Audit Layer

Introduction to the Audit Layer

The Audit Layer in MCP-I ensures that all identity and delegation activities are properly recorded, monitored, and made available for oversight and compliance purposes. This layer serves several critical functions:

1. Accountability: Maintaining records of which agents performed which actions
2. Transparency: Enabling visibility into delegation chains and agent activities
3. Compliance: Supporting regulatory requirements for audit trails
4. Security: Enabling detection of suspicious patterns or misuse
5. Reputation: Providing data for agent reputation assessments

Audit Trail Requirements

MCP-I defines specific requirements for audit logs based on the conformance level:

Level 1: Basic Audit

• Log all delegation issuance events
• Record basic agent verification attempts
• Store logs securely with access controls
• Maintain logs for a minimum of 30 days

Level 2: Standard Audit

• Cryptographically sign all audit records
• Log all credential verification details
• Include full request context in logs
• Maintain logs for a minimum of 90 days
• Implement log aggregation and search

Level 3: Enterprise Audit

• Use immutable storage for audit records
• Implement tamper-evident logging mechanisms
• Add selective disclosure for privacy-sensitive logs
• Maintain logs for customizable retention periods
• Support advanced analytics and anomaly detection

Core Audit Events

MCP-I defines a set of core audit events that must be logged:

Delegation Events

Verification Events

Administrative Events

Audit Record Format

MCP-I audit records follow a standardized format:

{
  "id": "urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6",
  "timestamp": "2025-06-15T19:23:24Z",
  "eventType": "VerificationSucceeded",
  "actorType": "Agent",
  "actorId": "did:example:agent456",
  "delegator": "did:example:principal123",
  "resource": "https://api.example.com/data/customer-records",
  "action": "read:customer-records",
  "credentialId": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5",
  "verifierSystem": "edge-proxy-east-1",
  "requestId": "req-1a2b3c",
  "clientInfo": {
    "ipAddress": "203.0.113.42",
    "userAgent": "MCP-I Agent/1.0"
  },
  "result": {
    "status": "success",
    "statusCode": 200,
    "responseTime": 123
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2025-06-15T19:23:25Z",
    "verificationMethod": "did:example:logger#key-1",
    "proofValue": "z43BsK5Fu9Sdw..."
  }
}

Audit Storage and Management

Storage Options

MCP-I supports multiple audit storage approaches:

1. Centralized Logging: Traditional log aggregation systems
2. Distributed Ledger: Blockchain-based immutable logs
3. Secure Enclaves: Protected, tamper-resistant storage
4. Hybrid Systems: Combining approaches for different log types

Log Integrity

To ensure log integrity, MCP-I recommends:

1. Cryptographic Signing: Sign logs with a dedicated logging key
2. Hash Chaining: Link records with cumulative hashes
3. Merkle Trees: Efficient verification of log integrity
4. Secure Timestamping: Third-party timestamp attestations

Access Control

Audit logs must be protected with proper access controls:

Reputation Management

Building on audit data, MCP-I enables reputation management for agents:

Reputation Components

1. Trust Score: A numeric representation of an agent's trustworthiness
2. Behavior Analysis: Patterns of agent requests and activities
3. Verification History: Success and failure rates of credential verification
4. Feedback Mechanisms: Reports from services or principals

Reputation is derived from:

Reputation is exposed downstream for MCP-I Aware services.

• Number of successful verifications
• Past revocations
• Scope of delegated actions

KnowThat.ai Registry

The canonical public registry at KnowThat.ai provides:

1. Agent Directory: Searchable registry of known agents
2. Reputation API: Query agent reputation information
3. Flagging System: Mark problematic agents or behaviors
4. Conformance Badges: Display MCP-I conformance levels

Implementation Example

// Example reputation check implementation
async function checkAgentReputation(agentDid) {
  try {
    // Query the reputation service
    const response = await fetch(
      `https://api.knowthat.ai/reputation/${encodeURIComponent(agentDid)}`
    );

    if (!response.ok) {
      throw new Error(`Reputation check failed: ${response.status}`);
    }

    const reputation = await response.json();

    // Apply reputation-based policy
    if (reputation.score < 50) {
      console.warn(`Low reputation agent detected: ${agentDid}`);
      // Implement additional verification or restrictions
    }

    // Log the reputation check
    await logAuditEvent({
      eventType: "ReputationChecked",
      actorId: agentDid,
      result: {
        reputationScore: reputation.score,
        reputationFlags: reputation.flags,
      },
    });

    return reputation;
  } catch (error) {
    console.error("Reputation check error:", error);
    // Fall back to default policy
    return { score: 0, flags: ["unknown"], error: error.message };
  }
}

Monitoring and Analytics

Real-time Monitoring

MCP-I recommends implementing:

1. Dashboards: Visual representations of agent activities
2. Alerts: Notifications for suspicious or anomalous events
3. Rate Limiting: Protection against abuse or misuse
4. Health Monitoring: System status and performance metrics

Advanced Analytics

For Level 3 implementations, consider:

1. Behavioral Analytics: Detecting unusual agent behavior
2. Pattern Recognition: Identifying potential credential misuse
3. Predictive Models: Anticipating security issues
4. Correlation Analysis: Connecting related events across systems

Anonymization and Privacy

To balance accountability with privacy, MCP-I supports:

1. Data Minimization: Collect only necessary information
2. Selective Disclosure: Reveal only required log fields
3. Anonymization: Remove identifying information when appropriate
4. Pseudonymization: Replace identifiers with non-identifying equivalents

// Example log anonymization function
function anonymizeLogRecord(logRecord) {
  // Create a deep copy
  const anonymized = JSON.parse(JSON.stringify(logRecord));

  // Replace sensitive fields with masked versions
  if (anonymized.clientInfo && anonymized.clientInfo.ipAddress) {
    anonymized.clientInfo.ipAddress = anonymizeIp(
      anonymized.clientInfo.ipAddress
    );
  }

  // Replace DIDs with consistent pseudonyms
  if (anonymized.actorId) {
    anonymized.actorId = generatePseudonym(anonymized.actorId);
  }

  if (anonymized.delegator) {
    anonymized.delegator = generatePseudonym(anonymized.delegator);
  }

  return anonymized;
}

Error Detection and Response

The Audit Layer can help identify and respond to errors:

1. Error Patterns: Detecting repeated verification failures
2. Threshold Alerts: Notifications when errors exceed thresholds
3. Automated Responses: Taking action based on error patterns
4. Forensic Analysis: Detailed investigation of security incidents

Implementation Considerations

When implementing the Audit Layer:

1. Performance Impact: Optimize logging to minimize performance impact
2. Storage Requirements: Plan for log volume and growth
3. Legal Requirements: Ensure compliance with relevant regulations
4. Disaster Recovery: Protect audit logs against loss or corruption

Audit Integration Points

The Audit Layer integrates with other MCP-I components:

Next Steps

• Learn about Security & Compliance for security best practices
• Check out the FAQ for common questions about auditing and reputation