Logging and Audit Trails

Logging and Audit Trails

Every prompt, tool execution, context injection, and result output must be logged with integrity guarantees and traceability.

Logging Best Practices:

  • Log raw prompt input, tool outputs, agent decisions
  • Timestamped JSON with hash chaining (blockchain logs)
  • Use append-only log store like WORM S3 or Loki with retention policy

Sample Log Schema:

{
  "timestamp": "2025-06-26T01:31:42Z",
  "agent_id": "crew-alpha-23",
  "task_id": "threat_summary_9801",
  "tools_invoked": ["ioc_extractor", "dns_resolver"],
  "output_summary": "...",
  "prompt_hash": "abc123...",
  "exec_duration_ms": 1632
}

Optional:
Enable mcp-auditctl CLI to stream logs for forensic inspection or compliance archiving.

ON THIS PAGE