Audit log
A transparent, aggregate record that access control held: by clearance and by face, what came back and what was withheld. By design it never logs who asked or what they asked, so people query the brain freely.
Aggregate · no per-person tracking
Accesses recorded3this session
Withholding events3
Per-person trackingOff
Sequence#0–2monotonic
By clearance
- general3 accesses · 3 withheld
- director0 accesses
By face
- UI2 accesses
- Agent1 access
| # | Face | Clearance | Action | Returned | Withheld |
|---|---|---|---|---|---|
| 2 | Agent | general | Query | 0 | 8 |
| 1 | UI | general | Query | 0 | 9 |
| 0 | UI | general | Query | 3 | 6 |
The record keeps the clearance and outcome of each access, never the question text or the person behind it. Trust is the point: people use the brain freely, and the institute can still prove the rules were enforced. The same trail is shared by the dashboard and the MCP server.