> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runlayer.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Runlayer MCP

> Use Runlayer's built-in self-MCP to answer audit log + analytics questions and manage your workspace.

Runlayer MCP (the **platform self-MCP**) is a first-party MCP server that lets an assistant ask questions about **Runlayer itself**: usage analytics, audit logs, server inventory, policies, plugins, and more.

It is the fastest way to answer "what happened?" and "how is adoption going?" without clicking around the UI.

**Runlayer MCP is not the same as [Runlayer Plugin](/runlayer-plugin).** Installing Runlayer MCP does **not** expose your organization's connector MCPs — it only exposes the curated set of platform tools described below (audit logs, analytics, inventory, governance). Runlayer Plugin is the separate unified entrypoint for connector tools, and even there, connectors are exposed conditionally: only active hosted connectors the user can access through policy, never local, draft, disabled, or policy-blocked connectors.

<Note>
  All Runlayer MCP tool calls are governed by your Runlayer permissions and show up in{" "}
  <a href="/platform-audit-logs">Audit Logs</a>.
</Note>

***

## When to use Runlayer MCP

Use Runlayer MCP when you want to:

* Pull **analytics** datasets for reporting (ex: top tools/users/servers over a date range)
* Query **audit logs** to investigate failures, policy denials, or suspicious activity
* Generate a **server inventory** (what MCPs exist, who can access them, what tools they expose)
* Inspect **governance** state (policies, access requests, security scanner settings)
* Create or maintain **plugins**, **skills**, and **agents** (admin / owner gated, confirm-required)

***

## What it can do (high level)

Runlayer MCP intentionally exposes a *curated* set of high-leverage tools (not every backend endpoint).

Common capabilities:

* **Audit logs**
  * List recent audit events with filters (action type, resource type/id, actor, correlation id, client name)
  * Fetch a single audit log entry with full details when you need deep inspection
  * Bulk export audit logs as JSON or CSV — no 90-day hot-window restriction, up to 10 000 rows per call. Non-admins are scoped to their own logs; admins see org-wide logs. Sensitive-server details are redacted unless the caller has the viewer role
* **Analytics exports (admin-only)**
  * Export dashboard datasets as CSV (same underlying metrics as the Analytics UI)
  * Export per-server tool health + usage breakdowns as CSV
* **Servers**
  * List servers you can access
  * Get server details + generate MCP client install links (Cursor / VS Code)
  * List tools/resources/prompts for a server (via Runlayer proxy)
  * Create, update, and delete servers (admin-only, confirm-required) — `create_server` and `update_server` support the same fields as the REST API, including OAuth configuration (manual and broker), audit log sensitivity, tool output offloading, MCP fingerprint, and deployment association
* **Governance (mostly admin-only)**
  * List, read, create, update, and delete policies (full CRUD — mutations require explicit `confirm=true`)
  * List access requests
  * Read/update security scanner settings (mutations require explicit confirm)
* **Automation building blocks**
  * Plugins: create/update, manage connectors (tool allowlists) + attach skills
  * Skills: create/update skill instruction files used by plugins
  * Agents: manage agents + their connectors; create schedules/webhooks; configure Slack DM mode; enable/disable memory; enable/disable agents (confirm-required). `create_agent` requires `ai_provider_id` and accepts optional `model` and `icon` parameters; `update_agent` supports `is_disabled`.
  * Agent models: list available models for agents and update an agent's model
  * Subagents: add, update, and delete subagents on an agent (confirm-required)
  * Artifacts: create standalone artifacts (files) from text or base64 content; requires `artifacts` feature flag and `confirm=true` (confirm-required)

<Tip>
  If you are unsure what to do next, ask your assistant to "use Runlayer MCP and tell me what
  tools you have available" and then pick the smallest set of tools needed for the task.
</Tip>

***

## Getting started

<Steps>
  <Step title="Make sure the Runlayer server exists (admin)">
    Go to **My connectors**, find **Runlayer**, and click **Add connector** if it is not already enabled.
    If it is already installed, you should see a connector named **Runlayer** in the connectors UI.
  </Step>

  <Step title="Connect it to your AI client">
    In the Runlayer UI, open the **Runlayer** connector and click **Add to Client** (or copy
    the proxy URL). Then enable/select the connector in your AI client.
  </Step>

  <Step title="Ask a reporting question">
    Start with one of the example prompts below. If you need a CSV export, ask for a CSV and a
    short summary (the assistant can parse the CSV output).
  </Step>
</Steps>

<Info>
  Building an agent that calls Runlayer MCP programmatically? See{" "}
  <a href="/platform-agent-accounts">Agent Accounts</a> for OAuth client credentials + token flows.
</Info>

***

## Example prompts (copy/paste)

### Analytics (adoption + usage)

* "Use Runlayer MCP to export top tools used in the last 30 days as CSV, then summarize the top 10 and call out failure rate."
* "Export tool calls hourly for the last 7 days (UTC) and describe the daily pattern."
* "Which MCP clients (Cursor/Claude/etc) generated the most MCP activity last month? Export CSV and rank them."

### Audit logs (investigations)

* "Use Runlayer MCP to list recent tool\_call\_failure audit logs. Group by server name and show the most common error messages."
* "Find audit logs with `correlation_id=<id>` and summarize the sequence of events."
* "For the most recent policy denied events, show actor + server + tool and the violation reason."
* "Export the last 30 days of security violation audit logs as CSV and identify the top offending tools."

### Inventory + debugging

* "List servers I can access, then for the Slack server list its tools and give me the install link for Cursor."
* "I think a connector is missing tools. List the server tools via Runlayer MCP and compare to what the UI shows."

***

## Notes and gotchas

* **Admin-only vs non-admin**: some reporting and governance tools require admin access. Non-admins may see a reduced view (for example, audit logs are limited to the caller unless you are an admin).
* **Safe-by-default mutations**: tools that change state require an explicit `confirm=true` parameter. If your assistant asks to "confirm", that is expected.
* **Large outputs**: some audit log entries can be huge. Listing tools may omit large fields; fetch the specific record when you need the full payload.

***

## Related resources

<CardGroup cols={2}>
  <Card title="Analytics" icon="chart-line" href="/platform-analytics">
    UI analytics dashboard
  </Card>

  <Card title="Audit Logs" icon="list" href="/platform-audit-logs">
    Activity history + investigations
  </Card>

  <Card title="Agent Accounts" icon="key" href="/platform-agent-accounts">
    Programmatic auth for agents
  </Card>

  <Card title="MCP Troubleshooting" icon="wrench" href="/mcp-troubleshooting">
    Debug MCP connection + permission issues
  </Card>
</CardGroup>
