Package audit records the tool calls an AI/MCP client makes, so the operator
can always see what an assistant did to their containers. It is shared across
processes: both the GUI server and the standalone `oriel mcp` process append to
the same JSONL file (under the user data dir), and the server reads it for the
UI. The operator's own UI clicks are NOT recorded, only non-interactive (agent)
calls reach Record.
Record appends one entry for an agent tool call. String args that look like
secrets are masked, so a tool argument can't leak a credential into the log.
Best-effort: a logging failure must never break the tool call, so errors are
swallowed.