Audit Logging

Every decision is immutably logged with: - who/what/when (actor, agent, timestamp) - attempted action + attributes - decision (allow/deny/approval) + reason - approver identity (if applicable)

Export to SIEM → Splunk, Sentinel, Elastic.