Skip to content

[6a] QueryLog write path — append-only audit records #16

Open
Open
[6a] QueryLog write path — append-only audit records#16
Labels
enhancementNew feature or requestmvpCortex MVP scope
@andrmaz

Description

@andrmaz
andrmaz
opened on Jun 4, 2026

What to build

Every completed MCP query produces an immutable, append-only QueryLog record written to the database. The record captures: actor (user id), organization, department, policy decision trace, Context Bundle references (chunk/document ids used), and response metadata (latency, token counts if available). Deletion and mutation of existing log rows is not permitted.

Acceptance criteria

  • Every MCP query (including denied ones) writes a QueryLog entry.
  • Log entry includes actor, org, department, policy decision trace, and Context Bundle chunk/doc references.
  • QueryLog rows have no update/delete paths in the application layer.
  • Integration test verifies a log entry is created on every query path (allow and deny).

Blocked by

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestmvpCortex MVP scope

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions