Weldon Web

Product

MCP Audit & Compliance Gateway

An Azure Managed Application that sits between your AI agents and MCP servers as a YARP reverse proxy — enforcing compliance policies, emitting structured audit events, and reporting metered usage to the Azure Marketplace.

Get it on Azure Marketplace →

What it does

Compliance policy enforcement

Per-route identity allow-lists and per-tool deny-pattern rules let you define exactly who can call which tools and block what content. Regex-based deny patterns are evaluated before the request reaches the upstream MCP server — sensitive data never leaves your perimeter.

Structured audit events

Every MCP tool call is logged with identity, tool name, full request and response payload, and timestamps. Events are emitted to Log Analytics and OpenTelemetry, giving your security team a complete, queryable record of what every AI agent did and when.

Marketplace metering

Invocation counts are reported to the Azure Marketplace Metering Service for commercial billing. Per-tier monthly caps are enforced in-process so you always stay within budget. Free, Pro, and Enterprise tiers are available.

How it works

The gateway is deployed as an Azure Managed Application alongside your existing infrastructure. Every request from an AI agent flows through a single pipeline:

  1. 1.JWT validationThe caller's identity is verified and extracted from the token.
  2. 2.Policy engineIdentity allow-lists and tool deny-patterns are evaluated. Non-matching requests are rejected with a structured error before any upstream call is made.
  3. 3.YARP reverse proxyApproved requests are forwarded to the target MCP server with full HTTP/2 support.
  4. 4.Audit emissionThe full request/response pair is written to Log Analytics and the OTel exporter.
  5. 5.MeteringSuccessful invocations are counted and reported to Azure Marketplace Metering Service.

Tiers

Free

Full audit logging and policy enforcement up to a monthly invocation cap. No Marketplace billing configuration required.

Pro

Raised invocation limits with full audit retention and Marketplace billing integration.

Enterprise

Unlimited invocations, OPA integration for advanced policy, Redis-backed counters for multi-instance deployments, and Azure Sentinel workbook support.

Who it's for

  • Enterprise teams deploying AI agents (Claude, ChatGPT, or custom) at scale
  • Security and compliance teams in regulated industries who need a complete audit trail
  • Azure-native engineering organisations that want observability without rebuilding their MCP servers

Ready to get started?

Available now on Azure Marketplace. Deploy in minutes as a Managed Application alongside your existing Azure infrastructure.

Get it on Azure Marketplace →