 | List, get, insert, update, delete, batch insert rows |
+| **Schedules** | 5 | List, create, get, update, delete schedules |
+| **Graph** | 3 | Add edges, move nodes, update trigger position |
+| **Webhooks** | 1 | Generate/rotate webhook API keys |
+| **Docs** | 2 | Search Tracecat docs, list available tool documentation |
+| **Templates** | 2 | List and get community workflow templates |
+| **System** | 1 | Health check |
+
+> **Total: 49 tools** for complete Tracecat automation.
+
+---
+
+## Quick Start
+
+### Option A: npx (fastest)
+
+```bash
+# Install globally
+npm install -g tracecat-mcp-community
+```
+
+Create a `.env` file wherever you run from (or in the package directory):
+
+```env
+TRACECAT_API_URL=http://localhost/api
+TRACECAT_USERNAME=your-email@example.com
+TRACECAT_PASSWORD=your-password-here
+TRACECAT_WORKSPACE_ID=              # Optional — auto-detected if omitted
+```
+
+Add to your `.mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "tracecat": {
+      "command": "npx",
+      "args": ["-y", "tracecat-mcp-community"]
+    }
+  }
+}
+```
+
+### Option B: From source
+
+```bash
+git clone https://github.com/adrojis/tracecat-mcp-community.git
+cd tracecat-mcp-community
+npm install
+cp .env.example .env    # Edit with your credentials
+npm run build
+```
+
+Add to your `.mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "tracecat": {
+      "command": "node",
+      "args": ["/absolute/path/to/tracecat-mcp-community/dist/index.js"]
+    }
+  }
+}
+```
+
+### Option C: Docker
+
+```bash
+git clone https://github.com/adrojis/tracecat-mcp-community.git
+cd tracecat-mcp-community
+docker build -t tracecat-mcp-community .
+```
+
+```json
+{
+  "mcpServers": {
+    "tracecat": {
+      "command": "docker",
+      "args": ["run", "-i", "--rm", "--env-file", "/path/to/.env", "tracecat-mcp-community"]
+    }
+  }
+}
+```
+
+> **Security:** `.env` is gitignored and never committed. Never hardcode credentials in source files. See [SECURITY.md](SECURITY.md).
+
+Then restart Claude Code and verify with `/mcp` — you should see the `tracecat` server with 49 tools.
+
+---
+
+## Configuration
+
+| Variable | Required | Default | Description |
+|---|---|---|---|
+| `TRACECAT_API_URL` | No | `http://localhost/api` | Tracecat API base URL |
+| `TRACECAT_USERNAME` | **Yes** | — | Login email |
+| `TRACECAT_PASSWORD` | **Yes** | — | Login password |
+| `TRACECAT_WORKSPACE_ID` | No | Auto-detected | Workspace ID (uses first workspace if omitted) |
+
+Credentials are loaded from `.env` via [dotenv](https://github.com/motdotla/dotenv). The `.env` file must be in the project root (next to `package.json`).
+
+---
+
+## Architecture
+
+```
+src/
+├── index.ts          # Entry point — StdioTransport + env loading
+├── server.ts         # McpServer creation + tool registration
+├── client.ts         # HTTP client with lazy auth + auto workspace injection
+├── types.ts          # TypeScript interfaces
+└── tools/
+    ├── workflows.ts  # Workflow CRUD + deploy/export/validate/autofix
+    ├── actions.ts    # Action CRUD with YAML inputs
+    ├── cases.ts      # Case management + comments
+    ├── executions.ts # Run, list, cancel, inspect executions
+    ├── secrets.ts    # Secret management
+    ├── tables.ts     # Tables, columns, and rows
+    ├── graph.ts      # Graph operations (edges, node positions)
+    ├── webhooks.ts   # Webhook key rotation
+    ├── schedules.ts  # Cron/interval scheduling
+    ├── docs.ts       # Documentation search
+    ├── templates.ts  # Community workflow templates
+    └── system.ts     # Health check
+```
+
+---
+
+## Key Design Decisions
+
+| Decision | Rationale |
+|---|---|
+| **Lazy initialization** | MCP transport starts immediately; login happens on first tool call. Avoids blocking Claude Code startup. |
