Audit & Compliance

Every MCP tool invocation should produce an audit record. The record captures who called the tool (user identity from OAuth token), what tool was called (tool name and arguments), when it was called (timestamp), what it returned (result summary, not necessarily full output), and whether it succeeded or failed. These records are the foundation of compliance — without them, you cannot answer the question "what did the AI do and who authorized it?" Store audit logs in append-only storage (write-once S3 buckets, immutable database tables) to prevent tampering.

Data governance adds constraints on what MCP servers can access and return. If your MCP server queries a database containing PII, the audit log must record that PII was accessed without logging the PII itself. Implement output filtering: scan tool results for patterns that match sensitive data (SSNs, credit card numbers, API keys) and redact them before returning to the client. Classification labels on resources help — tag database tables and file directories with sensitivity levels, and enforce access policies based on the requesting user's clearance.

1. Instrument every tool Wrap each tool handler with an audit middleware that logs the invocation before execution and the result after. Use structured logging (JSON) with consistent field names across all tools.
2. Implement output filtering Add a post-processing step that scans tool results for sensitive patterns (regex for SSNs, credit cards, API keys) and redacts matches before returning to the client.
3. Set up retention policies Define how long audit logs are retained based on your regulatory requirements. SOC 2 typically requires 1 year, HIPAA requires 6 years. Use append-only storage with lifecycle policies for automatic archival.