The Problem
AI agents read knowledge. Auditors ask: can you prove what was read, why, and when?
0%
Agents with audit trails
100%
Auditors who ask
5 min
To generate evidence
"Which knowledge sources did the agent access?"
"Was access authorized before or after the fact?"
"Did the agent exceed its information budget?"
"Were there any temporal drifts in source material?"
"Can you map agent actions to SOC 2 / ISO 27001 controls?"
kcp-harness answers all of these. Automatically.
The Audit Log
Every tool call through the harness produces an append-only audit event
// Agent starts a session — harness records it
{"type":"session_start","sessionId":"s-7a3f","timestamp":"2026-07-07T09:00:00Z"}
// Agent calls Read — target is in a governed domain
{"type":"tool_call","outcome":"approved","sessionId":"s-7a3f","sequence":1,
"toolCall":{"name":"Read","args":{"path":"docs/architecture.md"}},
"classification":{"governed":true,"reason":"path matches docs/"},
"governance":{"mode":"auto","reason":"matched unit: architecture-overview"}}
// Agent tries to read outside approved plan — blocked
{"type":"tool_call","outcome":"blocked","sessionId":"s-7a3f","sequence":2,
"toolCall":{"name":"Read","args":{"path":"docs/internal/secrets.md"}},
"classification":{"governed":true,"reason":"path matches docs/"},
"governance":{"mode":"auto","reason":"no matching unit in plan"}}
// Agent calls fetch — not in governed domain, passes through
{"type":"tool_call","outcome":"pass-through","sessionId":"s-7a3f","sequence":3,
"toolCall":{"name":"Bash","args":{"command":"npm test"}},
"classification":{"governed":false,"reason":"not a knowledge-nav tool"}}
// Budget spend recorded
{"type":"budget_spend","sessionId":"s-7a3f","sequence":4,
"budget":{"totals":{"USDC":0.25},"ceiling":{"amount":1.00}}}
{"type":"session_end","sessionId":"s-7a3f","timestamp":"2026-07-07T09:15:00Z"}
Run the Export
One command generates a complete evidence bundle for your auditors
$ kcp-harness export \
--format both \
--org "Acme Corp" \
--from 2026-07-01 \
--to 2026-07-07 \
--out evidence/
[kcp-harness] exported 14 files to evidence/
[kcp-harness] 847 events, 23 sessions
manifest.json
raw/sessions.json
raw/statistics.json
soc2/CC6.1-logical-access.json
soc2/CC6.3-authorized-access.json
soc2/CC6.6-system-boundaries.json
soc2/CC7.2-monitoring.json
soc2/CC8.1-change-management.json
soc2/summary.md
iso27001/A.8.3-access-restriction.json
iso27001/A.8.4-source-code-access.json
iso27001/A.8.15-logging.json
iso27001/A.8.16-monitoring.json
iso27001/A.5.23-cloud-services.json
audit.jsonl
847 events
847 events
→
kcp-harness export
classify & map
classify & map
→
evidence/
14 files
14 files
Evidence Bundle
Structured directory with raw data + framework-specific evidence
evidence/
manifest.json — generator, date range, statistics
raw/
sessions.json — all sessions with event counts
statistics.json — aggregate metrics
soc2/ — Trust Services Criteria
CC6.1-logical-access.json
CC6.3-authorized-access.json
CC6.6-system-boundaries.json
CC7.2-monitoring.json
CC8.1-change-management.json
summary.md — auditor-ready report
iso27001/ — Annex A Controls
A.8.3-access-restriction.json
A.8.4-source-code-access.json
A.8.15-logging.json
A.8.16-monitoring.json
A.5.23-cloud-services.json
summary.md — auditor-ready report
{
"generator": "kcp-harness",
"generatedAt": "2026-07-07T12:00:00Z",
"organization": "Acme Corp",
"format": "both",
"dateRange": { "from": "2026-07-01", "to": "2026-07-07" },
"statistics": {
"sessions": 23,
"events": 847,
"governed": 312,
"blocked": 7,
"budgetExceeded": 2,
"drifts": 1,
"signatureBlocked": 3
}
}
SOC 2 Type II Controls
Audit events map deterministically to Trust Services Criteria
CC6.1
Logical Access Controls
Every governed tool call is logged with its classification and authorization decision
312
evidence items
CC6.3
Authorized Access
Plan-first mode ensures access is pre-authorized before execution
198
evidence items
CC6.6
System Boundaries
Every call classified as governed or pass-through — clear boundary enforcement
847
evidence items
CC7.2
Monitoring Activities
All events logged: tool calls, budget spend, temporal drift, session lifecycle
847
evidence items
CC8.1
Change Management
Temporal drifts and plan invalidations tracked as change events
1
evidence items
{
"controlId": "CC6.1",
"controlName": "Logical and Physical Access Controls",
"evidenceCount": 312,
"events": [
{
"timestamp": "2026-07-07T09:00:12Z",
"sessionId": "s-7a3f",
"type": "tool_call",
"outcome": "approved",
"detail": "approved: matched unit architecture-overview"
},
...
