Documentation Index Fetch the complete documentation index at: https://docs.golf.dev/llms.txt
Use this file to discover all available pages before exploring further.
Audit Log Schema Golf Gateway generates structured audit logs for all MCP traffic, authentication events, and security analysis. This reference documents the complete schema used for audit log entries.
Quick Reference Category Key Fields Purpose Core timestamp, event_type, componentEvent identification and timing Identity session_id, gateway_id, organization_idSession and gateway tracking User user.sub, user.email, user.authenticatedUser identity (privacy-compliant) Authentication authentication.result, authentication.provider_typeAuth method and result Security security.threat_score, security.blocked, security.was_scrubbedThreat detection and PII scrubbing MCP Protocol mcp_method, mcp_tool_name, mcp_*_payloadMCP JSON-RPC details Integrity sequence, prev_hash, integrity_hashTamper-proof hash chain Internal message, correlation, metadataInternal processing (not exported)
Schema Overview
View Complete Schema Example
{ "timestamp" : "2024-01-15T10:30:45.123456+00:00" , "event_type" : "mcp_request" , "component" : "mcp_parser" , "session_id" : "sess_abc123def456" , "gateway_id" : "550e8400-e29b-41d4-a716-446655440000" , "gateway_name" : "production-gateway" , "organization_id" : "org_xyz789" , "client_info" : { "name" : "claude-desktop" , "version" : "1.2.3" }, "authentication" : { "method" : "oauth2" , "result" : "success" , "completed_at" : 1705315845123 , "provider_type" : "auth0" , "provider_name" : "Production Auth0" , "authorization_result" : "granted" , "scopes" : [ "read:mcp" , "write:mcp" ], "granted_at" : 1705315845123 , "user_id" : "auth0|abc123" , "email" : "a1b2c3d4e5f6g7h8" , "session_created" : true , "session_type" : "authenticated" }, "security" : { "threat_score" : 0.02 , "threats_detected" : [], "analyzed" : true , "blocked" : false , "detection_method" : "llm" , "content_size_bytes" : 256 , "inference_ms" : 38.5 , "was_scrubbed" : false , "entities_redacted" : 0 , "fields_masked" : 0 }, "request" : { "method" : "POST" , "path" : "/finance-tools/mcp" , "size_bytes" : 256 , "headers" : {} }, "upstream" : { "host" : "mcp-server.internal" , "port" : 3001 , "url" : "http://mcp-server.internal:3001" , "name" : "finance-tools" }, "user" : { "sub" : "auth0|abc123" , "email" : "a1b2c3d4e5f6g7h8" , "authenticated" : true , "anonymous" : false }, "mcp_method" : "tools/call" , "mcp_tool_name" : "get_account_balance" , "mcp_request_payload" : "{ \n \" jsonrpc \" : \" 2.0 \" , \n \" method \" : \" tools/call \" , \n \" params \" : { \n \" name \" : \" get_account_balance \" , \n \" arguments \" : { \" account_id \" : \" 12345 \" } \n }, \n \" id \" : 1 \n }" , "mcp_request_tokens" : 45 , "has_error" : false , "sequence" : 12345 , "prev_hash" : "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2" , "integrity_hash" : "d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5" }
Each audit log entry is a JSON object. The sections below document each field category in detail.
{ "timestamp" : "2024-01-15T10:30:45.123456+00:00" , "event_type" : "mcp_request" , "component" : "mcp_parser" , "session_id" : "sess_abc123" , "gateway_id" : "550e8400-e29b-41d4-a716-446655440000" , "gateway_name" : "production-gateway" , "organization_id" : "org_xyz789" , "client_info" : { ... }, "authentication" : { ... }, "security" : { ... }, "request" : { ... }, "upstream" : { ... }, "user" : { ... }, "mcp_method" : "tools/call" , "mcp_tool_name" : "get_weather" , "mcp_request_payload" : "{ ... }" , "mcp_request_tokens" : 150 , "sequence" : 12345 , "prev_hash" : "a1b2c3..." , "integrity_hash" : "d4e5f6..." }
Core Fields These fields are present on every audit log entry.
Field Type Description timestampstring ISO 8601 timestamp with timezone (e.g., 2024-01-15T10:30:45.123456+00:00) event_typestring Type of audit event (see Event Types ) componentstring System component that generated the event
Event Types Value Description mcp_requestStandard MCP JSON-RPC request mcp_responseStandard MCP JSON-RPC response mcp_sampling_requestSampling/createMessage request mcp_sampling_responseSampling/createMessage response mcp_elicitation_requestServer-initiated elicitation request mcp_elicitation_responseElicitation response from client mcp_notificationMCP notification (no response expected) authenticationAuthentication event securitySecurity analysis event
Component Values Value Description mcp_parserMCP message parsing authAuthentication and authorization securitySecurity analysis and threat detection
Session and Identity Field Type Description session_idstring | null MCP protocol session identifier gateway_idstring | null Gateway UUID (multi-gateway deployments) gateway_namestring | null Human-readable gateway name organization_idstring | null Organization UUID (multi-tenant deployments)
Integrity Fields These fields provide tamper-proof audit logging through cryptographic hash chaining.
