Code-Mode Phase 5: Monitoring & Audit
Status: ✅ Complete
Comprehensive audit trail for Code-Mode security events, enabling enterprise compliance and security monitoring.
Overview
Phase 5 adds security event logging to track:
- Code execution (start, success, failure, timeout)
- Network access (requests, permissions, denials)
- Binding usage
- Security violations
All events are logged to ~/.ncp/audit/ in JSONL format (JSON Lines) for easy parsing and analysis.
Architecture
┌─────────────────────────────────────────────────────────┐
│ CodeExecutor / NetworkPolicyManager / BindingsManager │
│ │
│ → Code execution starts │
│ → Network request attempted │
│ → Permission requested │
│ → Binding accessed │
└──────────────────┬──────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ AuditLogger │
│ │
│ • Event validation │
│ • Sensitive data redaction │
│ • JSONL formatting │
│ • File rotation │
└──────────────────┬──────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ ~/.ncp/audit/audit-YYYY-MM-DD.jsonl │
│ │
│ One JSON object per line │
│ Easy to parse, grep, analyze │
└─────────────────────────────────────────────────────────┘Event Types
Code Execution Events
code_execution_start: Code execution beginscode_execution_success: Code executed successfullycode_execution_error: Code execution failedcode_execution_timeout: Execution timed out
Network Access Events
network_request_allowed: Network request permittednetwork_request_denied: Network request blockednetwork_permission_granted: User granted network permissionnetwork_permission_denied: User denied network permissionnetwork_permission_revoked: Permission manually revoked
Binding Events
binding_accessed: Binding method calledbinding_created: New binding created
Security Events
security_violation: Security policy violatedprototype_pollution_blocked: Prototype pollution attempt blockedworker_thread_failed: Worker thread crashed
Event Structure
Every audit event has this structure:
json
{
"timestamp": "2025-11-19T10:15:30.123Z",
"type": "code_execution_success",
"severity": "info",
"context": {
"mcpName": "code-mode",
"bindingName": null,
"userId": null,
"sessionId": "session-1732008930123-abc123"
},
"details": {
"codeSnippet": "console.log('Hello');\nreturn { success: true };",
"resultPreview": "{\"success\":true}",
"durationMs": 45
},
"outcome": "success"
}Fields
timestamp: ISO 8601 timestamptype: Event type (enum)severity:info,warning,error, orcriticalcontext: Who/what triggered the eventdetails: Event-specific dataoutcome:success,failure,blocked, orpending
Configuration
Configure audit logging via environment variables or settings file:
Environment Variables
bash
# Enable/disable audit logging
export NCP_AUDIT_ENABLED=true
# Audit log directory (default: ~/.ncp/audit/)
export NCP_AUDIT_DIR=/var/log/ncp/audit
# Maximum file size before rotation (MB)
export NCP_AUDIT_MAX_SIZE_MB=10
# Maximum number of rotated files to keep
export NCP_AUDIT_MAX_FILES=5
# Include code snippets in logs (default: true)
export NCP_AUDIT_INCLUDE_CODE=true
# Redact sensitive data (default: true)
export NCP_AUDIT_REDACT_SENSITIVE=trueSettings File
Edit ~/.ncp/settings.json:
json
{
"audit": {
"enabled": true,
"maxFileSizeMB": 10,
"maxFiles": 5,
"includeCodeSnippets": true,
"redactSensitiveData": true
}
}Example Events
Code Execution Success
json
{
"timestamp": "2025-11-19T10:15:30.456Z",
"type": "code_execution_success",
"severity": "info",
"context": {
"mcpName": "code-mode",
"sessionId": "session-1732008930123-abc123"
},
"details": {
"codeSnippet": "const repos = await github.list_repos({owner: 'anthropics'});\nreturn repos.length;",
"resultPreview": "42",
"durationMs": 1234
},
"outcome": "success"
}Network Permission Granted
json
{
"timestamp": "2025-11-19T10:16:15.789Z",
"type": "network_permission_granted",
"severity": "info",
"context": {
"mcpName": "lg-remote",
"bindingName": "LG Remote",
"sessionId": "session-1732008930123-abc123"
},
"details": {
"url": "http://192.168.1.100:3000/status",
"permanent": true,
"expiresIn": "never"
},
"outcome": "success"
}Network Request Denied
json
{
"timestamp": "2025-11-19T10:17:22.345Z",
"type": "network_request_denied",
"severity": "warning",
"context": {
"mcpName": "Worker Code",
"sessionId": "session-1732008930123-abc123"
},
"details": {
"url": "http://evil.com/exfiltrate",
"reason": "Domain not in whitelist"
},
"outcome": "blocked"
}Security Violation
json
{
"timestamp": "2025-11-19T10:18:45.678Z",
"type": "security_violation",
"severity": "critical",
"context": {
"mcpName": "code-mode",
"sessionId": "session-1732008930123-abc123"
},
"details": {
"violation": "Prototype pollution attempt",
"code": "Object.prototype.isAdmin = true;",
