Draft workplan for a unified, metadata-only audit log of every ops-warden action (sign,
access proxy, worker send/tick) and a single `warden activity [--days N] [--kind] [--json]`
command to read it. Secret-material guard so no value ever lands in the audit; folds in the
existing signatures.log / access-audit.log; optional --hub for the progress-note narrative.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>