+| **Session cookies** | Tracecat currently uses `fastapiusersauth` cookies, not API keys. The client handles login and cookie extraction automatically. See note below on upcoming API token support. |
+| **YAML string inputs** | Action `inputs` are sent as YAML strings per the Tracecat API contract, not JSON objects. |
+| **POST for updates** | Actions, secrets, and schedules use `POST` for updates instead of the conventional `PATCH`. |
+| **Auto workspace injection** | `workspace_id` is auto-detected and injected as a query parameter on every request. |
+| **Optimistic locking** | Graph operations read `base_version` before patching to prevent concurrent edit conflicts. |
+
+---
+
+## Authentication Roadmap
+
+This server currently authenticates via **username/password** (session cookies). The Tracecat team is actively working on **API token authentication**, which will provide a simpler and more secure connection method — no more password in `.env`.
+
+We will add API token support as soon as it becomes available upstream. The username/password method will remain supported for backward compatibility.
+
+---
+
+## API Quirks
+
+These behaviors differ from typical REST conventions and are handled transparently by the server:
+
+| Quirk | Details |
+|---|---|
+| `workspace_id` as query param | Must be `?workspace_id=...`, not a header |
+| POST for updates | `/actions/{id}`, `/secrets/{id}`, `/schedules/{id}` use POST |
+| Actions list endpoint | `GET /actions?workflow_id=...` (not nested under `/workflows`) |
+| Action inputs format | YAML string, not JSON object |
+| Workflow list pagination | Returns `{ items: [...], next_cursor }`, not a plain array |
+
+---
+
+## Development
+
+```bash
+# Watch mode (auto-reload)
+npm run dev
+
+# Build TypeScript
+npm run build
+
+# Run directly
+node dist/index.js
+```
+
+## Testing
+
+```bash
+npm run build
+npm test
+```
+
+Tests use Node.js built-in test runner (no extra dependencies). See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+## MCP Inspector
+
+The [MCP Inspector](https://github.com/modelcontextprotocol/inspector) is a visual debugging tool that lets you browse and test all 49 tools interactively in your browser — useful for verifying your setup, exploring tool schemas, and testing API calls without Claude.
+
+From the project root:
+
+```bash
+npx @modelcontextprotocol/inspector node dist/index.js
+```
+
+This starts a local web UI (default: `http://localhost:6274`). Click the **Tools** tab to see all available tools, inspect their input schemas, and execute them against your Tracecat instance.
+
+---
+
+## Roadmap
+
+This project is under active development. Tracecat's API surface evolves fast, and we intend to keep up — expect new tools, refinements, and breaking-change adaptations as the platform matures.
+
+Planned areas of improvement:
+
+- **More tools** — covering new Tracecat API endpoints as they ship
+- **Better error handling** — structured error responses with actionable hints
+- **OAuth/OIDC support** — for Tracecat instances using SSO instead of basic auth
+- **Test suite** — automated integration tests against a live Tracecat instance
+
+Contributions, issues, and feature requests are welcome.
+
+---
+
+## Related Projects
+
+- [tracecat-skills](https://github.com/adrojis/tracecat-skills) — Claude Code skills for Tracecat workflow building
+> **Note:** This project was previously named `tracecat-mcp`. It has been renamed to `tracecat-mcp-community` to clearly distinguish it from [Tracecat's official MCP server](https://github.com/TracecatHQ/tracecat) which uses OAuth authentication.
+- [Tracecat](https://github.com/TracecatHQ/tracecat) — The open-source SOAR platform
+- [MCP SDK](https://github.com/modelcontextprotocol/typescript-sdk) — Model Context Protocol TypeScript SDK
+
+---
+
+## License
+
+[MIT](LICENSE)