"blocked": true
},
"outcome": "blocked"
}Querying Audit Logs
Using grep
bash
# Find all denied network requests
grep '"type":"network_request_denied"' ~/.ncp/audit/*.jsonl
# Find all critical events
grep '"severity":"critical"' ~/.ncp/audit/*.jsonl
# Find events from specific MCP
grep '"mcpName":"lg-remote"' ~/.ncp/audit/*.jsonlUsing jq
bash
# Count events by type
cat ~/.ncp/audit/*.jsonl | jq -s 'group_by(.type) | map({type: .[0].type, count: length})'
# Find slow code executions (>1s)
cat ~/.ncp/audit/*.jsonl | jq 'select(.type == "code_execution_success" and .details.durationMs > 1000)'
# List all blocked network requests
cat ~/.ncp/audit/*.jsonl | jq 'select(.outcome == "blocked")'Using Node.js
javascript
import { readFile } from 'fs/promises';
// Parse audit log
const content = await readFile('~/.ncp/audit/audit-2025-11-19.jsonl', 'utf-8');
const events = content.trim().split('\n').map(line => JSON.parse(line));
// Analyze events
const byType = events.reduce((acc, event) => {
acc[event.type] = (acc[event.type] || 0) + 1;
return acc;
}, {});
console.log('Events by type:', byType);
// Find security violations
const violations = events.filter(e => e.type === 'security_violation');
console.log(`Found ${violations.length} security violations`);Security & Privacy
Sensitive Data Redaction
By default, audit logger redacts sensitive data:
Redacted Fields:
passwordtokenapiKeysecretcredentialauthorization
URL Query Parameters: Redacted if they might contain secrets
Example:
json
{
"url": "https://api.example.com/users?api_key=<redacted>"
}Code Snippet Truncation
Code snippets are truncated to 500 characters by default to prevent log bloat.
Original:
typescript
const data = /* ... 10,000 lines of data ... */Logged:
json
{
"codeSnippet": "const data = /* ... (truncated)",
"codeLength": 50000
}Compliance
SOC 2 / ISO 27001
Audit logging supports compliance requirements:
✅ Access Control: Track who accessed what ✅ Change Management: Log all code executions ✅ Incident Response: Comprehensive event trail ✅ Security Monitoring: Real-time threat detection
GDPR
✅ Data Minimization: Only necessary data logged ✅ Purpose Limitation: Logs used only for security ✅ Storage Limitation: Automatic log rotation ✅ Data Protection: Sensitive data redacted
Best Practices
For Users
- Review logs regularly: Check for unexpected activity
- Monitor permissions: Track network permission grants
- Archive old logs: Keep long-term audit trail
- Set up alerts: Detect security violations quickly
For Administrators
- Centralize logs: Ship to SIEM (Splunk, ELK, etc.)
- Set retention policy: Balance storage vs compliance
- Monitor log volume: Detect anomalies
- Regular audits: Review security events monthly
For Developers
- Include context: Pass
mcpNameandbindingName - Log failures: Always log denied/blocked events
- Avoid sensitive data: Don't log credentials directly
- Test audit trail: Verify events are logged correctly
Integration with Analytics
Audit logs can be imported into NCP's analytics tool:
bash
# Import audit logs
ncp analytics import --audit ~/.ncp/audit/*.jsonl
# View dashboard
ncp analytics dashboardFile Rotation
Audit logs rotate automatically:
- Daily rotation: New file each day (
audit-YYYY-MM-DD.jsonl) - Size-based rotation: When file exceeds
maxFileSizeMB - Retention: Keep last
maxFilesfiles - Compression: Old files can be gzipped
Performance
Audit logging is designed to be low-overhead:
- Async writes: No blocking
- Batch writes: Multiple events buffered
- Size limits: Prevents log bloat
- Sampling: Can sample high-volume events
Typical overhead: <1ms per event
Troubleshooting
Audit logs not created
Check if audit logging is enabled:
bashecho $NCP_AUDIT_ENABLEDCheck directory permissions:
bashls -la ~/.ncp/audit/Check for errors in NCP logs:
bashtail -f ~/.ncp/logs/debug.log | grep audit
Disk space issues
Check log size:
bashdu -sh ~/.ncp/audit/Reduce retention:
bashexport NCP_AUDIT_MAX_FILES=2Enable compression:
bashgzip ~/.ncp/audit/audit-*.jsonl
Roadmap
Future enhancements:
- [ ] Real-time streaming to SIEM
- [ ] Built-in log viewer UI
- [ ] Anomaly detection
- [ ] Compliance report generator
- [ ] Audit log encryption
- [ ] Structured query language for logs
Summary
Phase 5: Monitoring & Audit provides:
✅ Comprehensive logging: All security events tracked ✅ JSONL format: Easy to parse and analyze ✅ Sensitive data protection: Auto-redaction ✅ Enterprise ready: SOC 2, ISO 27001, GDPR compliant ✅ Low overhead: Async, non-blocking ✅ Actionable insights: Query, analyze, alert
Result: Complete visibility into Code-Mode security events for compliance, monitoring, and incident response.