Skip to content

feat: MCP audit middleware and human-in-the-loop approval gate#9

Open
Copilot wants to merge 3 commits into
mainfrom
copilot/add-audit-logging-and-validation
Open

feat: MCP audit middleware and human-in-the-loop approval gate#9
Copilot wants to merge 3 commits into
mainfrom
copilot/add-audit-logging-and-validation

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 8, 2026

Adds centralised auditing of every MCP tool call and an attribute-driven approval gate that pauses dangerous actions pending human confirmation via Signal poll.

Audit Middleware

  • McpAuditMiddleware implements the AIAgentBuilder.Use(...) function invocation delegate — captures tool name, arguments, duration, success/failure for every call
  • Emits structured log at Information level per invocation (plugs into existing Serilog/OTel pipeline)
  • Auto-wired into the server-side agent pipeline via HausServiceCollectionExtensions.CreateAgent — no changes needed to individual McpQueryService classes

Human-in-the-Loop Approval

  • [RequiresApproval] attribute marks methods that gate on human confirmation before execution
  • Middleware sends a Signal poll ("⚠️ Agent wants to call '{ToolName}'. Approve?" → Yes/No), awaits vote via existing IPollTracker, then proceeds or denies
  • Fail-safe: timeout defaults to deny
  • Config overrides (AlwaysRequireApproval / NeverRequireApproval) allow ops control without redeployment

Decorated Tools

  • UnlockHouseDoor — physical security
  • SetSmartPlugPower — appliance power control
  • SwitchOffAllHouseLights — bulk state change

Configuration

"AuditConfig": {
  "Enabled": true,
  "RedisStreamKey": "audit:mcp:calls",
  "MaxStreamLength": 10000,
  "ApprovalEnabled": true,
  "ApprovalTimeoutMs": 60000,
  "AlwaysRequireApproval": [],
  "NeverRequireApproval": []
}

Development config disables approval and exempts all current tools for unblocked local iteration.

Copilot AI and others added 2 commits May 3, 2026 22:17
@f2calv
feat: add MCP audit middleware and human-in-the-loop approval gate
8f47b55 
- Create RequiresApprovalAttribute for marking dangerous MCP tools
- Create AuditConfig record for audit/approval configuration
- Create McpAuditRecord DTO for structured audit log entries
- Create McpAuditMiddleware with audit logging and Signal poll approval gate
- Wire middleware into server-side agent pipeline via HausServiceCollectionExtensions
- Decorate UnlockHouseDoor, SetSmartPlugPower, SwitchOffAllHouseLights with [RequiresApproval]
- Add AuditConfig section to appsettings.json and appsettings.Development.json

Agent-Logs-Url: https://github.com/f2calv/SmartHaus/sessions/baa200f2-2fbe-4d1c-9472-b1b54288bc8f

Co-authored-by: f2calv <16097639+f2calv@users.noreply.github.com>
@f2calv
docs: clarify case-insensitive matching in AuditConfig tool name arrays
a6d89ed 
Agent-Logs-Url: https://github.com/f2calv/SmartHaus/sessions/baa200f2-2fbe-4d1c-9472-b1b54288bc8f

Co-authored-by: f2calv <16097639+f2calv@users.noreply.github.com>
@f2calv f2calv marked this pull request as ready for review May 8, 2026 05:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@f2calv f2calv

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@f2calv