agent-audit-trail
Allows using PostgreSQL as a storage backend for audit logs with hash chain guarantees (documentation coming soon).
Allows using Supabase as a cloud-hosted storage backend for audit logs with hash chain guarantees (documentation coming soon).
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@agent-audit-trailLog action: customer-support-bot SELECT email, phone from customers"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Agent Audit Trail
Compliance infrastructure for agentic AI.
An MCP server that provides immutable audit logging, policy enforcement, and compliance reporting for AI agent workflows. Built for SMBs deploying AI agents who need to demonstrate regulatory compliance (Colorado SB 205, EU AI Act, and emerging state AI legislation).
Employer Summary
This is the strongest repo to review for AI governance, agent safety, and implementation reliability. It shows the part of AI delivery that usually gets ignored in demos: what happened, which tool was called, what data was touched, which policy fired, and whether the record can be trusted later.
Proof points:
MCP server surface for agent/tool workflows
hash-chained audit log with integrity verification
configurable policy rules for PII, financial actions, and destructive operations
compliance-oriented export path
production path from local JSON to PostgreSQL/Supabase-style storage
Related MCP server: hivelaw
What It Does
Agent Audit Trail sits between your AI agents and their tools, providing:
Cryptographically Immutable Audit Logging - Every agent action is recorded with full context and a SHA-256 hash chained to the previous entry. Tampering is detectable. Verification is one call away.
Policy Engine - Configurable rules that evaluate every action in real time. Flag PII access, block high-value financial transactions, detect destructive database operations, or create custom rules for your business.
Compliance Reporting - Export audit logs in formats suitable for regulatory submissions. Pre-built support for Colorado SB 205 impact assessments and EU AI Act transparency documentation. Exports include a chain integrity verification result.
Agent Registry - Track which agents are active, what they do, and their historical activity patterns.
Quick Start
Install
npm install -g agent-audit-trailAdd to Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"agent-audit-trail": {
"command": "agent-audit-trail"
}
}
}Add to Claude Code
claude mcp add agent-audit-trail -- npx agent-audit-trailAvailable Tools
Tool | Description |
| Log an agent action to the immutable audit trail |
| Search and filter audit entries |
| Get full details for a specific log entry |
| Dashboard-style activity summary |
| Show all registered agents |
| Explicitly register a new agent |
| Show configured policy rules |
| Create a new policy rule |
| Enable or disable a rule |
| Verify the cryptographic integrity of the audit trail |
| Export logs for compliance reporting |
Default Policy Rules
Three rules are active out of the box:
PII Field Access (High) - Flags access to fields matching SSN, date of birth, email, phone, address, passport, driver license, or credit card patterns.
High-Value Financial Action (High) - Flags financial actions with amounts exceeding $1,000.
Destructive Action Detection (Critical) - Flags tool calls containing DELETE, DROP, TRUNCATE, or REMOVE operations.
Cryptographic Immutability
Every log entry is chained to the previous one using SHA-256. Each entry stores:
previous_hash— the hash of the entry before it (null for the first entry)hash— SHA-256 of:previous_hash + all entry fields
This means:
Modifying any historical entry changes its hash, breaking the chain
Deleting an entry leaves the next entry pointing to a hash that no longer exists
You can verify the entire chain with
verify_chainand get a definitive yes/no answer
Run verify_chain before exporting compliance reports to confirm the chain is intact. The export output includes the verification result.
Example Usage
Logging an action
Use the log_action tool:
- agent_name: "customer-support-bot"
- tool_name: "database_query"
- tool_action: "SELECT"
- parameters: {"query": "SELECT email, phone FROM customers WHERE id = 123"}
- data_fields_accessed: "email,phone"The server will log the action and return any policy violations (in this case, the PII Field Access rule would flag the email and phone access).
Querying the audit trail
Use the query_logs tool:
- has_violations: true
- limit: 10Adding a custom policy rule
Use the add_policy_rule tool:
- name: "Block External API Calls"
- description: "Block agents from calling external APIs without approval"
- condition_type: "tool_match"
- condition_operator: "contains"
- condition_value: "external_api"
- action: "block"
- severity: "high"Data Storage
Audit logs are stored locally at ~/.agent-audit-trail/audit-logs.json by default with full hash chaining. Configure a custom path with the AUDIT_DATA_DIR environment variable.
Production note: Local JSON storage works for single-instance deployments. For multi-agent or distributed setups, swap to Supabase/PostgreSQL for scalable, cloud-hosted storage with the same hash chain guarantees (documentation coming soon).
Regulatory Context
This tool helps businesses demonstrate compliance with:
Colorado SB 205 (effective Feb 2026) - Requires impact assessments and consumer notifications for AI-driven consequential decisions
EU AI Act (high-risk enforcement Aug 2026) - Requires transparency, documentation, and human oversight for AI in critical sectors
Emerging US state AI legislation - Multiple states have pending AI governance requirements
Note: Agent Audit Trail provides logging and reporting infrastructure. It does not constitute legal compliance certification. Consult legal counsel for your compliance program.
Built By
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/dtjohnson83/agent-audit-trail'
If you have feedback or need assistance with the MCP directory API, please join our Discord server