All Runlayer MCP tool calls are governed by your Runlayer permissions and show up in
Audit Logs.
When to use Runlayer MCP
Use Runlayer MCP when you want to:- Pull analytics datasets for reporting (ex: top tools/users/servers over a date range)
- Query audit logs to investigate failures, policy denials, or suspicious activity
- Generate a server inventory (what MCPs exist, who can access them, what tools they expose)
- Inspect governance state (policies, access requests, security scanner settings)
- Create or maintain plugins, skills, and agents (admin / owner gated, confirm-required)
What it can do (high level)
Runlayer MCP intentionally exposes a curated set of high-leverage tools (not every backend endpoint). Common capabilities:- Audit logs
- List recent audit events with filters (action type, resource type/id, actor, correlation id, client name)
- Fetch a single audit log entry with full details when you need deep inspection
- Analytics exports (admin-only)
- Export dashboard datasets as CSV (same underlying metrics as the Analytics UI)
- Export per-server tool health + usage breakdowns as CSV
- Servers
- List servers you can access
- Get server details + generate MCP client install links (Cursor / VS Code)
- List tools/resources/prompts for a server (via Runlayer proxy)
- Governance (mostly admin-only)
- List policies / list policies for a server
- List access requests
- Read/update security scanner settings (mutations require explicit confirm)
- Automation building blocks
- Plugins: create/update, manage connectors (tool allowlists) + attach skills
- Skills: create/update skill instruction files used by plugins
- Agents: manage agents + their connectors; create schedules/webhooks (confirm-required)
Getting started
Make sure the Runlayer server exists (admin)
Go to Catalog and search for Runlayer, then install/enable it in your workspace.
If it is already installed, you should see a server named Runlayer in the MCPs/Servers
UI.
Connect it to your AI client
In the Runlayer UI, open the Runlayer server and click Add to MCP Client (or copy
the proxy URL). Then enable/select the connector in your AI client.
Building an agent that calls Runlayer MCP programmatically? See
Agent Accounts for OAuth client credentials + token flows.
Example prompts (copy/paste)
Analytics (adoption + usage)
- “Use Runlayer MCP to export top tools used in the last 30 days as CSV, then summarize the top 10 and call out failure rate.”
- “Export tool calls hourly for the last 7 days (UTC) and describe the daily pattern.”
- “Which MCP clients (Cursor/Claude/etc) generated the most MCP activity last month? Export CSV and rank them.”
Audit logs (investigations)
- “Use Runlayer MCP to list recent tool_call_failure audit logs. Group by server name and show the most common error messages.”
- “Find audit logs with
correlation_id=<id>and summarize the sequence of events.” - “For the most recent policy denied events, show actor + server + tool and the violation reason.”
Inventory + debugging
- “List servers I can access, then for the Slack server list its tools and give me the install link for Cursor.”
- “I think a connector is missing tools. List the server tools via Runlayer MCP and compare to what the UI shows.”
Notes and gotchas
- Admin-only vs non-admin: some reporting and governance tools require admin access. Non-admins may see a reduced view (for example, audit logs are limited to the caller unless you are an admin).
- Safe-by-default mutations: tools that change state require an explicit
confirm=trueparameter. If your assistant asks to “confirm”, that is expected. - Large outputs: some audit log entries can be huge. Listing tools may omit large fields; fetch the specific record when you need the full payload.