Context

In crates/zeph-tools/src/audit.rs, AuditLogger::log() silently drops audit entries when serde serialization fails (lines 89-91). No tracing::error! is emitted.

Impact

In production, a broken AuditEntry serialization would silently disappear from the JSONL audit log with no indication. This is a compliance gap — audit logs must be complete.

Fix

Replace the silent drop with a tracing::error!("audit entry serialization failed: {err}") so failures are observable in logs.

Related

• PR feat(security): MCP→ACP confused-deputy boundary enforcement and security model audit #2436 — introduced cross_boundary_mcp_to_acp audit field