]
}
ISO 27001 Annex A Controls
The same audit events, mapped to ISO 27001:2022 control objectives
A.8.3
Information Access Restriction
Governed tool calls with classification and authorization decision
312
evidence items
A.8.4
Access to Source Code
Read, Glob, Grep calls in governed domains with access decisions
156
evidence items
A.8.15
Logging
Session lifecycle events — start and end of every agent session
46
evidence items
A.8.16
Monitoring Activities
Anomaly detection: temporal drifts, budget exceeded, blocked access
10
evidence items
A.5.23
Cloud Services Security
Manifest signature verification for supply chain integrity
89
evidence items
Audit Event
type + outcome
type + outcome
→
Predicate Filter
e.g. governed + Read
e.g. governed + Read
→
A.8.4 Evidence
source code access
source code access
Summary Report
Auto-generated markdown report — ready for your compliance team
SOC 2 Type II — Evidence Summary
Overview
| Metric | Value |
|---|---|
| Sessions | 23 |
| Total events | 847 |
| Governed access attempts | 312 |
| Blocked | 7 |
| Budget exceeded | 2 |
| Temporal drifts | 1 |
| Signature-blocked | 3 |
Controls
| Control | Name | Evidence |
|---|---|---|
| CC6.1 | Logical Access Controls | 312 |
| CC6.3 | Authorized Access | 198 |
| CC6.6 | System Boundaries | 847 |
| CC7.2 | Monitoring Activities | 847 |
| CC8.1 | Change Management | 1 |
The Big Picture
Deterministic compliance — from agent action to auditor evidence
13
Gate cascade
2
Frameworks
10
Control mappings
┌─────────────────────────────────────────────┐
│ Agent (any MCP-capable agent) │
└────────────────────┬────────────────────────┘
│ tool call
┌────────────────────▼────────────────────────┐
│ kcp-harness (MCP proxy) │
│ │
│ classify ─▸ govern ─▸ audit ─▸ respond │
│ │
│ Side outputs: │
│ ├─ audit.jsonl (append-only) │
│ ├─ budget ledger (spend tracking) │
│ └─ temporal watch (drift detection) │
└────────────────────┬────────────────────────┘
│ kcp-harness export
┌────────────────────▼────────────────────────┐
│ Compliance Evidence Bundle │
│ │
│ SOC 2 │ ISO 27001 │
│ CC6.1 CC6.3 │ A.8.3 A.8.4 │
│ CC6.6 CC7.2 │ A.8.15 A.8.16 │
│ CC8.1 │ A.5.23 │
└─────────────────────────────────────────────┘
The agent can't bypass governance. The audit log is append-only.
The evidence is deterministic. The auditor gets proof, not promises.
The evidence is deterministic. The auditor gets proof, not promises.