Rhombus MCP Server

Official

Overview Schema Related Servers Score Discussions

user-audit-tool

Retrieves configuration audit trails for a specific user or target entity, showing who made changes and what was modified.

Instructions

This tool retrieves configuration audit trails for specific users or specific targets (devices, policies, etc.). Unlike the general audit feed, this focuses on a SINGLE user or a SINGLE target entity.

It has the following modes of operation, determined by the "requestType" parameter:

audit-by-user: Get all configuration changes made BY a specific user. Requires userUuid (use user-tool to find it). Answers: "What did this admin change recently?"
audit-by-target: Get all configuration changes made TO a specific entity (camera, door, policy, etc.). Requires targetUuid. Answers: "Who changed the settings on this camera?"

Both modes return audit events with action, display text, who did it, what was changed, and when.

Output filtering (all tools):

includeFields (string[]): Dot-notation paths to keep in the response (e.g. "vehicleEvents.vehicleLicensePlate"). Omit to return all fields.
filterBy (array): Predicates to filter array items. Each entry: {field, op, value} where op is one of = != > >= < <= contains. All conditions are ANDed. Example: [{field:"vehicleLicensePlate", op:"=", value:"ABC123"}] WARNING: some tool responses exceed 400k characters — use these params to request only the data you need.

Input Schema

TableJSON Schema

Name	Required	Description
`requestType`	Yes	The type of audit request to make.
`userUuid`	Yes	User UUID whose actions to audit. Required for 'audit-by-user'. Use user-tool to find this.
`targetUuid`	Yes	Target entity UUID (camera, door, policy, etc.) to see what has been done to it. Required for 'audit-by-target'.
`maxResults`	Yes	Maximum number of audit events to return. Defaults to 50.
`includeFields`	Yes	Dot-notation field paths to include in the response (e.g. "vehicleEvents.vehicleLicensePlate"). Pass null to return all fields. WARNING: some responses can exceed 400k characters — use includeFields to request only the data you need. For high-volume tools this may be required to get a complete answer.
`filterBy`	Yes	Filter array items in the response by field values. All conditions are ANDed. Example: [{field: "vehicleLicensePlate", op: "=", value: "ABC123"}, {field: "confidence", op: ">", value: 0.8}] Use alongside includeFields to get only the specific records and fields you need.

Output Schema

TableJSON Schema

Name	Required	Description	Default
`auditEvents`	No	List of audit events, most recent first
`error`	No	An error message if the request failed.

Implementation Reference

src/tools/user-audit-tool.ts:27-81 (handler)

The main tool handler function (TOOL_HANDLER) that processes audit-by-user or audit-by-target requests. It extracts args, calls the appropriate API function, and returns structured content.

const TOOL_HANDLER = async (args: ToolArgs, _extra: unknown) => {
  const { requestModifiers, sessionId } = extractFromToolExtra(_extra);

  try {
    switch (args.requestType) {
      case UserAuditRequestType.AUDIT_BY_USER: {
        if (!args.userUuid) {
          return createToolStructuredContent<OUTPUT_SCHEMA>({
            error: "userUuid is required for audit-by-user. Use user-tool to find it.",
          });
        }
        const auditEvents = await getAuditFeedForPrincipal(
          args.userUuid,
          args.maxResults ?? undefined,
          requestModifiers,
          sessionId
        );
        return createToolStructuredContent<OUTPUT_SCHEMA>({ auditEvents });
      }
      case UserAuditRequestType.AUDIT_BY_TARGET: {
        if (!args.targetUuid) {
          return createToolStructuredContent<OUTPUT_SCHEMA>({
            error: "targetUuid is required for audit-by-target.",
          });
        }
        const auditEvents = await getAuditFeedForTarget(
          args.targetUuid,
          args.maxResults ?? undefined,
          requestModifiers,
          sessionId
        );
        return createToolStructuredContent<OUTPUT_SCHEMA>({ auditEvents });
      }
    }
  } catch (error: unknown) {
    if (error instanceof Error) {
      return createToolStructuredContent<OUTPUT_SCHEMA>({ error: error.message });
    }
    return createToolStructuredContent<OUTPUT_SCHEMA>({ error: "Unknown error" });
  }

  return createToolStructuredContent<OUTPUT_SCHEMA>({ error: "Invalid request type" });
};

export function createTool(server: McpServer) {
  server.registerTool(
    TOOL_NAME,
    {
      description: TOOL_DESCRIPTION,
      inputSchema: TOOL_ARGS,
      outputSchema: OUTPUT_SCHEMA.shape,
    },
    TOOL_HANDLER
  );
}

src/types/user-audit-tool-types.ts:1-53 (schema)

Type definitions including the enum UserAuditRequestType, input schema (TOOL_ARGS) with Zod validations, AuditEventSchema, and OUTPUT_SCHEMA defining the structure of tool responses.