package/dist/client.d.ts

@@ -0,0 +1,26 @@
+export declare class TracecatClient {
+    private baseUrl;
+    private workspaceId;
+    private sessionCookie;
+    private username;
+    private password;
+    private initialized;
+    private initPromise;
+    constructor(baseUrl: string, username: string, password: string, workspaceId?: string);
+    /** Ensures the client is logged in and workspace is set. Safe to call multiple times. */
+    ensureInitialized(): Promise<void>;
+    login(): Promise<void>;
+    private headers;
+    request<T = unknown>(method: string, path: string, body?: unknown, queryParams?: Record<string, string>): Promise<T>;
+    get<T = unknown>(path: string, queryParams?: Record<string, string>): Promise<T>;
+    post<T = unknown>(path: string, body?: unknown, queryParams?: Record<string, string>): Promise<T>;
+    patch<T = unknown>(path: string, body: unknown, queryParams?: Record<string, string>): Promise<T>;
+    delete<T = unknown>(path: string, queryParams?: Record<string, string>): Promise<T>;
+    initWorkspaceId(): Promise<void>;
+    getWorkspaceId(): string;
+    /** Fetch current graph then apply operations with optimistic locking */
+    patchGraph(workflowId: string, operations: Array<{
+        type: string;
+        payload: Record<string, unknown>;
+    }>): Promise<unknown>;
+}

package/dist/client.js

@@ -0,0 +1,147 @@
+export class TracecatClient {
+    baseUrl;
+    workspaceId;
+    sessionCookie = "";
+    username;
+    password;
+    initialized = false;
+    initPromise = null;
+    constructor(baseUrl, username, password, workspaceId = "") {
+        this.baseUrl = baseUrl.replace(/\/$/, "");
+        this.username = username;
+        this.password = password;
+        this.workspaceId = workspaceId;
+    }
+    /** Ensures the client is logged in and workspace is set. Safe to call multiple times. */
+    async ensureInitialized() {
+        if (this.initialized)
+            return;
+        if (!this.initPromise) {
+            this.initPromise = (async () => {
+                await this.login();
+                await this.initWorkspaceId();
+                this.initialized = true;
+                console.error("[tracecat-mcp-community] Login successful");
+                console.error(`[tracecat-mcp-community] Workspace: ${this.workspaceId || "(none)"}`);
+            })();
+        }
+        await this.initPromise;
+    }
+    async login() {
+        const formData = new URLSearchParams();
+        formData.append("username", this.username);
+        formData.append("password", this.password);
+        const response = await fetch(`${this.baseUrl}/auth/login`, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: formData.toString(),
+            redirect: "manual",
+        });
+        if (!response.ok && response.status !== 204 && response.status !== 302) {
+            throw new Error(`Login failed (${response.status}). Check your TRACECAT_USERNAME and TRACECAT_PASSWORD in .env`);
+        }
+        // Extract session cookie from set-cookie header
+        const setCookie = response.headers.getSetCookie?.() ?? [];
+        for (const cookie of setCookie) {
+            const match = cookie.match(/fastapiusersauth=([^;]+)/);
+            if (match) {
+                this.sessionCookie = match[1];
+                return;
+            }
+        }
+        // Fallback: try raw header
+        const rawSetCookie = response.headers.get("set-cookie") ?? "";
+        const match = rawSetCookie.match(/fastapiusersauth=([^;]+)/);
+        if (match) {
+            this.sessionCookie = match[1];
+            return;
+        }
+        throw new Error("Login succeeded but no session cookie received. " +
+            "Check that the Tracecat API is returning a 'fastapiusersauth' cookie.");
+    }
+    headers() {
+        return {
+            "Content-Type": "application/json",
+            Cookie: `fastapiusersauth=${this.sessionCookie}`,
+        };
+    }
+    async request(method, path, body, queryParams) {
+        await this.ensureInitialized();
+        // Auto-inject workspace_id on every request (skip auth/workspaces endpoints)
+        const params = new URLSearchParams(queryParams);
