A structured audit logging library for the MCP Gateway that captures security-relevant events with configurable severity, multiple storage backends (console, file, in-memory), tamper-evident SHA-256 chaining, and a query API. Provides logger classes and event creation utilities for compliance audit trails.
import { ConsoleAuditLogger, FileAuditLogger, CompositeAuditLogger } from "@reaatech/mcp-gateway-audit";const logger = new CompositeAuditLogger([ new ConsoleAuditLogger(), new FileAuditLogger({ path: "/var/log/gateway/audit.json" }),]);logger.log(createAuditEvent("auth.success", { tenantId: "acme-corp" }));// → Written to both console and file
Tamper-evident audit chain
typescript
import { FileAuditLogger, TamperEvidentLogger, verifyAuditChain } from "@reaatech/mcp-gateway-audit";const baseLogger = new FileAuditLogger({ path: "./audit.json" });const logger = new TamperEvidentLogger(baseLogger);// Log events — each gets a chain hash referencing the previous eventlogger.log(createAuditEvent("tool.executed", { tool: "glean_search" }));logger.log(createAuditEvent("tool.executed", { tool: "serval_query" }));// Verify integrity laterconst events = loadAuditLog("./audit.json");const result = verifyAuditChain(events);console.log(result.valid, result.errors);
Querying audit logs
typescript
import { MemoryAuditStorage, createAuditQueryService } from "@reaatech/mcp-gateway-audit";const storage = new MemoryAuditStorage();const query = createAuditQueryService(storage);const results = query({ tenantId: "acme-corp", eventType: "auth.failure", startDate: new Date("2026-01-01"), limit: 50,});console.log(`Found ${results.total} auth failures for acme-corp`);
Fastify
Recording is framework-agnostic (recordAudit(ctx, decision, options)). Both the
Express middleware (auditMiddleware) and the Fastify plugin write through the
same core, and both default to a silent sink — nothing is written to stdout
(reserved for the MCP JSON-RPC stream) unless you supply a logger.
typescript
import Fastify from "fastify";import { fastifyAuth } from "@reaatech/mcp-gateway-auth/fastify";import { ConsoleAuditLogger } from "@reaatech/mcp-gateway-audit";import { fastifyAudit } from "@reaatech/mcp-gateway-audit/fastify";const app = Fastify();await app.register(fastifyAuth);await app.register(fastifyAudit, { logger: new ConsoleAuditLogger() });
Use SilentAuditLogger (the default) on hosts that forbid stdout writes, or any
AuditLogger (FileAuditLogger, CompositeAuditLogger, custom). fastify is an
optional peer dependency.
Registration order:auth → rate-limit → allowlist → audit → cache —
register fastifyAudit after fastifyAllowlist and before fastifyCache.