Activity Log

The Activity Log is the first tab on the Monitor page. It shows everything happening across your MCP servers in real time.

Pending approvals

At the top, approval cards appear for any tool calls waiting for your decision. Each card shows the tool name, server, arguments (expandable), and a countdown to automatic denial.

Decide with Approve, Deny, or Always Allow. Cards disappear once decided.

New approvals appear instantly via WebSocket. You do not need to refresh the page.

Security alerts

Below the approvals, scanner detection alerts appear if the sensitive data scanner is enabled. These show when the scanner finds patterns like API keys or credentials in tool arguments or responses.

Each alert shows the matched pattern type, the tool and server involved, and the action taken (logged, blocked, or redacted). Dismiss individual alerts or clear all of them.

Activity feed

The main section lists every tool call that passed through the gateway, newest first.

Filtering

Use the filter bar to narrow the feed:

• Server: show calls for a specific MCP server
• Decision: filter by Allow, Deny, Approve, or Always Allow

What each row shows

• Tool name and server
• Decision badge (color-coded: green for allowed, red for denied, amber for approval-required)
• Timestamp
• Expandable chevron to see the full arguments and deny reason (if applicable)

Export

Click the export button to download the current filtered view as a CSV file.

Pagination

The feed uses cursor-based pagination. Scroll to the bottom and click Load more for older entries.

Real-time updates

The Activity Log receives events via WebSocket:

• pending_approval: new approval queued
• approval_decision: approval resolved
• audit: new activity entry
• scanner_block: scanner detection
• tool_integrity_changed: tool schema change detected (shows as a toast notification)