diff --git a/AUDITS.md b/AUDITS.md
new file mode 100644
index 0000000..ec128fc
--- /dev/null
+++ b/AUDITS.md
@@ -0,0 +1,114 @@
+# Audit Log
+
+This file tracks spec-to-implementation audits.
+
+## 2025-12-22 — ASL/1-CORE (`tier1/asl-1-core.md`)
+- Scope: ASL/1-CORE conformance for value semantics, encoding profiles, and
+  reference derivation.
+- Findings: immutability enforcement gaps; EncodingProfileId layering leak; no
+  central ASL ref-derivation API; `amduat_octets_eq` missing invalid-input guard.
+- Resolution: implemented fixes and added `amduat_asl_ref_derive` conformance test.
+- Tests: `ctest --test-dir build` (11 tests).
+
+## 2025-12-22 — ASL/1-STORE (`tier1/asl-1-store.md`)
+- Scope: ASL/1-STORE conformance for store semantics, error mapping, and
+  StoreConfig handling in ASL store implementations.
+- Findings: `put` could delete existing artifacts on fsync failure; non-integrity
+  failures surfaced as integrity errors; malformed references treated as
+  unsupported; StoreConfig not enforced at the wrapper boundary.
+- Resolution: gated unlink on new writes; introduced `AMDUAT_ASL_STORE_ERR_IO`
+  and mapped I/O paths; treat malformed refs as `ERR_INTEGRITY`; added optional
+  `validate_config` hook with minimal wrapper checks; added
+  `amduat_asl_store_ops_init` helper to avoid uninitialized ops.
+- Tests: command not provided — pass (user reported “100% tests passed, 0 tests
+  failed out of 11”).
+
+## 2025-12-22 — ENC/ASL1-CORE (`tier1/enc-asl1-core.md`)
+- Scope: canonical encoding/decoding for ArtifactBytes and ReferenceBytes in
+  store-related paths.
+- Findings: Reference codec rejected unknown `hash_id` values; FS store requires
+  digests >= 2 bytes (layout constraint).
+- Resolution: accept unknown `hash_id` values with framing, enforce digest
+  length only when known; reject reserved `hash_id = 0`; documented FS store
+  digest-length constraint in `README.md`.
+- Tests: not run.
+
+## 2025-12-22 — HASH/ASL1 (`tier1/hash-asl1.md`)
+- Scope: registry behavior, reserved IDs, immutability, and streaming support.
+- Findings: reserved IDs treated as usable; `0x0000` reachable via registry
+  enumeration; SHA-256 override allowed; no streaming API.
+- Resolution: reserved-ID guard + registry rows for `0x8002–0x80FF`; removed
+  `0x0000` from runtime list; block SHA-256 override; added streaming API and
+  updated tgk mem-store test to use a non-reserved unsupported hash ID.
+- Tests: `ctest --test-dir /home/niklas/build/amduat` (pass, 11 tests).
+
+## 2025-12-22 — PEL/1-CORE (`tier1/pel-1-core.md`)
+- Scope: core execution semantics, totality, and out-of-model failure handling.
+- Findings: OOM paths emitted core results; `amduat_pel_exec_program_bytes`
+  returned false on invalid program bytes; decode OOM indistinguishable from
+  invalid; kernel op OOM mapped to runtime failure.
+- Resolution: treat OOM as out-of-model throughout; add decode status API; make
+  `amduat_pel_exec_program_bytes` return deterministic `INVALID_*` results;
+  propagate kernel op OOM status to abort execution.
+- Tests: not run.
+
+## 2025-12-22 — PEL/1-SURF (`tier1/pel-1-surf.md`)
+- Scope: store-backed surface execution wiring, store error mapping, result
+  artifact semantics, and params handling for DAG scheme.
+- Findings: `params_ref` resolved but not passed to scheme; store `ERR_IO` mapped
+  to `StoreFailure` instead of environment failure; trace+result persistence and
+  result TypeTag wiring needed alignment.
+- Resolution: pass global params into scheme execution; treat `ERR_IO` as
+  environment failure (no surface result); ensure surface result TypeTag and
+  diagnostics wiring; add conformance tests for params and store I/O behavior.
+- Tests: command not provided — pass (user reported “100% tests passed, 0 tests
+  failed out of 11”).
+
+## 2025-12-22 — PEL/PROGRAM-DAG/1 (`tier1/pel-program-dag-1.md`)
+- Scope: Exec_DAG semantics, structural validity, canonical order, diagnostics,
+  and scheme entrypoint correctness.
+- Findings: Exec_DAG accepted raw bytes without enforcing program TypeTag;
+  diagnostics were empty for invalid program/input/runtime cases; OOM returned
+  false with no `ExecutionResultValue`; CLI exec lacked diagnostics and could
+  not accept tagged program artifacts.
+- Resolution: added artifact entrypoint with TypeTag enforcement; demoted raw
+  bytes helper; deterministic diagnostics across validation and runtime; treat
+  OOM as deterministic `RUNTIME_FAILED`; expose diagnostics in formatters and
+  CLI; allow `amduat-pel exec` to accept artifact input via `--program-format`
+  (defaulting to artifact when `--input-format artifact` is set); refined
+  structural diagnostics for node output index errors.
+- Tests: command not provided — pass (user reported “100% tests passed, 0 tests
+  failed out of 11”).
+
+## 2025-12-22 — PEL/PROGRAM-DAG-DESC/1 (`tier1/pel-program-dag-desc-1.md`)
+- Scope: scheme descriptor Artifact layout, SchemeRef derivation, and DAG scheme
+  binding behavior.
+- Findings: missing descriptor encode/decode implementation; no recognition
+  path for `TYPE_TAG_PEL_SCHEME_DESC_1`; program interpretation ignored
+  descriptor `program_type_tag`/`program_enc_profile`; scheme dispatch did not
+  reject non-`SchemeRef_DAG_1`.
+- Resolution: added descriptor codec + round-trip tests; added canonical
+  descriptor recognition helpers; wired validation in CLI; introduced binding
+  accessor for program type/profile and used it across execution/CLI/seed;
+  added scheme-aware exec path and CLI flag.
+- Tests: command not provided — pass (user reported “100% tests passed, 0 tests
+  failed out of 12”).
+
+## 2025-12-22 — ENC/PEL-PROGRAM-DAG/1 (`tier1/enc-pel-program-dag-1.md`)
+- Scope: ProgramBytes encoding/decoding, canonical order, and framing limits.
+- Findings: size overflow risk when allocating canonical node order and when
+  computing roots byte size, leading to non-canonical encodes.
+- Resolution: added explicit overflow guards; added regression test for large
+  count rejection.
+- Tests: command not provided — pass (user reported “100% tests passed, 0 tests
+  failed out of 13”).
+
+## 2025-12-22 — ENC/PEL1-RESULT/1 (`tier1/enc-pel1-result-1.md`)
+- Scope: surface result encoding, inline `ExecutionResultValue`, and encoding
+  invariants.
+- Findings: encoder did not enforce `ExecutionStatus`/summary invariants or
+  `store_failure` ↔ status coupling; decoder accepted out-of-range status/kind.
+- Resolution: enforced invariants in encoder; added strict status/kind checks
+  in decoder; added invariant regression tests.
+- Tests: command not provided — pass (user reported “100% tests passed, 0 tests
+  failed out of 14”).