Commits on May 7, 2026 permissions: Why? / What if? affordance on every Activity row Adds the two affordances PERMISSIONS.md and the spec promise on every audit row: - Click a row (or the inline "Why?" link) to expand a detail panel. The detail panel renders the tier-by-tier trace as a table — which tier fired, which source matched, which rule, what reason — alongside resource info, label flow in/out, and any error code. - The same panel hosts a "What if?" simulator: pick a different session mode and click Run; the sidebar calls policy.replay through the new audit handler and renders the diff against the recorded outcome (effect-changed banner if the simulated decision differs, decision badge + tier + reason + new trace either way). The auto-refresh loop now pauses while a detail is open so users don't lose their place mid-investigation. Tests cover policy.replay's success path and the missing-record-id error path; run alongside the existing audit handler suite.…