All Runlayer MCP tool calls are governed by your Runlayer permissions and show up in
Audit Logs.
When to use Runlayer MCP
Use Runlayer MCP when you want to:- Pull analytics datasets for reporting (ex: top tools/users/servers over a date range)
- Query audit logs to investigate failures, policy denials, or suspicious activity
- Generate a server inventory (what MCPs exist, who can access them, what tools they expose)
- Inspect governance state (policies, access requests, security scanner settings)
- Create or maintain plugins, skills, and agents (admin / owner gated, confirm-required)
What it can do (high level)
Runlayer MCP intentionally exposes a curated set of high-leverage tools (not every backend endpoint). Common capabilities:- Audit logs
- List recent audit events with filters (action type, resource type/id, actor, correlation id, client name)
- Fetch a single audit log entry with full details when you need deep inspection
- Analytics exports (admin-only)
- Export dashboard datasets as CSV (same underlying metrics as the Analytics UI)
- Export per-server tool health + usage breakdowns as CSV
- Servers
- List servers you can access
- Get server details + generate MCP client install links (Cursor / VS Code)
- List tools/resources/prompts for a server (via Runlayer proxy)
- Governance (mostly admin-only)
- List policies / list policies for a server
- List access requests
- Read/update security scanner settings (mutations require explicit confirm)
- Automation building blocks
- Plugins: create/update, manage connectors (tool allowlists) + attach skills
- Skills: create/update skill instruction files used by plugins
- Agents: manage agents + their connectors; create schedules/webhooks (confirm-required)
- Agent models: list available models for agents and update an agent’s model
Getting started
Make sure the Runlayer server exists (admin)
Go to My connectors, find Runlayer, and click Add connector if it is not already enabled.
If it is already installed, you should see a connector named Runlayer in the connectors UI.
Connect it to your AI client
In the Runlayer UI, open the Runlayer connector and click Add to Client (or copy
the proxy URL). Then enable/select the connector in your AI client.
Building an agent that calls Runlayer MCP programmatically? See
Agent Accounts for OAuth client credentials + token flows.
Example prompts (copy/paste)
Analytics (adoption + usage)
- “Use Runlayer MCP to export top tools used in the last 30 days as CSV, then summarize the top 10 and call out failure rate.”
- “Export tool calls hourly for the last 7 days (UTC) and describe the daily pattern.”
- “Which MCP clients (Cursor/Claude/etc) generated the most MCP activity last month? Export CSV and rank them.”
Audit logs (investigations)
- “Use Runlayer MCP to list recent tool_call_failure audit logs. Group by server name and show the most common error messages.”
- “Find audit logs with
correlation_id=<id>and summarize the sequence of events.” - “For the most recent policy denied events, show actor + server + tool and the violation reason.”
Inventory + debugging
- “List servers I can access, then for the Slack server list its tools and give me the install link for Cursor.”
- “I think a connector is missing tools. List the server tools via Runlayer MCP and compare to what the UI shows.”
Notes and gotchas
- Admin-only vs non-admin: some reporting and governance tools require admin access. Non-admins may see a reduced view (for example, audit logs are limited to the caller unless you are an admin).
- Safe-by-default mutations: tools that change state require an explicit
confirm=trueparameter. If your assistant asks to “confirm”, that is expected. - Large outputs: some audit log entries can be huge. Listing tools may omit large fields; fetch the specific record when you need the full payload.
Related resources
Analytics
UI analytics dashboard
Audit Logs
Activity history + investigations
Agent Accounts
Programmatic auth for agents
MCP Troubleshooting
Debug MCP connection + permission issues