docs(wiki): extract audit log + coi audit into dedicated Audit-Log page Security-Monitoring was the largest page (~500 lines). Move the on-disk audit log format, field reference, and the full 'coi audit' command docs into a new Audit-Log page (Security-Monitoring now links to it with a short stub). Retarget inbound links (Session-Logs, Migration-Guide, Home, sidebar). Security-Monitoring 328 lines; all internal links verified.

Maciej Mensfeld committed Jun 17, 2026

fix: update session log docs to reflect SessionLogger migration - Session-Logs.md: remove stale "Related Background Logs" table that still referenced network-refresh-<container>.log (no longer created); replace with a "What Goes Into Session Logs" table showing which subsystem output lands in which file (.stdout.log vs .stderr.log) - Security-Monitoring.md: fix the Limitations note about NFT OnError callbacks — errors now go to <container>.stderr.log (viewable via `coi logs`), not silently discarded or sent to audit logs

mensfeld committed May 27, 2026

docs: add coi audit and coi logs documentation - Security-Monitoring.md: add full 'coi audit' section covering both dump and follow modes, event format/types, all five event sources, heartbeat liveness detection, jq filtering examples, agent tuning env vars, and resource overhead - Session-Logs.md: new page documenting 'coi logs', log file locations, follow mode, output format, and the network-refresh background log - Home.md: link to Session-Logs from the Security nav section; update Security-Monitoring description to mention coi audit Closes #390

Maciej Mensfeld committed May 27, 2026