Audit Ledger MCP
Officialby shahidh68 · TypeScript
Record AI decisions to a tamper-evident audit ledger from any MCP-compatible agent.
Records AI decisions to a tamper-evident audit ledger for compliance and accountability.
Topics
README not available yet.
Install
Configuration
AUDIT_API_URLYour deployed audit-ledger API endpoint (e.g. https://<api-id>.execute-api.<region>.amazonaws.com/prod). Leave unset to run in sandbox mode against the public shared tenant.
AUDIT_WRITE_KEYsecretTenant write key for your deployed ledger. Required if AUDIT_API_URL is set and you want to call record_decision.
AUDIT_READ_KEYsecretTenant read key for your deployed ledger. Required if AUDIT_API_URL is set and you want to call verify_decision or list_decisions.
AUDIT_TIMEOUT_MSHTTP timeout in milliseconds. Defaults to 5000.
AUDIT_RETRY_ATTEMPTSNumber of retry attempts on transient failures. Defaults to 3.
AUDIT_HMAC_KEYsecretTenant secret used to HMAC-SHA256 PII and prompts locally before sending. Generate once per tenant (e.g. node -e "console.log(require('crypto').randomBytes(32).toString('hex'))") and keep it in your environment. The key never leaves your process. If unset, the MCP falls back to plain SHA-256 for backwards compatibility and logs a one-time deprecation warning; set this to switch to keyed hashing, which regulators (ICO/EDPB) expect for pseudonymisation.
claude_desktop_config.json
{
"mcpServers": {
"audit-ledger-mcp": {
"command": "npx",
"args": [
"-y",
"audit-ledger-mcp@0.3.1"
],
"env": {
"AUDIT_API_URL": "<YOUR_AUDIT_API_URL>",
"AUDIT_WRITE_KEY": "<YOUR_AUDIT_WRITE_KEY>",
"AUDIT_READ_KEY": "<YOUR_AUDIT_READ_KEY>",
"AUDIT_TIMEOUT_MS": "<YOUR_AUDIT_TIMEOUT_MS>",
"AUDIT_RETRY_ATTEMPTS": "<YOUR_AUDIT_RETRY_ATTEMPTS>",
"AUDIT_HMAC_KEY": "<YOUR_AUDIT_HMAC_KEY>"
}
}
}
}