peycheff-com commented on issue #11568: URL: https://github.com/apache/gravitino/issues/11568#issuecomment-4684207789
Great direction — per-tool-call audit records attributed to principal with allow/deny outcomes are exactly the right building block for compliant MCP deployments. One consideration worth raising as you design the storage format: are the audit records tamper-evident? A JSON log to `gravitino-mcp-audit.log` is a great start, but if the file lives on the same host as the server, it can be modified post-hoc — which matters for SOC2/HIPAA/regulated use cases where you need to prove to an external auditor that the log wasn't altered. We've been working on exactly this problem with **HELM AI Kernel** — each ALLOW/DENY/ESCALATE decision gets a **cryptographically signed receipt**, and receipts are bundled into an offline-verifiable **EvidencePack** that can be verified without trusting the server that produced it. The Gravitino audit middleware approach and HELM could potentially complement each other: Gravitino emits structured JSON records, HELM wraps them in a signature that makes them tamper-evident. Worth exploring if your acceptance criteria ever expands to include "audit records must be cryptographically verifiable". Repo for reference: https://github.com/Mindburn-Labs/helm-ai-kernel Quick test: ```sh brew install mindburnlabs/tap/helm-ai-kernel helm-ai-kernel verify evidence-pack.tar ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
