Audit log

PII discipline: emails are pseudonymised to a deterministic 12-hex hash before this dashboard sees them — the same user always hashes to the same identity, so an admin can correlate events without the platform leaking the raw address. Free-text fields (messages) are truncated to 80 characters. This dashboard is itself noindex and token-gated. See /docs/security/ for the full data-flow policy.