+        if (this.workspaceId && !path.startsWith("/auth") && path !== "/workspaces" && path !== "/ready") {
+            if (!params.has("workspace_id")) {
+                params.set("workspace_id", this.workspaceId);
+            }
+        }
+        let url = `${this.baseUrl}${path}`;
+        const qs = params.toString();
+        if (qs) {
+            url += `?${qs}`;
+        }
+        const options = {
+            method,
+            headers: this.headers(),
+        };
+        if (body !== undefined) {
+            options.body = JSON.stringify(body);
+        }
+        const response = await fetch(url, options);
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Tracecat API error ${response.status}: ${errorText}`);
+        }
+        const contentType = response.headers.get("content-type");
+        if (contentType?.includes("application/json")) {
+            return (await response.json());
+        }
+        return (await response.text());
+    }
+    async get(path, queryParams) {
+        return this.request("GET", path, undefined, queryParams);
+    }
+    async post(path, body, queryParams) {
+        return this.request("POST", path, body, queryParams);
+    }
+    async patch(path, body, queryParams) {
+        return this.request("PATCH", path, body, queryParams);
+    }
+    async delete(path, queryParams) {
+        return this.request("DELETE", path, undefined, queryParams);
+    }
+    async initWorkspaceId() {
+        if (this.workspaceId)
+            return;
+        try {
+            // /workspaces doesn't need workspace_id
+            const response = await fetch(`${this.baseUrl}/workspaces`, {
+                headers: {
+                    Cookie: `fastapiusersauth=${this.sessionCookie}`,
+                },
+            });
+            if (response.ok) {
+                const workspaces = (await response.json());
+                if (workspaces.length > 0) {
+                    this.workspaceId = workspaces[0].id;
+                }
+            }
+        }
+        catch {
+            // Workspace ID will remain empty; some endpoints may not require it
+        }
+    }
+    getWorkspaceId() {
+        return this.workspaceId;
+    }
+    /** Fetch current graph then apply operations with optimistic locking */
+    async patchGraph(workflowId, operations) {
+        // 1. Get current graph to read base_version (version is at root level)
+        const graph = await this.get(`/workflows/${workflowId}/graph`);
+        const baseVersion = graph.version;
+        // 2. Patch with operations
+        return this.patch(`/workflows/${workflowId}/graph`, {
+            base_version: baseVersion,
+            operations,
+        });
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,32 @@
+#!/usr/bin/env node
+import { config } from "dotenv";
+import { fileURLToPath } from "url";
+import { dirname, resolve } from "path";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { TracecatClient } from "./client.js";
+import { createServer } from "./server.js";
+// Load .env from the mcp_server directory (not cwd)
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+config({ path: resolve(__dirname, "..", ".env") });
+const apiUrl = process.env.TRACECAT_API_URL ?? "http://localhost/api";
+const username = process.env.TRACECAT_USERNAME ?? "";
+const password = process.env.TRACECAT_PASSWORD ?? "";
+const workspaceId = process.env.TRACECAT_WORKSPACE_ID ?? "";
+if (!username || !password) {
+    process.stderr.write("TRACECAT_USERNAME and TRACECAT_PASSWORD environment variables are required\n");
+    process.exit(1);
+}
+const client = new TracecatClient(apiUrl, username, password, workspaceId);
+const server = createServer(client);
+const transport = new StdioServerTransport();
+// Start MCP transport immediately - login happens lazily on first tool call
+server.connect(transport).then(() => {
+    process.stderr.write("[tracecat-mcp-community] MCP server ready (login will happen on first request)\n");
+}).catch((error) => {
+    process.stderr.write(`[tracecat-mcp-community] Fatal error: ${error}\n`);
+    process.exit(1);
+});
+// Graceful shutdown
+process.on("SIGINT", () => process.exit(0));
+process.on("SIGTERM", () => process.exit(0));

