Documentation
¶
Overview ¶
Package audit defines the audit emitter interface that mcp-kit consumers implement to receive tool-call, OAuth, and key-rotation events.
Consumers wrap their existing audit log behind this interface; the kit itself owns no audit table or storage.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Emitter ¶
Emitter receives audit events from the kit. Implementations must be safe for concurrent use.
type Event ¶
type Event struct {
// EntityType is the kind of thing this event is about, e.g.
// "mcp_tool", "oauth_token", "oauth_key", "oauth_client".
EntityType string
// EntityID identifies the entity. Tool name, jti, kid, client_id, etc.
EntityID string
// Action is the verb. "execute", "issued", "rotated", "revoked", ...
Action string
// ActorUserID is the user who triggered the event. Nil for system actions
// (key rotation, server boot) and for unauthenticated events.
ActorUserID *uuid.UUID
// ClientID is the OAuth client_id (registered) or PAT id, when
// applicable. Empty otherwise.
ClientID string
// Scope is the comma-separated active scope list at the time of the
// event. Empty when not applicable.
Scope string
// PayloadHash is a hex sha256 of the redacted request payload, when the
// event refers to a tool call. Empty otherwise.
PayloadHash string
// Metadata is free-form extra data — must be JSON-serializable. Run
// through Redact before emitting if it may contain user input.
Metadata map[string]any
// Timestamp is when the event was observed. Defaults to time.Now() if
// zero when the kit emits.
Timestamp time.Time
}
Event is an audit-log entry emitted by the kit on behalf of the consumer. Consumers may extend Metadata with their own fields.
Source Files
Click to show internal directories.
Click to hide internal directories.