RainForest has released "Senda-Argus Hooks," a log collection library for AI Agents, on GitHub as a technical preview of "Senda-Argus," a purely domestic Security for AI platform that audits the judgment, reasoning, and execution of AI Agents. Some technologies related to Senda-Argus, concerning the collection of AI Agent execution traces, reconstruction of judgment processes, and correlation analysis of Runtime Audit Events, are currently pending patent applications in Japan.

GitHub: https://github.com/rainforest-tokyo/senda_argus_hooks

The utilization of generative AI is evolving from simple chat usage to referencing internal data via RAG, integrating with external tools via MCP, and autonomous judgment and execution by AI Agents. Meanwhile, in corporate security operations, mechanisms to audit and verify "why an AI Agent chose a particular tool and what it actually executed" are becoming crucial.

Senda-Argus Hooks is a Collector that records and analyzes the entire flow of an AI Agent selecting tools using LLMs, referencing RAG, and calling external tools like MCP, step by step. By acquiring the task_summary, reason_summary, and selected_tool output by the LLM and cross-referencing them with Agent decisions and actual MCP Tool Calls, it enables auditing of "what task the AI Agent identified, why it selected that tool, and which MCP Tool it actually called."

Furthermore, data that may contain important internal information, such as RAG context, prompt content, and MCP results, is not saved by default. Instead, it primarily records HASHes and metadata like messages_hash, context_hashes, result_hash, and purpose_id. This aims for Privacy-Safe AI Agent auditing in corporate environments.

Background: New Security Auditing Required in the AI Agent Era

AI Agents can execute tasks more flexibly and autonomously than traditional applications by referencing RAG based on LLM judgments and calling external tools via MCP or APIs.

However, the following challenges are becoming apparent in the security market:

It is unclear why an LLM selected a specific tool.

It is difficult to track which internal documents or knowledge were referenced by RAG.

It is difficult to verify the consistency between Agent decisions and actual Tool Calls.

Saving prompts and RAG contexts poses challenges in handling confidential, personal, and customer information.

The execution scope of AI Agents is expanding due to MCP and external tool integrations.

Senda-Argus aims to be a Security for AI platform that comprehensively records and analyzes the "judgment," "reasoning," and "execution" of AI Agents to address these challenges.

Key Features of Senda-Argus Hooks

1. Records LLM's Tool Selection Reasons

Senda-Argus Hooks acquires the following information returned by the LLM during tool selection:

task_summary: How the LLM understood the task.

reason_summary: Why the tool was chosen.

selected_tool: The tool selected by the LLM.

selected_tool.arguments: Arguments required for the tool call.

This allows auditing not just that "a tool was called," but "what the LLM understood and why it chose that tool."

2. Cross-references Agent Decisions with Actual MCP Tool Calls

The tool selected by the LLM is recorded as an Agent decision and then cross-referenced with the actual MCP Tool Call.

Using selected_tool_purpose_id and mcp.tool_call.purpose_id, Senda-Argus Hooks can verify the following:

Whether the tool selected by the LLM matches the Agent decision.

Whether the Agent decision matches the actual MCP Tool Call.

Whether the purpose ID of the selected tool matches the purpose ID of the actually called MCP Tool.

Whether unnecessary MCP Tool Calls are occurring when selected_tool is null.

This confirms the consistency between the AI Agent's judgment and execution.

3. Tracks RAG Reference Grounds in a Privacy-Safe Manner

RAG may reference important information such as internal documents, knowledge bases, and security investigation materials.

Senda-Argus Hooks does not save the RAG context body by default, but primarily records the following HASHes and metadata:

query_hash

context_hash

context_hashes

document_ids_hash

chunk_ids_hash

result_hash

data_source_hash

retriever_name

collection_name

vector_store

score range

This allows verification of which RAG data sources were used, whether the same set of grounds was reused, or if the set of grounds changed, without saving the body.

4. Prompt / Context / Result Body is OFF by Default

In corporate environments, LLM prompts, RAG contexts, and MCP results may contain confidential information, customer information, personal information, or information under investigation.

Senda-Argus Hooks does not save the following body data by default:

LLM prompt body

LLM raw response body

RAG query body

RAG context body

retrieved text body

MCP arguments body

MCP result body

On the other hand, HASHes necessary for auditing and reproducibility checks are recorded by default:

messages_hash

message_content_hashes

message_content_hash

query_hash

context_hashes

arguments_hash

result_hash

This aims to achieve both Privacy-Safe design that does not save the body and auditability.

5. purpose_id Across MCP / RAG / LLM

Senda-Argus Hooks generates a purpose_id from information such as MCP URL, Tool name, capability, RAG data source, retriever, collection, and vector store.

This allows tracking "for what purpose the AI Agent accessed which data source or tool."

Differences from Traditional AI Observability

Traditional AI Observability has focused on checking execution logs such as prompts, responses, tokens, latency, and Tool Calls.

Senda-Argus emphasizes the following aspects required for AI Agent security auditing:

Aspect

General AI Observability

Senda-Argus Hooks

Main Target

prompt / response / token / latency / Tool Call

LLM Judgment / RAG Grounds / Agent Decision / MCP Execution

Tool Selection Reason

Inferred from raw response and trace

Acquired as task_summary / reason_summary / selected_tool

Cross-referencing with MCP Execution

Primarily records Tool Calls individually

Consistency check using selected_tool_purpose_id and mcp.purpose_id

RAG Grounds

Often saves retrieved context body

Body OFF by default, tracked via HASH and metadata

Privacy

Depends on redaction and saving policies

Privacy-Safe design with body non-saving as default

Security Auditing

Observability-centric

Emphasizes auditing and control of AI Agent judgment and execution

Senda-Argus Hooks is not just an AI Agent log collection tool, but a Collector for auditing "why an LLM chose a particular tool, which RAG grounds it referenced, and which MCP Tool the Agent actually called."

Future Development

RainForest positions Senda-Argus Hooks as a Collector function of Senda-Argus and plans to integrate it with Senda-Argus API/DB, Diff Engine, and analysis UI.

Future development plans are as follows:

API for collecting, saving, and analyzing AI Agent execution logs

Consistency check between Agent decisions and MCP Tool Calls

Detection of differences in RAG ground sets

HASH-based auditing of prompts / RAG / MCP results

Detection of changes in AI Agent behavior

Analysis UI for Security for AI

Generation of audit reports for SOC / CSIRT / AI Governance departments

As a purely domestic Security for AI platform developed in Japan, Senda-Argus will support auditing, control, and security operations for corporate AI Agent utilization.

GitHub

Senda-Argus Hooks is available in the following GitHub repository:

https://github.com/rainforest-tokyo/senda_argus_hooks

About RainForest

RainForest conducts research and development in the fields of AI, cybersecurity, threat intelligence, and security automation. We are advancing various technology developments, including Senda-Argus, towards the realization of a Security for AI platform necessary for the AI Agent era.

[Company Profile]

Company Name: RainForest Inc.

Business Activities: Research and development of AI for Security, threat intelligence, AI Agent / MCP related technologies.

URL: https://www.rainforest-cs.jp/

[Inquiries]

RainForest Inc.

Contact: info@rainforest.jp

FACT BOX

  • Source: PR TIMES
  • Category: 技術
  • Organizations: RainForest