This is a one-shot, irreversible cryptographic operation. The live
AUDIT_HMAC_KEY will be Shamir-split into 5 shares (threshold 3).
Shares 1, 2, 3 will be encrypted under HKDF-derived keys bound to your user_id.
Shares 4, 5 will be encrypted under placeholder markers awaiting real custodians.
This entire event is chain-stamped via the codex.
Assign a Shamir share to a user. Use this to replace placeholder shares 4, 5 once additional custodians are hired.
Officer-only. Begins a cooling-off window before custodians may grant shares.
You're contributing your share to an in-flight ceremony. WebAuthn or biometric MFA is required for production ceremonies; TOTP is dry-run only.
Officer-only emergency stop. Marks the ceremony aborted, prevents further share grants, chain-stamps the reason. Use when duress, coercion, or attack is suspected.