Audit events provide traceability for security and policy decisions. Sensitive data must be handled carefully to prevent exposure.

Audit event categories

Audit events are system-generated records that capture security and policy-related actions within the OpenEdge MCP Server. They provide traceability for critical decisions such as rate limiting, authentication, and system startup. These events are essential for compliance and troubleshooting. The following table lists audit event categories and their triggers:
Category Trigger Notes
rate_limit Rate limit audit events record decisions made by the rate-limiting middleware. These events help track whether requests are allowed or denied based on configured policies. When a request is denied, the event includes fields such as status, key, and reason to indicate why the request was blocked.
auth (future) Authentication audit events will capture success and failure outcomes. Centralization of these events is planned for future releases because today they are scattered across multiple modules.
startup_inventory Startup inventory audit events provide a snapshot of system configuration at startup. These events help administrators verify which tools and prompts were loaded during initialization. These events are logged once at boot unless verbose restart mode is enabled, in which case they may appear more frequently.

Sensitive data handling guidelines

The following guidelines describe how sensitive data is managed and what steps administrators should take to avoid accidental exposure:
  • Service account JSON web tokens (JWT) are masked upstream and never logged.
  • Private keys and certificate PEM bodies are not emitted. Only file paths may appear at debug level.
  • Set include_payloads=false in production to prevent accidental capture of personally identifiable information (PII) or LLM responses.