Do not claim that every denied call is currently written to the public MCP audit table. Auth failures, rate-limit denials, and method-level denials return HTTP errors before the public MCP tool handler runs.
Internal agent denied-tool attempts may appear as tool attempts in run telemetry depending on SDK stream behavior, but the current tool_calls write path does not populate outcome or denial_reason.
If the product needs “including denied calls” as a launch claim, add an explicit audit write in the auth, rate-limit, and permission-denial paths before publishing that line.