This MCP server provides structured logging capabilities for AI agents interacting within an MCP ecosystem. The Python-based server (mcp_server.py) works in tandem with the agent client (agent_client.py) to capture logs in a consistent, machine-readable format suitable for ingestion into SIEM and SOAR workflows. The setup is designed for phishing triage workflows where an AI agent analyzes potential phishing indicators, logs tool usage, decisions, and outcomes, and emits these traces in a structured manner for real-time monitoring and automated remediation pipelines. To operate, start the MCP server using uv, then run the agent client in a separate terminal. The agent relies on LangGraph and LangChain integrations to access an LLM (defaulting to Anthropic Claude Sonnet 3.7 via AWS Bedrock in this configuration) and perform tasks such as URL analysis, content inspection, and tool invocation. Ensure your cloud credentials and API keys for the LLM provider are available to the LangChain stack to enable seamless access.

Prerequisites:

• Python 3.10+ installed
• uv (Python lightweight async micro-framework runner) installed
• Access to a supported LLM provider (e.g., Anthropic/Bedrock) if using the default setup

Installation steps:

1. Create and activate a Python virtual environment: python -m venv venv source venv/bin/activate # on macOS/Linux .\venv\Scripts\activate # on Windows

2. Install uv (and any other required packages) via pip: pip install uv

   If repository includes a requirements file, install dependencies:

   pip install -r requirements.txt

3. Place the MCP server files (mcp_server.py and agent_client.py) in your project directory. Ensure you have the proper permissions to read/write logs as configured by your environment.

4. Prepare environment variables if needed (see mcp_config for placeholders). You may also configure your LLM credentials and LangChain settings as environment variables or within your code.

5. Run the MCP server using uv: uv run -- python mcp_server.py

6. In a separate terminal, run the AI agent: uv run -- python agent_client.py

Tip: If you modify the environment or credentials, restart both processes to ensure updates are picked up.

Notes and tips:

• This setup relies on uv to launch Python modules. The server and agent communicate under the MCP protocol with structured logging for SIEM/SOAR pipelines.
• Ensure your LLM provider credentials are correctly configured and accessible to LangChain. The default path uses AWS Bedrock for Anthropic Claude Sonnet 3.7 integration; adjust according to your provider.
• If you encounter network or authentication errors, verify that environment variables (e.g., AWS keys, LangChain API keys) are set correctly and that your environment has outbound access to the LLM endpoints.
• For richer logging, customize the log fields emitted by the agent (e.g., tool usage, decision points, timestamps) to align with your SIEM schema.
• The npm_package field is null since this is a Python-based MCP server, not Node.js.