Audit log

Append-only record of every publish, edit, revoke, access change, and token action.

Security and admin actions are recorded here with actor, IP, and time — append-only, retained independently of report retention.

shell Append-only audit is written throughout Phases 1–8.