import { z } from "zod";
import { INCLUDE_FIELDS_ARG, FILTER_BY_ARG } from "../util.js";

export enum UserAuditRequestType {
  AUDIT_BY_USER = "audit-by-user",
  AUDIT_BY_TARGET = "audit-by-target",
}

export const TOOL_ARGS = {
  requestType: z
    .nativeEnum(UserAuditRequestType)
    .describe("The type of audit request to make."),
  userUuid: z
    .string()
    .nullable()
    .describe("User UUID whose actions to audit. Required for 'audit-by-user'. Use user-tool to find this."),
  targetUuid: z
    .string()
    .nullable()
    .describe("Target entity UUID (camera, door, policy, etc.) to see what has been done to it. Required for 'audit-by-target'."),
  maxResults: z
    .number()
    .nullable()
    .describe("Maximum number of audit events to return. Defaults to 50."),
  includeFields: INCLUDE_FIELDS_ARG,
  filterBy: FILTER_BY_ARG,
};
const TOOL_ARGS_SCHEMA = z.object(TOOL_ARGS);
export type ToolArgs = z.infer<typeof TOOL_ARGS_SCHEMA>;

const AuditEventSchema = z.object({
  uuid: z.string().optional(),
  action: z.string().optional(),
  displayText: z.string().optional(),
  principalName: z.string().optional(),
  principalUuid: z.string().optional(),
  targetName: z.string().optional(),
  targetUuid: z.string().optional(),
  timestamp: z.string().optional(),
  failure: z.boolean().optional(),
  sourceIp: z.string().optional(),
  sourceCity: z.string().optional(),
  sourceCountry: z.string().optional(),
});

export const OUTPUT_SCHEMA = z.object({
  auditEvents: z
    .array(AuditEventSchema)
    .optional()
    .describe("List of audit events, most recent first"),
  error: z.string().optional().describe("An error message if the request failed."),
});
export type OUTPUT_SCHEMA = z.infer<typeof OUTPUT_SCHEMA>;

src/tools/user-audit-tool.ts:71-82 (registration)

The createTool function that registers the tool with the MCP server using server.registerTool(TOOL_NAME, ..., TOOL_HANDLER).

export function createTool(server: McpServer) {
  server.registerTool(
    TOOL_NAME,
    {
      description: TOOL_DESCRIPTION,
      inputSchema: TOOL_ARGS,
      outputSchema: OUTPUT_SCHEMA.shape,
    },
    TOOL_HANDLER
  );
}

src/api/user-audit-tool-api.ts:1-82 (helper)

API layer with getAuditFeedForPrincipal and getAuditFeedForTarget functions that call the backend API endpoints, plus mapAuditEvents helper to transform response data.

import { postApi } from "../network/network.js";
import type { schema } from "../types/schema.js";
import type { RequestModifiers } from "../util.js";

interface AuditEvent {
  uuid?: string;
  action?: string;
  displayText?: string;
  principalName?: string;
  principalUuid?: string;
  targetName?: string;
  targetUuid?: string;
  timestamp?: string;
  failure?: boolean;
  sourceIp?: string;
  sourceCity?: string;
  sourceCountry?: string;
}

function mapAuditEvents(events: schema["Report_AuditEventWeb"][]): AuditEvent[] {
  return events.map(evt => ({
    uuid: evt.uuid ?? undefined,
    action: (evt.action as string) ?? undefined,
    displayText: evt.displayText ?? undefined,
    principalName: evt.principalName ?? undefined,
    principalUuid: evt.principalUuid ?? undefined,
    targetName: evt.targetName ?? undefined,
    targetUuid: evt.targetUuid ?? undefined,
    timestamp: evt.timestamp ?? undefined,
    failure: evt.failure ?? undefined,
    sourceIp: evt.sourceIp ?? undefined,
    sourceCity: evt.sourceCity ?? undefined,
    sourceCountry: evt.sourceCountry ?? undefined,
  }));
}

export async function getAuditFeedForPrincipal(
  principalUuid: string,
  maxResults?: number,
  requestModifiers?: RequestModifiers,
  sessionId?: string
): Promise<AuditEvent[]> {
  const res = await postApi<schema["Report_GetAuditFeedForPrincipalWSResponse"]>({
    route: "/report/getAuditFeedForPrincipal",
    body: {
      principalUuid,
      maxResults: maxResults ?? 50,
    } satisfies schema["Report_GetAuditFeedForPrincipalWSRequest"],
    modifiers: requestModifiers,
    sessionId,
  });

  if (res.error) {
    throw new Error(res.errorMsg ?? "Failed to get audit feed for principal");
  }

  return mapAuditEvents(res.auditEvents ?? []);
}

export async function getAuditFeedForTarget(
  targetUuid: string,
  maxResults?: number,
  requestModifiers?: RequestModifiers,
  sessionId?: string
): Promise<AuditEvent[]> {
  const res = await postApi<schema["Report_GetAuditFeedForTargetWSResponse"]>({
    route: "/report/getAuditFeedForTarget",
    body: {
      targetUuid,
      maxResults: maxResults ?? 50,
    } satisfies schema["Report_GetAuditFeedForTargetWSRequest"],
    modifiers: requestModifiers,
    sessionId,
  });

  if (res.error) {
    throw new Error(res.errorMsg ?? "Failed to get audit feed for target");
  }

  return mapAuditEvents(res.auditEvents ?? []);
}

Tool Definition Quality

A4.3/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Without annotations, the description covers behavior well: it describes two modes, the structure of returned audit events, and warns about large responses. It does not mention authentication or side effects, but these are not critical for this read-only tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with sections, front-loaded with the main purpose. It is slightly verbose but every sentence adds value, making it efficient for an agent.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the output schema and schema coverage, the description is complete. It covers all parameters, provides usage context, and warns about large responses. It could mention the default maxResults explicitly, but overall it's sufficient.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so baseline is 3. The description adds value by explaining the meaning of requestType and the relationship between userUuid/targetUuid and modes, and by detailing the filtering parameters with examples and warnings.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description explicitly states it retrieves configuration audit trails for specific users or targets, distinguishing it from a general audit feed. It clearly lists two modes and their purposes.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear guidance on when to use each mode, prerequisites like using user-tool to find userUuid, and explains output filtering to manage large responses. It does not explicitly state when not to use the tool, but the context is sufficient.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/RhombusSystems/rhombus-node-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server