Audit log

Sensitive admin actions are recorded here — keys minted, credentials rotated, webhooks deleted, login attempts. We don't log chat messages (that's billing data) or read-only navigation. Logs are append-only and retained for incident response.