Audit trail

Every row below is an append-only entry written by the audit.log part — the database itself refuses UPDATE, DELETE and TRUNCATE. Each is tagged with the part that produced it. Rate-limited requests never appear: ratelimit.api rejects them with a 429 before the handler runs. The webhooks.ingest rows are the composition — a verified delivery flowing into the log through a handler the app wrote.