package/dist/minimal.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/minimal.js

@@ -0,0 +1,8 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+const server = new McpServer({ name: "tracecat", version: "1.0.0" });
+server.tool("ping", "Returns pong", {}, async () => {
+    return { content: [{ type: "text", text: "pong" }] };
+});
+const transport = new StdioServerTransport();
+server.connect(transport);

package/dist/minimal.js.backup

@@ -0,0 +1,8 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+const server = new McpServer({ name: "tracecat", version: "1.0.0" });
+server.tool("ping", "Returns pong", {}, async () => {
+    return { content: [{ type: "text", text: "pong" }] };
+});
+const transport = new StdioServerTransport();
+server.connect(transport);

package/dist/server.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { TracecatClient } from "./client.js";
+export declare function createServer(client: TracecatClient): McpServer;

package/dist/server.js

@@ -0,0 +1,32 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { registerWorkflowTools } from "./tools/workflows.js";
+import { registerExecutionTools } from "./tools/executions.js";
+import { registerCaseTools } from "./tools/cases.js";
+import { registerActionTools } from "./tools/actions.js";
+import { registerSecretTools } from "./tools/secrets.js";
+import { registerTableTools } from "./tools/tables.js";
+import { registerWebhookTools } from "./tools/webhooks.js";
+import { registerSystemTools } from "./tools/system.js";
+import { registerScheduleTools } from "./tools/schedules.js";
+import { registerGraphTools } from "./tools/graph.js";
+import { registerDocTools } from "./tools/docs.js";
+import { registerTemplateTools } from "./tools/templates.js";
+export function createServer(client) {
+    const server = new McpServer({
+        name: "tracecat",
+        version: "1.0.0",
+    });
+    registerWorkflowTools(server, client);
+    registerExecutionTools(server, client);
+    registerCaseTools(server, client);
+    registerActionTools(server, client);
+    registerSecretTools(server, client);
+    registerTableTools(server, client);
+    registerWebhookTools(server, client);
+    registerScheduleTools(server, client);
+    registerSystemTools(server, client);
+    registerGraphTools(server, client);
+    registerDocTools(server, client);
+    registerTemplateTools(server, client);
+    return server;
+}

package/dist/tools/actions.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { TracecatClient } from "../client.js";
+export declare function registerActionTools(server: McpServer, client: TracecatClient): void;

package/dist/tools/actions.js

@@ -0,0 +1,54 @@
+import { z } from "zod";
+export function registerActionTools(server, client) {
+    server.tool("tracecat_list_actions", "List all actions for a given workflow", {
+        workflow_id: z.string().describe("Workflow ID"),
+    }, async ({ workflow_id }) => {
+        const actions = await client.get(`/actions`, { workflow_id });
+        return { content: [{ type: "text", text: JSON.stringify(actions, null, 2) }] };
+    });
+    server.tool("tracecat_create_action", "Create a new action in a workflow", {
+        workflow_id: z.string().describe("Workflow ID"),
+        type: z.string().describe("Action type (e.g. core.transform.reshape, core.http.request, core.script.run_python)"),
+        title: z.string().describe("Action title"),
+    }, async ({ workflow_id, type, title }) => {
+        const result = await client.post(`/actions`, { workflow_id, type, title });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    });
+    server.tool("tracecat_get_action", "Get details of a specific action by ID", {
+        action_id: z.string().describe("Action ID"),
+        workflow_id: z.string().describe("Workflow ID"),
+    }, async ({ action_id, workflow_id }) => {
+        const action = await client.get(`/actions/${action_id}`, { workflow_id });
+        return { content: [{ type: "text", text: JSON.stringify(action, null, 2) }] };
+    });
+    server.tool("tracecat_update_action", "Update an existing action (title, description, inputs, control_flow). Note: inputs must be a YAML string, not a JSON object.", {
+        action_id: z.string().describe("Action ID"),
+        workflow_id: z.string().describe("Workflow ID"),
+        title: z.string().optional().describe("New title"),
+        description: z.string().optional().describe("New description"),
+        inputs: z.string().optional().describe("Action inputs as a YAML string (e.g. 'value: hello\\nurl: https://...')"),
+        control_flow: z.object({
+            run_if: z.string().nullable().optional().describe("Conditional expression"),
+            for_each: z.string().nullable().optional().describe("Loop expression"),
+            join_strategy: z.string().optional().describe("'all' or 'any'"),
+            retry_policy: z.object({
+                max_attempts: z.number().optional(),
+                timeout: z.number().optional(),
+                retry_until: z.string().nullable().optional(),
+            }).optional(),
+            start_delay: z.number().optional().describe("Delay in seconds before execution"),
+        }).optional().describe("Control flow settings"),
+    }, async ({ action_id, workflow_id, ...updates }) => {
+        const body = Object.fromEntries(Object.entries(updates).filter(([, v]) => v !== undefined));
+        // Update uses POST, not PATCH
+        const result = await client.post(`/actions/${action_id}`, body, { workflow_id });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    });
+    server.tool("tracecat_delete_action", "Delete an action from a workflow", {
+        action_id: z.string().describe("Action ID"),
+        workflow_id: z.string().describe("Workflow ID"),
+    }, async ({ action_id, workflow_id }) => {
+        const result = await client.delete(`/actions/${action_id}`, { workflow_id });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    });
+}

package/dist/tools/cases.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { TracecatClient } from "../client.js";
+export declare function registerCaseTools(server: McpServer, client: TracecatClient): void;