Your Agent Has Two Logs. One of Them Doesn't Exist Yet.

Earlier this week I read Daniel Nwaneri's piece on induced authorization — the observation that agents don't just do unauthorized things, they cause humans to do unauthorized things. His central example: an agent gives advice, an engineer widens a permission based on that advice, the agent's action log shows nothing unusual. The exposure is real. The log is clean. He named this the induced-edge problem , and the framing is sharp enough to deserve a concrete answer. Here's the answer CORE gives — and the gap it still doesn't close. And why that gap is not an oversight, but a frontier. Two Logs, Not One Most agent governance architectures assume one audit object: the action log. What did the agent do? The induced-edge problem reveals that this is the wrong unit. There are actually two logs: Log 1 — The action log. What the agent executed directly. This exists. For CORE, it's the blackboard: every worker posts findings, proposals, and outcomes to a PostgreSQL append-only record. Nothing i