mpl vs MCP: A Compliance and Audit Layer on Top of the Agent Protocol

MCP defines how agents talk. mpl defines what correct looks like. Why production agentic systems need both — and how to compose them.

The protocol-stack question

MCP (Model Context Protocol) and A2A (Agent-to-Agent) are the two de-facto protocols for agent-to-tool and agent-to-agent communication. They are well-designed, widely adopted, and answer the right question: how do agents exchange messages?

They do not answer the question production teams actually need answered: did the agent’s message meet the contract, and can you prove it? This is the gap mpl fills.

The 60-second version: MCP is a transport. mpl is a contract layer. They stack. mpl sits between your agent and your MCP server, observing, validating, and recording every message.

What MCP is

MCP is a JSON-RPC-based protocol that lets an LLM agent call tools exposed by an MCP server. The server advertises a list of tools (with names, descriptions, and JSON-Schema input/output types); the agent invokes them; results come back. It is the USB-C of agent ↔ tool integration:

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": {
    "name": "calendar.create",
    "arguments": {
      "title": "Quarterly Review",
      "start": "2026-03-15T14:00:00Z",
      "end":   "2026-03-15T15:00:00Z"
    }
  },
  "id": "req-1"
}

MCP is a transport. It moves messages. It does not check whether the messages are correct, it does not record who sent them, and it does not give you a quality score on the agent’s output.

What mpl is

mpl is a protocol layer that sits between your agents and the underlying MCP / A2A transport. It defines the contracts for every message type, measures the quality of every interaction, enforces your policies, and records tamper-evident audit trails:

┌─────────────────────────────┐
│      Your Agent Logic       │
├─────────────────────────────┤
│     mpl (this layer)        │
│  Contracts · Quality ·      │
│  Policies · Proofs          │
├─────────────────────────────┤
│   MCP (client-server)  or   │
│   A2A (peer-to-peer)        │
└─────────────────────────────┘

mpl ships with:

  • A contract registry — versioned JSON-Schema contracts for every message type (org.calendar.Event.v1, org.finance.Order.v1, etc.). 25+ contracts ship out of the box; you can add your own.
  • Quality measurement — six metrics (schema_fidelity, instruction_compliance, groundedness, determinism, ontology_adherence, tool_outcome) you mix into profiles (qom-basic, qom-strict-argcheck, custom).
  • A policy engine — declarative YAML rules that enforce organisational constraints (require provenance, block certain stypes, require a quality profile, etc.).
  • Cryptographic audit — every message gets a BLAKE3 hash, provenance metadata, and a quality report. These map directly to SOX, GDPR, HIPAA, and the EU AI Act.

The five dimensions

DimensionMCPmpl
LayerTransport (JSON-RPC)Contract / quality / audit layer
SolvesHow agents talkWhat correct looks like
AdoptionAnthropic, OpenAI, Google, Microsoft (de-facto)Early but growing
Schema validationJSON-Schema on the tool input/outputJSON-Schema on every message type, with versioning
Quality measurementNoneSix metrics, profile-driven
Policy enforcementNoneDeclarative policy engine
Audit trailNoneTamper-evident (BLAKE3 hash chain)
Compliance mappingNoneSOX, GDPR, HIPAA, EU AI Act
Mode: observen/aDrop-in proxy, transparent mode (no enforcement)
Mode: enforcen/aStrict mode (rejects bad messages before they reach the server)
Multi-protocoln/aWraps MCP and A2A, with a unified audit trail
Performance overheadn/a~3-8ms per message (proxy mode)
Language SDKsn/aPython, TypeScript, Rust

When to use which

Use MCP (without mpl) when:

  • You are prototyping, and the cost of a bad message is low.
  • The agent’s actions are reversible (e.g. read-only queries on your own data).
  • The blast radius of a mistake is small (a typo, a wrong search query, a minor scheduling error).
  • You are not in a regulated industry.

Use mpl on top of MCP when:

  • The agent takes actions that are not easily reversible (sending messages, making purchases, modifying settings).
  • You are in a regulated industry (finance, healthcare, government) and need to answer “what did the agent know when it did X” months later.
  • You need to enforce a contract (e.g. every calendar event must have a title, a start, and an end) and reject malformed requests before they hit your server.
  • You need quality measurement (e.g. is the agent’s output grounded in the data it claims to cite?).
  • You are running multiple agents and need a unified audit trail across all of them.

A 5-minute setup

mpl runs as a sidecar proxy in front of your existing MCP server. The agent’s code doesn’t change:

# 1. install
cargo install mplx
# or
pip install mpl-sdk

# 2. start your existing MCP server
my-mcp-server --port 8080

# 3. start mpl-proxy in transparent (observe) mode
mpl proxy http://localhost:8080 --port 9080
# → open http://localhost:9080 for the dashboard

# 4. point your agent at mpl-proxy instead of the server
# (config change, no code change)

# 5. once you've observed the traffic, lock in the schemas
mpl schemas generate        # learn contracts from live traffic
mpl schemas approve --all   # lock them in
mpl proxy http://localhost:8080 --mode production
# → now bad messages get blocked before they reach the server

Compliance mapping

mpl’s audit trail maps to the specific articles of the major regulations:

RegulationWhat mpl provides
SOX (Sarbanes-Oxley)Tamper-evident records (BLAKE3 hash chain) for every financial action the agent takes
GDPRRight-to-erasure for personal data in agent memory; data-handling proof via the policy engine
HIPAAQuality thresholds on clinical outputs (instruction_compliance ≥ 0.95); provenance for every PHI access
EU AI ActQuality scores + full provenance chain for every high-risk AI action; transparency log for end-users

This is the gap MCP does not address. If you are deploying agents in a regulated environment, you need both.