Phase 5

MCP Auditing

Audit and govern Model Context Protocol (MCP) tool calls for compliance and security.

Overview

MCP Auditing provides visibility into how AI agents use MCP tools, enabling governance policies and compliance tracking for tool invocations.

Tool Governance

Control which tools agents can use

Audit Logging

Complete history of tool invocations

Policy Enforcement

Block or require approval for tools

Configuring MCP Auditing

Enable auditing for your MCP servers:

python
from tork_governance import TorkClient
from tork_governance.mcp import MCPAuditor

client = TorkClient()

# Create an MCP auditor
auditor = MCPAuditor(
    client=client,
    server_name="filesystem-server",
    log_level="detailed",  # "minimal", "standard", "detailed"
    policy_set="default"
)

# Wrap your MCP tool calls
@auditor.audit
async def read_file(path: str) -> str:
    # Your MCP tool implementation
    return await mcp_server.call_tool("read_file", {"path": path})

Tool Policies

Define policies for MCP tool usage:

yaml
# mcp-policies.yaml
policies:
  - name: restrict-filesystem-access
    description: Limit file operations to specific directories
    tool_pattern: "filesystem:*"
    action: BLOCK
    conditions:
      - type: path_not_in
        allowed_paths:
          - "/app/data"
          - "/tmp"
    message: "File access outside allowed directories"

  - name: require-approval-for-writes
    description: Require human approval for write operations
    tool_pattern: "filesystem:write_file"
    action: APPROVAL
    approvers: ["admin@company.com"]

  - name: rate-limit-api-calls
    description: Limit external API calls
    tool_pattern: "http:*"
    action: BLOCK
    conditions:
      - type: rate_exceeded
        limit: 100
        window: "1m"

Viewing Audit Logs

Query MCP audit logs programmatically:

python
# Query audit logs
logs = client.mcp.get_audit_logs(
    server_name="filesystem-server",
    tool_name="read_file",
    start_time="2024-01-01T00:00:00Z",
    end_time="2024-01-31T23:59:59Z",
    status=["success", "blocked"]
)

for log in logs:
    print(f"{log.timestamp}: {log.tool_name}")
    print(f"  Agent: {log.agent_id}")
    print(f"  Status: {log.status}")
    print(f"  Duration: {log.duration_ms}ms")
    if log.policy_violations:
        print(f"  Violations: {log.policy_violations}")

MCP Metrics

Monitor MCP tool usage with built-in metrics:

python
# Get MCP metrics
metrics = client.mcp.get_metrics(
    server_name="filesystem-server",
    window="24h"
)

print(f"Total invocations: {metrics.total_invocations}")
print(f"Success rate: {metrics.success_rate}%")
print(f"Average latency: {metrics.avg_latency_ms}ms")
print(f"Policy blocks: {metrics.policy_blocks}")

# Tool breakdown
for tool in metrics.by_tool:
    print(f"  {tool.name}: {tool.invocations} calls")

Learn More: See MCP Server Integration for complete setup instructions.

Documentation

Learn to integrate TORK

Upgrade Plan

Current: free

Support

Get help from our team