Hash-chained HMAC-signed audit log MCP for A2A (agent-to-agent) calls. Every tool-call, agent-handoff, decision gets a tamper-evident signed record. EU AI Act Art 12 automatic logs, DORA Art 17 ICT incident logs, ISO 42001 clause 9 monitoring — auditor-ready end-of-day attestations. By MEOK AI Labs.
Project description
Agent Audit Logger MCP
Hash-chained, HMAC-signed audit log for A2A agent calls. Tamper-evident by construction. EU AI Act Art 12 / DORA Art 17 / ISO 42001 clause 9 auditor-ready.
By MEOK AI Labs.
Why
When agent A delegates to agent B who invokes tool C, the causal chain disappears the moment anything fails. Auditors need a record that proves:
- The event actually happened (cryptographic signature)
- The record wasn't modified after the fact (hash chain)
- The chain is continuous (no deletions)
Point every agent at this MCP's log tool. Each entry is HMAC-SHA256 signed and hash-chained to the previous entry.
Tools
log— append a new (from_agent, to_agent, action, outcome) entry, signed + chainedverify_chain— re-verify the entire chain for a tenant; flags the first breaksearch— query by agent, operation, outcomedaily_stats— per-day log volumesign_day_attestation— Pro: signed end-of-day evidence packet with tip hash
Install
pip install agent-audit-logger-mcp
Claude Desktop
{
"mcpServers": {
"audit": { "command": "agent-audit-logger-mcp" }
}
}
Example
# In your orchestrator MCP, immediately after an A2A delegation:
log(
tenant_id="acme-corp",
from_agent="orchestrator",
to_agent="compliance-scorer",
action="score_dora_article_9",
payload_hash=sha256(payload),
outcome="success",
context_csv="high-risk,financial"
)
# End of day: emit signed attestation for auditor
sign_day_attestation(
tenant_id="acme-corp",
date_utc="2026-04-23",
api_key="meok_pro_..."
)
Tiers
- Free — 1,000 log entries/day, ephemeral, chain verification
- Pro £199/mo — unlimited + signed end-of-day attestations + chain integrity reports — subscribe
- Enterprise £1,499/mo — multi-tenant + SIEM webhook push + retention policy — subscribe
Related MEOK MCPs
agent-rate-limiter-mcp— fleet-wide shared rate limiteragent-policy-enforcement-mcp— per-agent-pair IAMa2a-governance-bridge-mcp— map A2A to compliance frameworksmeok-attestation-verify— verify signed certs anywhere
License
MIT — MEOK AI Labs, 2026.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_audit_logger_mcp-1.0.1-py3-none-any.whl.
File metadata
- Download URL: agent_audit_logger_mcp-1.0.1-py3-none-any.whl
- Upload date:
- Size: 8.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8a2a59c2903677dab08b8f0f908d6fb5036125946d686ef64285e8b5dcb9d597
|
|
| MD5 |
9beb767344472cf3e95d4b0743bfccdf
|
|
| BLAKE2b-256 |
cf1a075f31f525ab40da825f6ef80d50dafd29f0bf2fc07278a39af43bb9f1f3
|
