Skip to main content
Runlayer MCP (the platform self-MCP) is a first-party MCP server that lets an assistant ask questions about Runlayer itself: usage analytics, audit logs, server inventory, policies, plugins, and more. It is the fastest way to answer “what happened?” and “how is adoption going?” without clicking around the UI. Runlayer MCP is not the same as Runlayer Plugin. Installing Runlayer MCP does not expose your organization’s connector MCPs — it only exposes the curated set of platform tools described below (audit logs, analytics, inventory, governance). Runlayer Plugin is the separate unified entrypoint for connector tools, and even there, connectors are exposed conditionally: only active hosted connectors the user can access through policy, never local, draft, disabled, or policy-blocked connectors.
All Runlayer MCP tool calls are governed by your Runlayer permissions and show up in Audit Logs.

When to use Runlayer MCP

Use Runlayer MCP when you want to:
  • Pull analytics datasets for reporting (ex: top tools/users/servers over a date range)
  • Query audit logs to investigate failures, policy denials, or suspicious activity
  • Generate a server inventory (what MCPs exist, who can access them, what tools they expose)
  • Inspect governance state (policies, access requests, security scanner settings)
  • Create or maintain plugins, skills, and agents (admin / owner gated, confirm-required)

What it can do (high level)

Runlayer MCP intentionally exposes a curated set of high-leverage tools (not every backend endpoint). Common capabilities:
  • Audit logs
    • List recent audit events with filters (action type, resource type/id, actor, correlation id, client name)
    • Fetch a single audit log entry with full details when you need deep inspection
    • Bulk export audit logs as JSON or CSV — no 90-day hot-window restriction, up to 10 000 rows per call. Non-admins are scoped to their own logs; admins see org-wide logs. Sensitive-server details are redacted unless the caller has the viewer role
  • Analytics exports (admin-only)
    • Export dashboard datasets as CSV (same underlying metrics as the Analytics UI)
    • Export per-server tool health + usage breakdowns as CSV
  • Servers
    • List servers you can access
    • Get server details + generate MCP client install links (Cursor / VS Code)
    • List tools/resources/prompts for a server (via Runlayer proxy)
    • Create, update, and delete servers (admin-only, confirm-required) — create_server and update_server support the same fields as the REST API, including OAuth configuration (manual and broker), audit log sensitivity, tool output offloading, MCP fingerprint, and deployment association
  • Governance (mostly admin-only)
    • List, read, create, update, and delete policies (full CRUD — mutations require explicit confirm=true)
    • List access requests
    • Read/update security scanner settings (mutations require explicit confirm)
  • Automation building blocks
    • Plugins: create/update, manage connectors (tool allowlists) + attach skills
    • Skills: create/update skill instruction files used by plugins
    • Agents: manage agents + their connectors; create schedules/webhooks; configure Slack DM mode; enable/disable memory; enable/disable agents (confirm-required). create_agent requires ai_provider_id and accepts optional model and icon parameters; update_agent supports is_disabled.
    • Agent models: list available models for agents and update an agent’s model
    • Subagents: add, update, and delete subagents on an agent (confirm-required)
    • Artifacts: create standalone artifacts (files) from text or base64 content; requires artifacts feature flag and confirm=true (confirm-required)
If you are unsure what to do next, ask your assistant to “use Runlayer MCP and tell me what tools you have available” and then pick the smallest set of tools needed for the task.

Getting started

1

Make sure the Runlayer server exists (admin)

Go to My connectors, find Runlayer, and click Add connector if it is not already enabled. If it is already installed, you should see a connector named Runlayer in the connectors UI.
2

Connect it to your AI client

In the Runlayer UI, open the Runlayer connector and click Add to Client (or copy the proxy URL). Then enable/select the connector in your AI client.
3

Ask a reporting question

Start with one of the example prompts below. If you need a CSV export, ask for a CSV and a short summary (the assistant can parse the CSV output).
Building an agent that calls Runlayer MCP programmatically? See Agent Accounts for OAuth client credentials + token flows.

Example prompts (copy/paste)

Analytics (adoption + usage)

  • “Use Runlayer MCP to export top tools used in the last 30 days as CSV, then summarize the top 10 and call out failure rate.”
  • “Export tool calls hourly for the last 7 days (UTC) and describe the daily pattern.”
  • “Which MCP clients (Cursor/Claude/etc) generated the most MCP activity last month? Export CSV and rank them.”

Audit logs (investigations)

  • “Use Runlayer MCP to list recent tool_call_failure audit logs. Group by server name and show the most common error messages.”
  • “Find audit logs with correlation_id=<id> and summarize the sequence of events.”
  • “For the most recent policy denied events, show actor + server + tool and the violation reason.”
  • “Export the last 30 days of security violation audit logs as CSV and identify the top offending tools.”

Inventory + debugging

  • “List servers I can access, then for the Slack server list its tools and give me the install link for Cursor.”
  • “I think a connector is missing tools. List the server tools via Runlayer MCP and compare to what the UI shows.”

Notes and gotchas

  • Admin-only vs non-admin: some reporting and governance tools require admin access. Non-admins may see a reduced view (for example, audit logs are limited to the caller unless you are an admin).
  • Safe-by-default mutations: tools that change state require an explicit confirm=true parameter. If your assistant asks to “confirm”, that is expected.
  • Large outputs: some audit log entries can be huge. Listing tools may omit large fields; fetch the specific record when you need the full payload.

Analytics

UI analytics dashboard

Audit Logs

Activity history + investigations

Agent Accounts

Programmatic auth for agents

MCP Troubleshooting

Debug MCP connection + permission issues