diff --git a/packages/core-audit/src/audit-log.interface.ts b/packages/core-audit/src/audit-log.interface.ts
new file mode 100644
index 0000000..a4b8abd
--- /dev/null
+++ b/packages/core-audit/src/audit-log.interface.ts
@@ -0,0 +1,22 @@
+import type { AuditLogProtocol } from "@repo/core-shared/di/bind-protocols";
+import type { AuditEntry } from "@repo/core-shared/audit";
+
+/**
+ * Full audit log interface. Extends the minimal `AuditLogProtocol` from
+ * core-shared with the privileged `eraseSubject` op for GDPR erasure.
+ *
+ * Feature binders that receive `ctx.auditLog` see only `AuditLogProtocol`
+ * (record). Admin-path code that needs erasure imports this full interface.
+ *
+ * The `extends` link forces typecheck failure if either side narrows below
+ * the protocol surface — same safety net as IEventBus, IRealtimeBroadcaster,
+ * IRealtimeHandlerRegistry, IMetrics.
+ */
+export interface IAuditLog extends AuditLogProtocol {
+  // record(entry: AuditEntry): Promise<void>  — inherited from protocol
+  eraseSubject(actorId: string, mode: "pseudonymize" | "delete"): Promise<void>;
+}
+
+// Re-export AuditEntry for convenience (so consumers don't always need
+// to dual-import from @repo/core-shared/audit).
+export type { AuditEntry };
diff --git a/packages/core-audit/src/di/symbols.ts b/packages/core-audit/src/di/symbols.ts
new file mode 100644
index 0000000..badb48a
--- /dev/null
+++ b/packages/core-audit/src/di/symbols.ts
@@ -0,0 +1,3 @@
+export const AUDIT_SYMBOLS = {
+  IAuditLog: Symbol.for("core-audit:IAuditLog"),
+} as const;