MCP access part 3: audit events and reporting#54779
Merged
Conversation
greedy52
added
no-changelog
greedy52
force-pushed
the
STeve/54705_part_3_events
branch
from
0bf3eae to
d7cee4b
Compare
github-actions
Bot
added
audit-log
zmb3
reviewed
May 13, 2025
| events.AutoUpdateAgentRolloutRollback AutoUpdateAgentRolloutRollback = 215; | ||
| events.MCPSessionStart MCPSessionStart = 216; | ||
| events.MCPSessionEnd MCPSessionEnd = 217; | ||
| events.MCPSessionRequest MCPSessionRequest = 218; |
Collaborator
There was a problem hiding this comment.
Does this work like app access where the requests get chunked up and stored in session recordings, or are we emitting every request directly to the audit log?
Contributor
Author
There was a problem hiding this comment.
they go straight to audit events similar to database queries. LLMs "execute" these requests based on user's behaves (like the inputs on the prompt) so don't expect a huge number of request to spam audit log. Any concern? we could introduce audit event vs recording mode for these but we never get to do that for database access.
zmb3
reviewed
May 13, 2025
kimlisa
approved these changes
May 28, 2025
zmb3
approved these changes
May 28, 2025
greedy52
force-pushed
the
STeve/54705_part_3_events
branch
from
9acc0e1 to
7a02f9e
Compare
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
greedy52
added a commit
that referenced
this pull request
Jun 26, 2025
* MCP access part 3: audit events and reporting * add new icon, storybook, format
Merged
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Jul 21, 2025
* Initial PostgreSQL MCP support (#54431) * feat(mcp): initial postgres mcp * test(postgres): fix missing mock function * fix(gomod): go mod tidy all * refactor: code review suggestions * fix(tsh): mcp init missing logger * chore(tsh): missing other route to database field * refactor: use in-memory net listener * test(tsh): add mcp db command test * chore: fix license * refactor(tsh): move logger init * test(mcp): sort slices to avoid flakiness * chore: fix lint * test(mcp): sort the resources before assertion * fix(mcp): update error handler for better message * refactor: code review suggestions * feat: add external error retriever for more accurate error messages * refactor: use the same logger init for mcp purposes * refactor: code review suggestions * refactor(tsh): rename command to `tsh mcp db start` * refactor(mcp): protect database resources with rw mutex * chore: update server godocs * chore: go mod tidy * refactor: update command to take list of databases * chore(mcp): license * chore(tsh): remove unused function * refactor: code review suggestions * refactor(tsh): validate duplicated databases in MCP configuration * refactor(tsh): rename files to mcp_db * feat(mcp): add cluster name to the database resource * fix(tsh): update InitLogger return type (#55479) * MCP access part 1: update app definition and config (#54706) * MCP access part 1: update app definition and config * address feedback * make -C integrations/operator crd * MCP access part 2: new role options, access checker, role editor (#54734) * MCP access part 2: new role options, access checker, role editor * catch unsupported mcp fields * simplify mcpToolsToModel * MCP access part 3: audit events and reporting (#54779) * MCP access part 3: audit events and reporting * add new icon, storybook, format * MCP access part 4: mcputils (#54880) * MCP access part 4: mcp helpers * address feedback * address comment, minor edits * update mcp-go * MCP access part 5: Claude desktop config parser (#55179) * claude desktop config * rework * split Config to Config and FileConfig * add a comment on unofficial linux * MCP access part 6: "tsh mcp ls" (#55292) * MCP access part 6: "tsh mcp ls" * address feedback * MCP access part 7: MCP app in Web UI (#55306) * MCP access part 7: MCP app in Web UI * Make spacing in modal closer to what's in database modal * add mcp app to ResourceActionButton.story.tsx * move AppSubKind to shared/services/types. * remove --format claude (not needed see part 8) * add jsdoc --------- Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com> * MCP access part 8: tsh mcp config (#55370) * MCP access part 8: tsh mcp login/logout * change to --format and --config-file * switch to config and drop logout * enable debug by default * remove unused ut functions * MCP access part 9: tsh mcp connect, stub server, integration test (#55547) * MCP access part 9: tsh mcp connect, stub server, integration test * fix tests and lint * MCP access part 10: server handler (#55644) * MCP access part 10: server handler * address feedback and fix docker tests * add more comments * minor lint fix * move set logger default after other checks * Implement `tsh mcp db config` (#55781) * feat(tsh): add `tsh mcp db config` subcommand * chore(claude): fix lint * refactor: code review suggestions * refactor: code review suggestions * test(tsh): add missing option on test case * chore(tsh): add message on manually adding database URI * Refactor MCP database access to dial ALPN proxy directly (#55836) * refactor: dial database instead of using local proxy for MCP servers * refactor: review suggestions * manual fixes * tctl users add/update to support mcp tools trait (#56771) * tctl users add/update to support mcp tools trait * revert empty slice capability * Enhances MCP servers usage with Cursor (#56474) * feat(mcp): enhances MCP servers usage with Cursor * refactor: code review suggestions * mcputils refactor and new mcptest package (#56010) * mcp server and mcputils refactor * mcptest package * allow testing in mcptest * Teleport MCP demo server (#56637) * Teleport MCP demo server * replace guide tool with session tool, and switch to resource label * add new flag to teleport configure * replace teleport_session_id with mcp_transport_type * feat(gomod): update mcp-go to v0.32.0 * eslint-disable-next-line (same in master) --------- Co-authored-by: Gabriel Corado <gabriel.oliveira@goteleport.com> Co-authored-by: Rafał Cieślak <rafal.cieslak@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related