European Parliament MCP Server API - v1.0.1
    Preparing search index...

    Class AuditLogger

    GDPR-compliant audit logger with pluggable sinks, parameter sanitisation, data retention enforcement, and access-controlled log retrieval.

    By default the logger writes to an in-memory buffer (queryable via getLogs()) and to stderr (MCP-compatible). Pass a sinks option to replace the default stderr sink with your own destinations (e.g. FileAuditSink, StructuredJsonSink).

    All params objects are passed through sanitizeParams() before storage. Only top-level keys matching sensitiveKeys (default: DEFAULT_SENSITIVE_KEYS) are replaced by '[REDACTED]' to prevent PII leakage into audit trails. Nested objects/arrays are not recursively sanitised; callers must avoid placing PII in nested structures or pre-sanitise such data before logging.

    When retentionMs is set, getLogs() automatically filters out entries older than the configured maximum age (GDPR Article 5(1)(e)).

    When requiredAuthToken is set, getLogs(), queryLogs(), clear(), and eraseByUser() throw if the caller does not supply the correct token.

    auditLogger.logDataAccess('get_meps', { country: 'SE' }, 5, 85);
    const entries = auditLogger.getLogs();

    const requiredAuthToken = process.env['AUDIT_TOKEN'];
    if (!requiredAuthToken) {
      throw new Error(
        'AUDIT_TOKEN environment variable must be set for audit log access control',
      );
    }

    const logger = new AuditLogger({
      sinks: [new FileAuditSink({ filePath: '/var/log/ep-mcp-audit.ndjson' })],
      retentionMs: 30 * 24 * 60 * 60 * 1000,
      requiredAuthToken,
    });

    0.8.0

    Index

    Constructors

    constructor

    Properties

    extraSinks memorySink requiredAuthToken retentionPolicy sensitiveKeys

    Methods

    checkAuthorization clear eraseByUser getLogs log logDataAccess logError logToolCall pruneExpiredEntries queryLogs writeSinks buildRetentionPolicy

    Constructors

    Properties

    extraSinks: readonly AuditSink[]
    memorySink: MemoryAuditSink
    requiredAuthToken: string | undefined
    retentionPolicy: RetentionPolicy | undefined
    sensitiveKeys: readonly string[]

    Methods

    • Parameters

      • Optionalauthorization: string

      Returns void

    • Clears all in-memory audit log entries.

      For testing only. Clearing audit logs in production violates ISMS Policy AU-002 and GDPR Article 30.

      Parameters

      • Optionalauthorization: string

        Authorization token (required when configured)

      Returns void

      0.8.0

    • Removes all audit entries associated with userId from in-memory storage.

      GDPR Article 17 — Right to Erasure. Only removes entries from the in-memory MemoryAuditSink; entries already flushed to persistent sinks (files, SIEM, etc.) must be erased separately via those sinks.

      Parameters

      • userId: string

        The user whose entries should be erased

      • Optionalauthorization: string

        Authorization token (required when configured)

      Returns void

      0.9.0

    • Returns a snapshot of all in-memory audit log entries, optionally filtered by the configured data-retention policy.

      When requiredAuthToken was set in the constructor, authorization must match; otherwise an Error is thrown.

      Parameters

      • Optionalauthorization: string

        Authorization token (required when configured)

      Returns AuditLogEntry[]

      Entries ordered oldest-first, filtered by retention policy

      When requiredAuthToken is configured, this method is access- controlled. Do not expose the returned entries through public APIs.

      0.8.0

    • Logs an audit event to the in-memory store and all configured sinks.

      Parameter values matching sensitiveKeys are automatically replaced by '[REDACTED]' before storage.

      Parameters

      • entry: Omit<AuditLogEntry, "timestamp">

        Audit log entry without a timestamp (generated automatically)

      Returns void

      Writes to sinks only (not stdout, which is reserved for MCP). Per ISMS Policy AU-002, all MCP tool calls must be audit-logged.

      0.8.0

    • Logs a successful data-access event (e.g. a query returning records).

      Parameters

      • action: string

        Action name (e.g. 'get_meps', 'get_committee_meetings')

      • params: Record<string, unknown>

        Query parameters (sanitised automatically)

      • count: number

        Number of records returned

      • Optionalduration: number

        Optional wall-clock duration in milliseconds

      Returns void

      0.8.0

    • Logs a failed operation as an audit error event.

      Parameters

      • action: string

        Action name

      • params: Record<string, unknown>

        Parameters supplied to the failed operation (sanitised)

      • error: string

        Human-readable error message (must not contain secrets)

      • Optionalduration: number

        Optional wall-clock duration in milliseconds

      Returns void

      0.8.0

    • Log an MCP tool call as an audit record.

      The tool's params are sanitised before being wrapped in the entry so that PII in top-level tool parameter keys is redacted. Nested objects are not recursively sanitised.

      Parameters

      • toolName: string

        Name of the MCP tool that was invoked

      • params: Record<string, unknown>

        Tool input parameters (sanitised automatically)

      • success: boolean

        Whether the tool call completed without error

      • Optionalduration: number

        Optional wall-clock duration in milliseconds

      • Optionalerror: string

        Optional error message if the call failed

      Returns void

      0.8.0

    Settings

    Member Visibility

    On This Page

    Pluggable sinksParameter sanitisationData retentionAccess control
    Constructors
    Properties
    Methods