Observe MCP Traffic with Access Control Enabled
Use the File Log plugin to write MCP tool activity to a local file. Inspect the entries to see which tools each Consumer or Consumer Group accessed. Confirm the RPC calls that Chatwise sends to your MCP server.
Prerequisites
Series Prerequisites
This page is part of the Control MCP tool access with Consumer and Consumer Group ACLs series.
Complete the previous page, Control MCP tool access with Consumer and Consumer Group ACLs before completing this page.
decK v1.43+
decK is a CLI tool for managing Kong Gateway declaratively with state files. To complete this tutorial, install decK version 1.43 or later.
This guide uses deck gateway apply, which directly applies entity configuration to your Gateway instance.
We recommend upgrading your decK installation to take advantage of this tool.
You can check your current decK version with deck version.
Required entities
For this tutorial, you’ll need Kong Gateway entities, like Gateway Services and Routes, pre-configured. These entities are essential for Kong Gateway to function but installing them isn’t the focus of this guide. Follow these steps to pre-configure them:
-
Run the following command:
echo ' _format_version: "3.0" services: - name: mcp-acl-service url: http://host.docker.internal:3001/mcp routes: - name: mcp-acl-route paths: - "/mcp" service: name: mcp-acl-service ' | deck gateway apply -Copied!
To learn more about entities, you can read our entities documentation.
ChatWise desktop application
Download and install ChatWise for your OS.
After installation:
- Launch the app.
- In Settings > Providers, configure your AI provider endpoint and API key.
Configure MCP tools in Chatwise
-
Open Chatwise and go to Settings > MCP:
- Click + at the bottom of the window and choose HTTP server (http) from the Type dropdown.
- Enter a user-friendly name in the Name field.
- Enter
http://localhost:8000/mcpin the URL field. - Enable the Run tools automatically option.
-
Click + next to the HTTP headers section and add:
-
KEY:
api-key -
VALUE:
alice-key
-
KEY:
-
Click the Verify (view tools) button. You should see the following tools:
list_usersget_userlist_orderslist_orders_for_usersearch_orders
- Close Settings.
- In the chat window, click the hammer icon to enable tools.
- Toggle your MCP server on. You should see
1next to the hammer icon. Click the icon to view the server name and the number of available tools.
Configure the File Log plugin
Now, let’s configure the File Log plugin:
echo '
_format_version: "3.0"
plugins:
- name: file-log
config:
path: "/tmp/mcp.json"
' | deck gateway apply -
Test MCP tools
Let’s generate MCP traffic and verify it appears in the logs. In Chatwise, enter the following:
How many orders are there in my marketplace?
You should see Chatwise successfully call the list_users tool with a response like:
There are 27 orders in your marketplace.
Next, check the audit logs in your Docker container:
docker exec -it kong-quickstart-gateway cat /tmp/mcp.json
You should see output similar to:
{
"ai": {
"mcp": {
"rpc": [
{
"method": "tools/call",
"latency": 6,
"id": "2",
"response_body_size": 5030,
"tool_name": "list_orders"
}
],
"audit": [
{
"primitive_name": "list_orders",
"consumer": {
"id": "6c95a611-9991-407b-b1c3-bc608d3bccc3",
"name": "admin",
"identifier": "consumer_group"
},
"scope": "primitive",
"primitive": "tool",
"action": "allow"
}
]
}
},
"rpc": [
{
"method": "tools/call",
"id": "1",
"latency": 3,
"tool_name": "list_orders",
"response_body_size": 5030
}
]
}
}
}