What this PR does / why we need it:

This PR adds structured audit logging in JSONL format for the Python MCP feature server.

Previously, the MCP integration only logged startup events and errors. Operators did not have a unified audit trail for MCP tool calls, internal REST requests, authentication results, authorization decisions, or request correlation.

This change introduces an audit_logging configuration section under feature_server and adds structured audit events for:

• MCP tool invocations
• MCP JSON-RPC requests
• REST endpoint requests
• Authentication outcomes
• Authorization decisions
• Request correlation through X-Request-Id
• Client IP address and transport metadata

Each audit event follows a stable schema and includes:

• event_type
• UTC timestamp
• request_id
• principal (username, roles, and auth_type)
• source (ip and transport)
• action (MCP tool name and/or HTTP path)
• resource (type, name, and permitted actions)
• outcome
• duration_ms

Sensitive data is intentionally excluded from audit logs. Tokens, entity rows, feature values, and request payloads are not logged.

Audit logging layers

New files

• sdk/python/feast/audit/audit_logger.py

  • Adds the AuditEvent model.
  • Adds sink abstractions: StdoutAuditSink, FileAuditSink, and LoggerAuditSink.
  • Adds AuditLogger helper methods for MCP, HTTP, authentication, and authorization events.

• sdk/python/feast/audit/audit_middleware.py

  • Adds AuditLoggingMiddleware for REST endpoint auditing.
  • Adds McpAuditMiddleware for MCP JSON-RPC request auditing.

Modified files

• sdk/python/feast/infra/feature_servers/base_config.py

  • Adds AuditLoggingConfig to BaseFeatureServerConfig.

• sdk/python/feast/feature_server.py

  • Initializes the audit logger lifecycle.
  • Wires the audit middleware into get_app().

Example configuration

feature_server:
  type: mcp
  mcp_enabled: true
  audit_logging:
    enabled: true
    sink: stdout          # stdout | file | logger
    # file_path: /var/log/feast_audit.jsonl
    log_successful_reads: true

Example JSONL event

{
  "event_type": "mcp.tools.call",
  "timestamp": "2026-05-28T12:00:00.000Z",
  "request_id": "...",
  "principal": {
    "username": "jane@co.com",
    "roles": ["reader"],
    "auth_type": "oidc"
  },
  "source": {
    "ip": "10.0.0.1",
    "transport": "mcp-http"
  },
  "action": {
    "mcp_tool": "get_online_features",
    "path": "/mcp"
  },
  "outcome": "success",
  "duration_ms": 42.0
}

Which issue(s) this PR fixes:

Fixes #6452

Checks

• I've made sure the tests are passing.
• My commits are signed off (git commit -s)
• My PR title follows conventional commits format

Testing Strategy

• Unit tests
• Integration tests
• Manual tests
• Testing is not required for this change

Added 37 unit tests covering:

• AuditEvent serialization in JSONL format, including exclusion of None values

• AuditLogger helpers:

  • log_mcp_call
  • log_http_request
  • log_authn
  • log_authz

• Suppression of successful read events when log_successful_reads: false

• All supported sinks:

  • StdoutAuditSink
  • FileAuditSink
  • LoggerAuditSink

• create_audit_logger_from_config factory behavior and fallback handling

• AuditLoggingConfig validation and inheritance through McpFeatureServerConfig

• AuditLoggingMiddleware behavior:

  • HTTP request logging
  • Health and MCP route skipping
  • Error outcomes
  • X-Request-Id propagation
  • Resource mapping

• McpAuditMiddleware behavior:

  • MCP tool-call extraction from JSON-RPC request bodies
  • Generic MCP request logging
  • Non-JSON request-body handling

Misc

• audit_logging is defined on BaseFeatureServerConfig, making it available to both local and MCP feature server types.
• Principal metadata is extracted from the existing SecurityManager context and supports no_auth, oidc, and kubernetes authentication modes.
• Registry MCP parity and an OpenTelemetry sink are intentionally left as follow-up improvements, as noted in the linked issue.