Skip to content

[Gap]: Document vMCP audit logging #488

New issue
New issue
Closed
#497
Closed
[Gap]: Document vMCP audit logging#488
#497
Assignees
yrobla
Labels
documentationImprovements or additions to documentationenhancementNew feature or request
@jerm-dro

Description

@jerm-dro
jerm-dro
opened on Jan 29, 2026

What needs documentation?

The vMCP server now supports audit logging for all MCP operations. This feature enables security compliance and operational visibility for enterprise deployments by tracking tool calls, connections, resource access, and backend routing.

Key features that need documentation:

  • vMCP-specific audit event types (vmcp_backend_discovery, vmcp_backend_auth, vmcp_composite_workflow, vmcp_composite_step)
  • Configuration options for enabling/disabling audit logging
  • Audit log output destination configuration (stdout, file, external)
  • Structured JSON audit log format
  • User identity capture from auth tokens

Context and references

Implementation issue: stacklok/toolhive#2850

Use case

As a security/compliance officer in an enterprise deploying vMCP, I want all MCP operations (tool calls, connections, resource access, backend routing) to be audit logged, so that I can meet security compliance requirements and have operational visibility for incident investigation.

Metadata

Metadata

Assignees

Labels

documentationImprovements or additions to documentationenhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions