Audit Logs
Every MCP tool call that passes through your server is recorded in a structured audit log. Track which tool was called, by which client, with what result, the response latency, and whether DLP (Data Loss Prevention) redacted any fields — all from a single tab.
Most MCP platforms offer no built-in observability. If you need audit trails, you are expected to integrate external logging solutions like Datadog, Splunk, or ELK. Vinkius Cloud includes per-server audit logging as a core feature — purpose-built for MCP with semantic verb classification, DLP redaction tracking, client identification via named tokens, and plan-based retention policies.
Log table
Logs are displayed in reverse chronological order with seven columns:
Log fields
Each entry captures the complete context of an MCP tool call:
| Field | Description |
|---|---|
| Timestamp | When the request was processed (YYYY-MM-DD HH:mm:ss) |
| Tool | Which MCP tool was called |
| Verb | Semantic classification: QUERY, MUTATION, or DESTRUCTIVE |
| Code | HTTP status code from the upstream API, color-coded by range |
| Time | Response latency in milliseconds |
| DLP | Number of fields redacted by Data Shielding — highlighted amber when > 0 |
| Client | Named connection token that made the request (identifies the client/environment) |
Each entry also stores the HTTP method, error message (when applicable), and full tool reference for forensic analysis.
Status code colors
| Range | Color | Meaning |
|---|---|---|
| 2xx | Green | Successful response |
| 4xx | Amber | Client error (auth, validation, not found) |
| 5xx | Red | Server error (upstream failure) |
Semantic verbs
Verbs are derived from the underlying HTTP method:
| Verb | HTTP Methods | Color |
|---|---|---|
| QUERY | GET | Neutral |
| MUTATION | POST, PUT, PATCH | Neutral |
| DESTRUCTIVE | DELETE | Red |
This classification helps you quickly identify potentially dangerous operations in the log stream.
DLP redaction tracking
The DLP column shows how many fields were redacted by Data Shielding before the response reached the AI client. When the count is greater than zero, the number is highlighted in amber.
This gives you visibility into how effectively your data protection rules are working — which tools triggered redactions, how often, and for which clients.
Why this matters for compliance
Regulatory frameworks like SOC 2, GDPR, and HIPAA require evidence that sensitive data is protected during processing. The DLP column provides a per-request audit trail of redactions, directly supporting compliance audits without additional tooling.
Client identification
The Client column shows the name of the connection token used for the request — not a generic session ID. Since Vinkius tokens are named per-client (e.g., cursor-main, claude-prod, ci-pipeline), you can immediately identify which AI client or environment made each request.
This is significantly more useful than raw token hashes or IP addresses: when a destructive operation fails, you know exactly which client attempted it and can take action.
Plan-based access
Audit log retention varies by subscription plan:
| Plan | Retention | Access |
|---|---|---|
| Free | Real-time feed only | Dashboard live feed, no persisted logs |
| Developer | Real-time feed only | Dashboard live feed, no persisted logs |
| Team | 7 days | Full audit log table |
| Business | 30 days | Full audit log table |
Real-time feed for all plans
Every plan — including Free — has access to the real-time live feed on the Dashboard tab. The live feed shows the 15 most recent requests in real time. Persisted audit logs with retention and pagination are available on Team and Business plans.
Buyer privacy guard
When a server has an active Marketplace listing, the Audit Logs tab activates a privacy guard to protect buyer confidentiality:
Sellers cannot identify individual buyers from per-request logs.
The privacy guard is not cosmetic — request data is never loaded into the browser. The API returns a 403 buyer_privacy_active error, ensuring data cannot be inspected via browser DevTools.
This separation ensures:
- Sellers see aggregate metrics on the Dashboard tab (total requests, error rates, latency)
- Buyers retain full privacy — their individual requests are never exposed to the seller
- Unpublishing the listing re-enables individual audit logs
Pagination
- Logs are paginated at 25 entries per page
- The footer shows the retention badge (
RETENTION_7D,RETENTION_30D) and page navigation - Cursor-based pagination ensures consistent results even as new logs arrive
Next steps
Frequently Asked Questions
What does the MCP audit log track?
Every MCP tool call is logged with seven fields: timestamp (UTC precision), tool name, semantic verb (QUERY, MUTATION, DESTRUCTIVE), HTTP status code, response latency in milliseconds, DLP redaction count, and the named connection token that made the request.
How is client identification handled in the audit log?
The Client column shows the name of the connection token used for the request — not a generic session ID. Since Vinkius tokens are named per-client (e.g., cursor-main, claude-prod), you can immediately identify which AI client made each request.
What is the DLP column in the audit log?
The DLP column shows how many fields were redacted by Data Shielding before the response reached the AI client. When the count is greater than zero, the number is highlighted in amber. This provides per-request evidence of data protection for compliance audits.
How long are audit logs retained?
Retention depends on your plan: Free and Developer plans get real-time feed only (no persistence), Team plan provides 7-day searchable history, and Business plan provides 30-day immutable logs. All plans have access to the real-time live feed on the Dashboard tab.
Can sellers see buyer logs on the Marketplace?
No. When a server has an active Marketplace listing, the Audit Logs tab activates a privacy guard. Request data is never loaded into the browser — the API returns a 403 error, ensuring data cannot be inspected even via DevTools. Sellers see only aggregate metrics on the Dashboard.
What are semantic verbs in the audit log?
Semantic verbs classify each tool call by its impact: QUERY (GET requests — read-only), MUTATION (POST, PUT, PATCH — writes), and DESTRUCTIVE (DELETE — irreversible). Destructive operations are highlighted in red for quick identification.