Logging and Audit Trails
Logging and Audit Trails
Every prompt, tool execution, context injection, and result output must be logged with integrity guarantees and traceability.
Logging Best Practices:
- Log raw prompt input, tool outputs, agent decisions
- Timestamped JSON with hash chaining (blockchain logs)
- Use append-only log store like WORM S3 or Loki with retention policy
Sample Log Schema:
{
"timestamp": "2025-06-26T01:31:42Z",
"agent_id": "crew-alpha-23",
"task_id": "threat_summary_9801",
"tools_invoked": ["ioc_extractor", "dns_resolver"],
"output_summary": "...",
"prompt_hash": "abc123...",
"exec_duration_ms": 1632
}
Optional:
Enable mcp-auditctl CLI to stream logs for forensic inspection or compliance archiving.