Audit Event Structure
| Field | Type | Description |
|---|---|---|
id | string | Unique event identifier |
trace_id | string | Linked trace ID (if applicable) |
event_type | string | Event classification (see below) |
severity | string | info, warning, error, critical |
upstream | string | Upstream server involved |
action | string | The tool/resource/prompt name or action |
principal | string | Client/user identifier |
outcome | string | allow, deny, error, success, failure, canceled |
reason | string | Why (for deny/error outcomes) |
details | map | Flexible key-value context |
timestamp | datetime | When the event occurred |
Multi-Tenant Fields
| Field | Description |
|---|---|
workspace_id | Workspace context |
gateway_id | Gateway that recorded the event |
organization_id | Organization context |
user_id | User who performed the action |
user_email | User’s email address |
user_name | User’s display name |
Event Types
| Event Type | When It’s Recorded |
|---|---|
tool_call | An MCP tool was called |
resource_read | An MCP resource was read |
prompt_get | An MCP prompt was retrieved |
policy_deny | A policy denied a request |
policy_allow | A policy explicitly allowed a request |
auth_failure | Authentication failed |
auth_success | Authentication succeeded |
config_change | Configuration was modified |
server_start | Ultra server started |
server_stop | Ultra server stopped |
upstream_connect | Connected to an upstream server |
upstream_disconnect | Disconnected from an upstream server |
error | An error occurred |
Severity Levels
| Level | Description | Examples |
|---|---|---|
info | Normal operations | Tool calls, resource reads |
warning | Potential issues | Auth token expiring, slow responses |
error | Failures | Upstream connection errors, tool failures |
critical | Security events | Auth failures, policy denials |
Outcomes
| Outcome | Description |
|---|---|
allow | Operation was permitted |
deny | Operation was blocked |
error | Operation failed with an error |
success | Operation completed successfully |
failure | Operation did not complete |
canceled | Operation was canceled |
Fail-Closed Behavior
The audit interceptor is the only built-in interceptor that fails closed on response processing. If the audit event can’t be recorded after a successful upstream operation, the entire call fails. This ensures audit trail completeness — there’s no way for an operation to succeed without being recorded.Querying Audit Events
Dashboard
The web dashboard provides an audit log viewer with filtering:Query Options
Audit events can be filtered by:- Event type, severity, outcome
- Upstream server
- Principal (client identity)
- User ID, organization ID
- Time range
- Workspace and gateway (for Hub deployments)