Field Type Description sequenceinteger | null Monotonically increasing sequence number prev_hashstring | null HMAC-SHA256 hash of the previous log entry integrity_hashstring | null HMAC-SHA256 hash of the current entry
The integrity chain allows verification that no log entries have been modified or deleted. Configure the hash key with GOLF_SECURITY_INTEGRITY_KEY.
Client Info Information about the MCP client, extracted from the initialize request.
Field Type Description client_info.namestring MCP client name (e.g., “claude-desktop”, “cursor”) client_info.versionstring MCP client version
Example: { "client_info" : { "name" : "claude-desktop" , "version" : "1.2.3" } }
Authentication Authentication and authorization results.
Field Type Description authentication.methodstring Authentication method (default: oauth2) authentication.resultstring success, failed, or anonymousauthentication.completed_atinteger Unix timestamp in milliseconds authentication.provider_typestring | null IDP type: auth0, okta, microsoft-entra-id, descope authentication.provider_namestring | null Human-readable provider name authentication.authorization_resultstring granted, denied, or anonymousauthentication.scopesarray Granted OAuth scopes authentication.granted_atinteger Unix timestamp in milliseconds authentication.user_idstring | null User subject identifier authentication.emailstring | null User email (hashed before export) authentication.namestring | null User display name (removed before export) authentication.session_createdboolean Whether a new session was created authentication.session_typestring authenticated or anonymous
Example: { "authentication" : { "method" : "oauth2" , "result" : "success" , "completed_at" : 1705315845123 , "provider_type" : "auth0" , "provider_name" : "Production Auth0" , "authorization_result" : "granted" , "scopes" : [ "read:mcp" , "write:mcp" ], "granted_at" : 1705315845123 , "user_id" : "auth0|abc123" , "email" : "a1b2c3d4e5f6g7h8" , "session_created" : true , "session_type" : "authenticated" } }
Security Security analysis and threat detection results.
Field Type Description security.threat_scorefloat Threat score from 0.0 (safe) to 1.0 (malicious) security.threats_detectedarray List of detected threat types security.analyzedboolean Whether security analysis was performed security.skipped_reasonstring | null Reason analysis was skipped security.blockedboolean Whether the request/response was blocked security.detection_methodstring | null llm, pattern, or rate_limitsecurity.threat_categorystring | null prompt_injection, jailbreak, data_exfiltration, etc.security.content_size_bytesinteger | null Size of analyzed content in bytes security.inference_msfloat | null LLM inference duration in milliseconds
PII Scrubbing Fields Field Type Description security.was_scrubbedboolean Whether content was scrubbed for PII security.entities_redactedinteger Total PII entities redacted security.fields_maskedinteger Total fields masked by name security.entities_by_typeobject Breakdown of redacted entities by type security.redacted_pathsarray JSON paths where entities were redacted security.masked_field_namesarray Field names that were masked security.custom_rules_firedarray Custom regex rules that matched security.scrub_duration_msfloat | null Scrubbing duration in milliseconds
Example (threat detected): { "security" : { "threat_score" : 0.95 , "threats_detected" : [ "prompt_injection" ], "analyzed" : true , "blocked" : true , "detection_method" : "llm" , "threat_category" : "prompt_injection" , "content_size_bytes" : 1024 , "inference_ms" : 45.2 } }
Example (PII scrubbed): { "security" : { "threat_score" : 0.0 , "threats_detected" : [], "analyzed" : true , "blocked" : false , "was_scrubbed" : true , "entities_redacted" : 3 , "fields_masked" : 1 , "entities_by_type" : { "email" : 2 , "phone" : 1 }, "redacted_paths" : [ "result.content[0].text" ], "masked_field_names" : [ "ssn" ], "scrub_duration_ms" : 12.5 } }
Request Request context information.
Field Type Description request.methodstring | null HTTP or MCP method request.pathstring | null Request path or resource request.size_bytesinteger | null Request size in bytes request.headersobject Request headers (sanitized to empty before export)
Upstream Information about the upstream MCP server.
Field Type Description upstream.hoststring Upstream server hostname upstream.portinteger Upstream server port (1-65535) upstream.urlstring | null Original URL for display upstream.namestring | null Upstream server name
Example: { "upstream" : { "host" : "mcp-server.internal" , "port" : 3001 , "name" : "finance-tools" } }
User User identity information.
Field Type Description user.substring | null User subject identifier user.emailstring | null User email (hashed to 16-char SHA256 before export) user.namestring | null User display name (removed before export) user.authenticatedboolean Whether user is authenticated user.anonymousboolean Whether user is anonymous
For privacy compliance, user.email is hashed and user.name is removed before export to external systems.
MCP Protocol Fields These fields are extracted from MCP messages for efficient querying and aggregation.
