Skip to main content

Overview

Tracecat expressions let you build values from trigger data, action results, secrets, variables, and functions. Expressions use ${{ ... }}.

Where expressions are used

You can use expressions in:
  • Action inputs
  • run_if
  • for_each
  • Action environment
  • Workflow environment
  • Output schema
Use var.<name> in action inputs for actions that run with for_each.

Expression contexts

Use these references inside expressions:
  • TRIGGER.<field>
  • ACTIONS.<ref>.result
  • SECRETS.<name>.<KEY>
  • VARS.<name>.<key>
  • ENV.<field>
  • var.<name>
  • FN.<name>(...)

Operators

Expressions support literals and operators.

Literals

  • String literals such as "high" and 'prod'
  • Numeric literals such as 1 and 3.14
  • Boolean literals such as True and False
  • Null literals such as None
  • List literals such as ["a", "b"]
  • Object literals with string keys such as {"severity": "high"}

Operators

  • Logical operators such as || and &&
  • Comparison operators such as ==, !=, <, <=, >, >=
  • Arithmetic operators such as +, -, *, /, %
  • Ternary expressions such as ${{ "p1" if TRIGGER.severity == "high" else "p3" }}

Examples

Basic trigger reference: 
text: "Alert ${{ TRIGGER.alert_id }}"
Action result reference: 
value: ${{ ACTIONS.fetch_alert.result }}
Secret reference: 
token: ${{ SECRETS.github.GITHUB_TOKEN }}
Variable reference: 
team: ${{ VARS.routing.team }}
Conditional execution: 
run_if: ${{ FN.is_equal(TRIGGER.severity, "high") }}
Iteration: 
for_each: ${{ for var.alert in TRIGGER.alerts }}
Using var.<name> in action inputs: 
title: ${{ var.alert.title }}
severity: ${{ var.alert.severity }}
Ternary: 
priority: ${{ "p1" if TRIGGER.severity == "high" else "p3" }}
Function call: 
created_at: ${{ FN.to_datetime(TRIGGER.created_at) }}
Nested list literal: 
value: ${{ [1, [2, 3], {"severity": "high", "flags": [True, False, None]}] }}
Nested object literal: 
value: ${{ {"alert": {"id": "al-123", "tags": ["auth", "critical"]}, "ok": True, "meta": None} }}