New `mcp_clients` table for tracking MCP usage

[somethingnew2-0]

Feature request

What new feature do you want?

With the advent of large-language models (LLMs) popularity, a new protocol named Model Context Protocol (MCP) has been standardized and developed for connecting data sources with these tools. We'd like a way to track usage and write policies around MCP clients on devices with osquery installed with a new OSQuery table: mcp_client. This table would include useful metadata about the particular MCP client not exposed by the existing, generic apps or programs tables such as listing currently configured MCP servers.

How is this new feature useful?

This would provide a unified, cross-platform way for organizations to better track usage of MCP clients and servers, as well as, enforce policies (outside the scope of osquery) based on what MCP clients and servers are permitted.

How can this be implemented?

1. Search for common MCP client configuration, for example:

OpenAI's ChatGPT desktop client config:

• ~/.chatgpt

Anthropic's Claude Desktop client config:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

Anysphere's Cursor config:

• ~/.cursor/mcp.json

2. Parse the found config and provide common metadata such as connected MCP servers