From 925f4e4e5bf040dd6bfccbb7db8d75235d13574b Mon Sep 17 00:00:00 2001
From: Danijel Martinek <danijel@fraqtal.xyz>
Date: Tue, 12 May 2026 22:35:23 +0200
Subject: [PATCH] docs(core-audit): TODO breadcrumb for future audit recording
 automation

---
 packages/core-audit/src/with-audit.ts | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/packages/core-audit/src/with-audit.ts b/packages/core-audit/src/with-audit.ts
index a521816..93a0e07 100644
--- a/packages/core-audit/src/with-audit.ts
+++ b/packages/core-audit/src/with-audit.ts
@@ -22,10 +22,11 @@ export type Audited<F> = F & { readonly __audited: true };
  * is out of scope here.
  */
 export function withAudit<Args extends unknown[], R>(
-  // The auditLog is part of the signature for two reasons: (1) callers must
-  // pass it at bind time, ensuring the dep is available, and (2) future
-  // versions of this wrapper will use it to emit audit events from the
-  // declarative manifest entry directly.
+  // TODO(conformance milestone iii+): wire automated recording from manifest
+  // `audits[]` declarations. For now, the wrapper exists to:
+  //   (1) require callers to pass the auditLog at bind time (dep is available)
+  //   (2) attach the `__audited` brand so the boot-time assertion can verify
+  //       mutating use cases were bound through the audit-aware path.
   auditLog: IAuditLog,
   fn: (...args: Args) => Promise<R>,
 ): Audited<(...args: Args) => Promise<R>> {