Audit Layer

Understanding the logging, monitoring, and reputation management components of MCP-I

Audit Layer

Introduction to the Audit Layer

The Audit Layer in MCP-I ensures that all identity and delegation activities are properly recorded, monitored, and made available for oversight and compliance purposes. This layer serves several critical functions:

  1. Accountability: Maintaining records of which agents performed which actions
  2. Transparency: Enabling visibility into delegation chains and agent activities
  3. Compliance: Supporting regulatory requirements for audit trails
  4. Security: Enabling detection of suspicious patterns or misuse
  5. Reputation: Providing data for agent reputation assessments

Audit Trail Requirements

MCP-I defines specific requirements for audit logs based on the conformance level:

Level 1: Basic Audit

  • Log all delegation issuance events
  • Record basic agent verification attempts
  • Store logs securely with access controls
  • Maintain logs for a minimum of 30 days

Level 2: Standard Audit

  • Cryptographically sign all audit records
  • Log all credential verification details
  • Include full request context in logs
  • Maintain logs for a minimum of 90 days
  • Implement log aggregation and search

Level 3: Enterprise Audit

  • Use immutable storage for audit records
  • Implement tamper-evident logging mechanisms
  • Add selective disclosure for privacy-sensitive logs
  • Maintain logs for customizable retention periods
  • Support advanced analytics and anomaly detection

Core Audit Events

MCP-I defines a set of core audit events that must be logged:

Delegation Events

Loading diagram...

Verification Events

Loading diagram...

Administrative Events

Loading diagram...

Audit Record Format

MCP-I audit records follow a standardized format:

{
  "id": "urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6",
  "timestamp": "2025-06-15T19:23:24Z",
  "eventType": "VerificationSucceeded",
  "actorType": "Agent",
  "actorId": "did:example:agent456",
  "delegator": "did:example:principal123",
  "resource": "https://api.example.com/data/customer-records",
  "action": "read:customer-records",
  "credentialId": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5",
  "verifierSystem": "edge-proxy-east-1",
  "requestId": "req-1a2b3c",
  "clientInfo": {
    "ipAddress": "203.0.113.42",
    "userAgent": "MCP-I Agent/1.0"
  },
  "result": {
    "status": "success",
    "statusCode": 200,
    "responseTime": 123
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2025-06-15T19:23:25Z",
    "verificationMethod": "did:example:logger#key-1",
    "proofValue": "z43BsK5Fu9Sdw..."
  }
}

Audit Storage and Management

Storage Options

MCP-I supports multiple audit storage approaches:

  1. Centralized Logging: Traditional log aggregation systems
  2. Distributed Ledger: Blockchain-based immutable logs
  3. Secure Enclaves: Protected, tamper-resistant storage
  4. Hybrid Systems: Combining approaches for different log types

Log Integrity

To ensure log integrity, MCP-I recommends:

  1. Cryptographic Signing: Sign logs with a dedicated logging key
  2. Hash Chaining: Link records with cumulative hashes
  3. Merkle Trees: Efficient verification of log integrity
  4. Secure Timestamping: Third-party timestamp attestations

Access Control

Audit logs must be protected with proper access controls:

Loading diagram...

Reputation Management

Building on audit data, MCP-I enables reputation management for agents:

Reputation Components

  1. Trust Score: A numeric representation of an agent's trustworthiness
  2. Behavior Analysis: Patterns of agent requests and activities
  3. Verification History: Success and failure rates of credential verification
  4. Feedback Mechanisms: Reports from services or principals

Reputation is derived from:

Reputation is exposed downstream for MCP-I Aware services.

  • Number of successful verifications
  • Past revocations
  • Scope of delegated actions

KnowThat.ai Registry

The canonical public registry at KnowThat.ai provides:

  1. Agent Directory: Searchable registry of known agents
  2. Reputation API: Query agent reputation information
  3. Flagging System: Mark problematic agents or behaviors
  4. Conformance Badges: Display MCP-I conformance levels

Implementation Example

// Example reputation check implementation
async function checkAgentReputation(agentDid) {
  try {
    // Query the reputation service
    const response = await fetch(
      `https://api.knowthat.ai/reputation/${encodeURIComponent(agentDid)}`
    );

    if (!response.ok) {
      throw new Error(`Reputation check failed: ${response.status}`);
    }

    const reputation = await response.json();

    // Apply reputation-based policy
    if (reputation.score < 50) {
      console.warn(`Low reputation agent detected: ${agentDid}`);
      // Implement additional verification or restrictions
    }

    // Log the reputation check
    await logAuditEvent({
      eventType: "ReputationChecked",
      actorId: agentDid,
      result: {
        reputationScore: reputation.score,
        reputationFlags: reputation.flags,
      },
    });

    return reputation;
  } catch (error) {
    console.error("Reputation check error:", error);
    // Fall back to default policy
    return { score: 0, flags: ["unknown"], error: error.message };
  }
}

Monitoring and Analytics

Real-time Monitoring

MCP-I recommends implementing:

  1. Dashboards: Visual representations of agent activities
  2. Alerts: Notifications for suspicious or anomalous events
  3. Rate Limiting: Protection against abuse or misuse
  4. Health Monitoring: System status and performance metrics

Advanced Analytics

For Level 3 implementations, consider:

  1. Behavioral Analytics: Detecting unusual agent behavior
  2. Pattern Recognition: Identifying potential credential misuse
  3. Predictive Models: Anticipating security issues
  4. Correlation Analysis: Connecting related events across systems

Anonymization and Privacy

To balance accountability with privacy, MCP-I supports:

  1. Data Minimization: Collect only necessary information
  2. Selective Disclosure: Reveal only required log fields
  3. Anonymization: Remove identifying information when appropriate
  4. Pseudonymization: Replace identifiers with non-identifying equivalents
// Example log anonymization function
function anonymizeLogRecord(logRecord) {
  // Create a deep copy
  const anonymized = JSON.parse(JSON.stringify(logRecord));

  // Replace sensitive fields with masked versions
  if (anonymized.clientInfo && anonymized.clientInfo.ipAddress) {
    anonymized.clientInfo.ipAddress = anonymizeIp(
      anonymized.clientInfo.ipAddress
    );
  }

  // Replace DIDs with consistent pseudonyms
  if (anonymized.actorId) {
    anonymized.actorId = generatePseudonym(anonymized.actorId);
  }

  if (anonymized.delegator) {
    anonymized.delegator = generatePseudonym(anonymized.delegator);
  }

  return anonymized;
}

Error Detection and Response

The Audit Layer can help identify and respond to errors:

  1. Error Patterns: Detecting repeated verification failures
  2. Threshold Alerts: Notifications when errors exceed thresholds
  3. Automated Responses: Taking action based on error patterns
  4. Forensic Analysis: Detailed investigation of security incidents

Implementation Considerations

When implementing the Audit Layer:

  1. Performance Impact: Optimize logging to minimize performance impact
  2. Storage Requirements: Plan for log volume and growth
  3. Legal Requirements: Ensure compliance with relevant regulations
  4. Disaster Recovery: Protect audit logs against loss or corruption

Audit Integration Points

The Audit Layer integrates with other MCP-I components:

Loading diagram...

Next Steps

  • Learn about Security & Compliance for security best practices
  • Check out the FAQ for common questions about auditing and reputation