Pick a persistent store for delegated_agent audit log entries. Recommend Grafana Cloud Loki (already adopted by ADR-019, free at pilot scale) for general-purpose audit retention, with a small Mongo audit_logs collection reserved only for the customer-facing 'who did what' query surface once a tenant asks for one.
CISO perspective on Round 3 automation-persistence analysis: chain-level temporal tracking is compliance-critical (cannot answer 'how did this automation's blast radius change in 90 days' without it).
CISO perspective on Round 2 execution-flow analysis: six security blind spots in the AzureGraphRouter display and the seven elements required for a credible cross-system automation security review.
Round 5 CISO analysis on what entity type Business Rules, Script Includes, REST Messages, OAuth Profiles, Flow Designer Flows, and Scheduled Jobs should actually be in the SecurityV0 data model
Round 4 CISO analysis evaluating how OAA (Open Authorization API) concepts map to SecurityV0's automation chain modeling