MCP-Watch provides visibility and governance for AI agents operating against Splunk through the Model Context Protocol. The app surfaces every SPL query executed by MCP servers, flags anti-patterns such as wildcard index searches and overly wide time ranges, and reports on REST endpoint usage. It reads exclusively from Splunk's built-in _audit and _internal indexes, requiring no additional data ingestion or dependencies. Administrators configure a lookup table with the Splunk usernames their MCP servers authenticate as, and the app then tracks query volume, identifies quality issues, and enables per-user tool access governance. Four dashboards present MCP activity across operational and compliance dimensions, while scheduled searches and alerts provide ongoing monitoring of agent behavior.