As a platform admin, I want to audit and monitor which users invoked which tools and when, so that I can trace usage, detect abuse, and generate metrics across AI traffic managed by the MCP Gateway.

Considerations:

• Capture user identity from auth headers (e.g. Authorization, X-User-ID)
• Log each tool invocation with timestamp, tool name, session ID, user ID
• Use Envoy access logs + ext-proc-enhanced logs where appropriate
• Expose new Prometheus metrics or leverage existing Istio/Envoy metrics (via Telemetry resource if needed)
  • Requests per tool
  • Requests per user
• Support audit log output in JSON or OTEL-compatible format

https://github.com/kagenti/mcp-gateway/issues/25