yuqi1129 opened a new issue, #11568: URL: https://github.com/apache/gravitino/issues/11568
### Describe the subtask Emit a structured audit record for every MCP tool invocation, capturing the calling principal, tool name, and allow/deny outcome. Records are written to `gravitino-mcp-audit.log` in JSON format and are integrated with the existing Gravitino audit subsystem so there is a single audit trail. **Changes:** - New `mcp_server/core/audit.py`: `AuditLogger` class; fields: `timestamp`, `principal`, `tool`, `outcome` (`allow`/`deny`), `error_type` - `mcp_server/server.py`: add `AuditMiddleware` to the middleware chain; extract principal from `Authorization` header; record outcome after each tool call **Acceptance:** - A successful read tool call produces a JSON audit record with `outcome: allow` and the correct principal - A denied write call produces a record with `outcome: deny` ### Parent issue TBD (EPIC to be linked after creation) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