Field Type Description mcp_methodstring | null MCP JSON-RPC method (e.g., tools/call, resources/read) mcp_tool_namestring | null Tool name from tools/call or tools/list mcp_resource_uristring | null Resource URI from resources/read or resources/list mcp_prompt_namestring | null Prompt name from prompts/get or prompts/list
Raw Payloads Field Type Description mcp_request_payloadstring | null Raw MCP request JSON (formatted) mcp_response_payloadstring | null Raw MCP response JSON (formatted)
Token Estimates Field Type Description mcp_request_tokensinteger | null Estimated token count for request mcp_response_tokensinteger | null Estimated token count for response
Error Detection Field Type Description has_errorboolean | null Whether MCP response contains an error
Elicitation Fields Fields for server-initiated user input requests (MCP elicitation).
Field Type Description mcp_elicitation_modestring | null Elicitation mode: form or url mcp_elicitation_idstring | null Elicitation ID for URL mode correlation mcp_elicitation_actionstring | null User action: accept, decline, or cancel
Threat Analysis Detailed threat analysis results (when available).
Field Type Description threat_analysis.threat_scorefloat Threat score from 0.0 to 1.0 threat_analysis.detected_patternsarray List of detected threat patterns threat_analysis.severitystring critical, incident, or lowthreat_analysis.remediationstring | null Suggested remediation action
Session Statistics Aggregate session statistics (for monitoring events).
Field Type Description session_stats.active_sessionsinteger Number of active sessions session_stats.total_createdinteger Total sessions created session_stats.total_authenticatedinteger Total authenticated sessions session_stats.total_anonymousinteger Total anonymous sessions
Internal Fields These fields are present in audit log entries for internal processing but are excluded from external exports and the GraphQL API.
Field Type Description messageobject | null Raw MCP message data for internal processing correlationobject | null Request/response correlation for internal tracking metadataobject Additional metadata for legacy compatibility and flexible extensions
These fields are for internal use only. They are not exposed through the GraphQL API and are excluded from export payloads to external systems (Elasticsearch, OpenTelemetry, Sentinel).
Complete Example MCP Request Event: { "timestamp" : "2024-01-15T10:30:45.123456+00:00" , "event_type" : "mcp_request" , "component" : "mcp_parser" , "session_id" : "sess_abc123def456" , "gateway_id" : "550e8400-e29b-41d4-a716-446655440000" , "gateway_name" : "production-gateway" , "organization_id" : "org_xyz789" , "client_info" : { "name" : "claude-desktop" , "version" : "1.2.3" }, "authentication" : { "method" : "oauth2" , "result" : "success" , "completed_at" : 1705315845123 , "provider_type" : "auth0" , "authorization_result" : "granted" , "scopes" : [ "read:mcp" , "write:mcp" ], "granted_at" : 1705315845123 , "user_id" : "auth0|abc123" , "session_type" : "authenticated" }, "security" : { "threat_score" : 0.02 , "threats_detected" : [], "analyzed" : true , "blocked" : false , "detection_method" : "llm" , "content_size_bytes" : 256 , "inference_ms" : 38.5 }, "upstream" : { "host" : "mcp-server.internal" , "port" : 3001 , "name" : "finance-tools" }, "user" : { "sub" : "auth0|abc123" , "authenticated" : true , "anonymous" : false }, "mcp_method" : "tools/call" , "mcp_tool_name" : "get_account_balance" , "mcp_request_payload" : "{ \n \" jsonrpc \" : \" 2.0 \" , \n \" method \" : \" tools/call \" , \n \" params \" : { \n \" name \" : \" get_account_balance \" , \n \" arguments \" : { \" account_id \" : \" 12345 \" } \n }, \n \" id \" : 1 \n }" , "mcp_request_tokens" : 45 , "has_error" : false , "sequence" : 12345 , "prev_hash" : "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2" , "integrity_hash" : "d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5" }
Security Blocked Event: { "timestamp" : "2024-01-15T10:31:12.789012+00:00" , "event_type" : "mcp_request" , "component" : "security" , "session_id" : "sess_xyz789abc123" , "gateway_name" : "production-gateway" , "security" : { "threat_score" : 0.97 , "threats_detected" : [ "prompt_injection" ], "analyzed" : true , "blocked" : true , "detection_method" : "llm" , "threat_category" : "prompt_injection" , "content_size_bytes" : 2048 , "inference_ms" : 52.3 }, "threat_analysis" : { "threat_score" : 0.97 , "detected_patterns" : [ "instruction_override" , "role_manipulation" ], "severity" : "critical" , "remediation" : "Block request and notify security team" }, "mcp_method" : "tools/call" , "mcp_tool_name" : "execute_query" , "sequence" : 12346 , "integrity_hash" : "f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1" }
Export Destinations Audit logs are exported to configured destinations with automatic schema mapping:
Destination Index Pattern Documentation Elasticsearch {prefix}-YYYY.MM.DDExport to Elasticsearch OpenTelemetry OTLP logs Export to OpenTelemetry Microsoft Sentinel Custom DCR table Export to Sentinel
Each destination applies field-specific transformations. For example, Elasticsearch uses daily indices while Sentinel transforms fields to PascalCase for KQL compatibility.
Environment Variables Configure Golf Gateway using environment variables
YAML Configuration Distributed mode configuration for GitOps deployments
Export to Elasticsearch Set up audit log export to Elasticsearch
Export to Sentinel Set up audit log export to Microsoft Sentinel
