Your AI agent's audit trail is not evidence. Here's what makes it one.

This post builds on a conversation that started in Ian Johnson's harness stack thread and the research being published by @zep1997 in the Self-Correcting Systems series. The problem is real and I've been building in this space.

CLAIM-24 tested whether an agent checks a grant against current source conditions, not just the clock.

CLAIM-25 tested whether a signed response is both authentic and fresh — signed-AND-fresh, not just signed.

CLAIM-26 tests what happens after the action is taken: can an auditor reconstruct exactly what authority justified it?

The finding: a log that says ALLOW is not evidence. An authority event written after the action, even with matching hashes, is reconstruction — not prior authorization. The gap between a SeparateWriteGate (5/7) and a PairedAuthorityActionGate (7/7) is two failure modes that look clean but aren't: post_hoc and audit_gap.