RainForest has released "Senda-Argus Hooks," a log collection library for AI Agents, on GitHub as a technical preview of "Senda-Argus," a purely domestic Security for AI platform that audits the judgment, reasoning, and execution of AI Agents. Some technologies related to Senda-Argus, concerning the collection of AI Agent execution traces, reconstruction of judgment processes, and correlation analysis of Runtime Audit Events, are currently pending patent applications in Japan.
GitHub: https://github.com/rainforest-tokyo/senda_argus_hooks
The utilization of generative AI is evolving from simple chat usage to referencing internal data via RAG, integrating with external tools via MCP, and autonomous judgment and execution by AI Agents. Meanwhile, in corporate security operations, mechanisms to audit and verify "why an AI Agent chose a particular tool and what it actually executed" are becoming crucial.
Senda-Argus Hooks is a Collector that records and analyzes the entire flow of an AI Agent selecting tools using LLMs, referencing RAG, and calling external tools like MCP, step by step. By acquiring the task_summary, reason_summary, and selected_tool output by the LLM and cross-referencing them with Agent decisions and actual MCP Tool Calls, it enables auditing of "what task the AI Agent identified, why it selected that tool, and which MCP Tool it actually called."
Furthermore, data that may contain important internal information, such as RAG context, prompt content, and MCP results, is not saved by default. Instead, it primarily records HASHes and metadata like messages_hash, context_hashes, result_hash, and purpose_id. This aims for Privacy-Safe AI Agent auditing in corporate environments.
Background: New Security Auditing Required in the AI Agent Era
AI Agents can execute tasks more flexibly and autonomously than traditional applications by referencing RAG based on LLM judgments and calling external tools via MCP or APIs.
However, the following challenges are becoming apparent in the security market:
It is unclear why an LLM selected a specific tool.
It is difficult to track which internal documents or knowledge were referenced by RAG.
It is difficult to verify the consistency between Agent decisions and actual Tool Calls.
Saving prompts and RAG contexts poses challenges in handling confidential, personal, and customer information.
The execution scope of AI Agents is expanding due to MCP and external tool integrations.
Senda-Argus aims to be a Security for AI platform that comprehensively records and analyzes the "judgment," "reasoning," and "execution" of AI Agents to address these challenges.
Key Features of Senda-Argus Hooks
1. Records LLM's Tool Selection Reasons
Senda-Argus Hooks acquires the following information returned by the LLM during tool selection:
task_summary: How the LLM understood the task.
reason_summary: Why the tool was chosen.
selected_tool: The tool selected by the LLM.
selected_tool.arguments: Arguments required for the tool call.
This allows auditing not just that "a tool was called," but "what the LLM understood and why it chose that tool."
2. Cross-references Agent Decisions with Actual MCP Tool Calls
The tool selected by the LLM is recorded as an Agent decision and then cross-referenced with the actual MCP Tool Call.
Using selected_tool_purpose_id and mcp.tool_call.purpose_id, Senda-Argus Hooks can verify the following:
Whether the tool selected by the LLM matches the Agent decision.
Whether the Agent decision matches the actual MCP Tool Call.
Whether the purpose ID of the selected tool matches the purpose ID of the actually called MCP Tool.
Whether unnecessary MCP Tool Calls are occurring when selected_tool is null.
This confirms the consistency between the AI Agent's judgment and execution.
3. Tracks RAG Reference Grounds in a Privacy-Safe Manner
RAG may reference important information such as internal documents, knowledge bases, and security investigation materials.
Senda-Argus Hooks does not save the RAG context body by default, but primarily records the following HASHes and metadata:
query_hash
context_hash
context_hashes
document_ids_hash
chunk_ids_hash
result_hash
data_source_hash
retriever_name
collection_name
vector_store
score range
This allows verification of which RAG data sources were used, whether the same set of grounds was reused, or if the set of grounds changed, without saving the body.
4. Prompt / Context / Result Body is OFF by Default
In corporate environments, LLM prompts, RAG contexts, and MCP results may contain confidential information, customer information, personal information, or information under investigation.
Senda-Argus Hooks does not save the following body data by default:
LLM prompt body
LLM raw response body
RAG query body
RAG context body
retrieved text body
MCP arguments body
MCP result body
On the other hand, HASHes necessary for auditing and reproducibility checks are recorded by default:
messages_hash
message_content_hashes
message_content_hash
query_hash
context_hashes
arguments_hash
result_hash
This aims to achieve both Privacy-Safe design that does not save the body and auditability.
5. purpose_id Across MCP / RAG / LLM
Senda-Argus Hooks generates a purpose_id from information such as MCP URL, Tool name, capability, RAG data source, retriever, collection, and vector store.
This allows tracking "for what purpose the AI Agent accessed which data source or tool."
Differences from Traditional AI Observability
Traditional AI Observability has focused on checking execution logs such as prompts, responses, tokens, latency, and Tool Calls.
Senda-Argus emphasizes the following aspects required for AI Agent security auditing:
Aspect
General AI Observability
Senda-Argus Hooks
Main Target
prompt / response / token / latency / Tool Call
LLM Judgment / RAG Grounds / Agent Decision / MCP Execution
Tool Selection Reason
Inferred from raw response and trace
Acquired as task_summary / reason_summary / selected_tool
Cross-referencing with MCP Execution
Primarily records Tool Calls individually
Consistency check using selected_tool_purpose_id and mcp.purpose_id
RAG Grounds
Often saves retrieved context body
Body OFF by default, tracked via HASH and metadata
Privacy
Depends on redaction and saving policies
Privacy-Safe design with body non-saving as default
Security Auditing
Observability-centric
Emphasizes auditing and control of AI Agent judgment and execution
Senda-Argus Hooks is not just an AI Agent log collection tool, but a Collector for auditing "why an LLM chose a particular tool, which RAG grounds it referenced, and which MCP Tool the Agent actually called."
Future Development
RainForest positions Senda-Argus Hooks as a Collector function of Senda-Argus and plans to integrate it with Senda-Argus API/DB, Diff Engine, and analysis UI.
Future development plans are as follows:
API for collecting, saving, and analyzing AI Agent execution logs
Consistency check between Agent decisions and MCP Tool Calls
Detection of differences in RAG ground sets
HASH-based auditing of prompts / RAG / MCP results
Detection of changes in AI Agent behavior
Analysis UI for Security for AI
Generation of audit reports for SOC / CSIRT / AI Governance departments
As a purely domestic Security for AI platform developed in Japan, Senda-Argus will support auditing, control, and security operations for corporate AI Agent utilization.
GitHub
Senda-Argus Hooks is available in the following GitHub repository:
https://github.com/rainforest-tokyo/senda_argus_hooks
About RainForest
RainForest conducts research and development in the fields of AI, cybersecurity, threat intelligence, and security automation. We are advancing various technology developments, including Senda-Argus, towards the realization of a Security for AI platform necessary for the AI Agent era.
[Company Profile]
Company Name: RainForest Inc.
Business Activities: Research and development of AI for Security, threat intelligence, AI Agent / MCP related technologies.
URL: https://www.rainforest-cs.jp/
[Inquiries]
RainForest Inc.
Contact: info@rainforest.jp
FACT BOX
- Source: PR TIMES
- Category: 技術
- Organizations: RainForest