MCP Audit & Compliance Gateway

MCP Audit & Compliance Gateway

As AI agents spread across your organisation, every tool call they make is a potential compliance gap. The MCP Audit & Compliance Gateway gives security, platform, and compliance teams full visibility and control over every Model Context Protocol (MCP) interaction, without modifying a line of agent code.

How it works

Deploy the gateway into your own Azure subscription as a managed application. Point your agents at the gateway URL instead of your MCP servers. It intercepts every tool call, resolves the agent's identity from Microsoft Entra ID JWT claims (UPN, appid, OID), evaluates your policy, redacts sensitive data, forwards permitted requests, and writes a structured audit record of every decision.

Built for compliance, not just connectivity

A generic API gateway authenticates and rate-limits. This is built for regulated environments: boundary redaction of PAN and PII, a stable deny-reason taxonomy, tamper-evident audit, and per-identity, time-windowed policy. The audit evidence regulators ask for, ready before they ask.

Key capabilities

• Structured, tamper-evident audit: Every call logged with agent identity, tool, masked arguments and response, decision, deny-reason code, and latency, each event SHA-256 hash-chained so any gap or rewrite is detectable. Streams to Azure Log Analytics or any OpenTelemetry stack.

• Sensitive-data redaction: Built-in detectors for PAN (Luhn-validated), email, UK NIN, SSN, IPv4/IPv6, phone, and JWT, plus credentials and custom patterns, applied before truncation so no partial value leaks. One line of config meets PCI DSS Requirement 3.4.

• Per-identity policy: Allow and deny rules per tool and identity with wildcards, regex argument scanning to block dangerous payloads, sliding-window rate limits, and time-windowed access.

• Advanced controls: Claims-based authorization, strict deny-by-default allow-listing, tool-definition pinning, a human-approval workflow, inline DLP, and shadow mode.

• Multi-server routing: Front multiple MCP servers through one endpoint, each with its own path prefix and policy. Routes hot-reload in 30 seconds, no redeployment.

• Zero agent changes: Agents only need their MCP server URL updated. No SDK or code changes.

Deployment

Deploys entirely into your Azure subscription as an Azure Managed Application. Container App, Log Analytics workspace, and Managed Identity are provisioned automatically. Your data never leaves your environment, and the publisher has no access to it.

Intended audience

Security, platform, and compliance teams deploying AI agents in regulated or enterprise environments, that need an audit trail without waiting for MCP servers to add their own.

Requirements

• Azure subscription with Container Apps and Log Analytics in your region

• MCP servers reachable over HTTPS or within your Azure virtual network

• Microsoft Entra ID tenant for JWT-based agent identity resolution