Tool Audit Trails
Per-invocation logs of what tool was called by what agent on behalf of what principal with what inputs and what result — the substrate every audit eventually reads from.
An agent that takes actions on production systems will eventually do something a human needs to investigate. The audit trail is the difference between forensics and panic.
What it solves
Lets incident response, compliance audit, and customer support answer 'what did the agent do, when, and on whose behalf' as a query instead of an investigation.
How we build it
The MCP registry emits a span per invocation with tool name, agent identity, principal, scope, inputs, outputs (subject to redaction), success or failure, and parent trace ID. Logs are immutable, retention is governed, and access is itself audited.
- Per-invocation span with full context
- Immutable storage with governed retention
- Redaction rules per tool and per scope
- Audit access itself logged
What changes when it is in place
Audits run in minutes. Compliance reviews stop being a project. Customer disputes about what the agent did are resolved with evidence.