diff --git a/plans/abstractions.md b/plans/abstractions.md
index 50881373..74da875d 100644
--- a/plans/abstractions.md
+++ b/plans/abstractions.md
@@ -12,6 +12,12 @@ Anything short → _Watching_ (what's missing) or _Rejected_ (why).
 
 ## Last scan
 
+- **Date:** 2026-06-07 (radar loop, pass 11)
+- **Pass 11 — W4 sharpened with a consumer ledger.** commerce built an **order ledger on
+  persist** (2nd live exemplar; uses `persist/append-once` for webhook idempotency) and
+  identity a **grant audit ledger** (in-memory Erlang fake, gated on an Erlang↔persist
+  bridge). The append-only monotonic-seq event-log pattern is now validated across 4
+  domains, 2 live on persist + 3 fakes flagged for adoption. See W4 table.
 - **Date:** 2026-06-07 (radar loop, pass 10)
 - **Pass 10:** commerce/content/events/identity advancing (content 238/238). Probed a
   shape outside the routing table — **guarded lifecycle state machines** (mod/lifecycle +
@@ -212,8 +218,24 @@ Anything short → _Watching_ (what's missing) or _Rejected_ (why).
   (filter `persist/event-seq ev <= seq`, :61). "The op log is the source of truth …
   the materialised doc is a cache, never primary state."
   This proves the W4 target is real, not hypothetical: acl + mod's hand-rolled
-  monotonic-seq logs should adopt exactly content's `persist/log` pattern. **W4 now =
-  1 correct exemplar (content) + 2 fakes to migrate (acl, mod).**
+  monotonic-seq logs should adopt exactly content's `persist/log` pattern.
+- **Consumer ledger of the append-only monotonic-seq event log (pass 11):**
+
+  | consumer | what | backing | note |
+  |---|---|---|---|
+  | content (`store.sx`) | doc op log | **persist/log ✓ live** | append + replay-to-seq |
+  | commerce (`ledger.sx`) | order ledger | **persist/log ✓ live** | uses `persist/append-once` (idempotent, webhook-replay-safe) :40,58 |
+  | acl (`audit.sx`) | decision log | in-memory fake (SX) | migrate directly when host adapter lands |
+  | mod (`audit.sx`) | decision log | in-memory fake (SX) | migrate directly |
+  | identity (`audit.sx`) | grant ledger | in-memory fake (**Erlang**) | `{Seq,Subject,Action}`; needs an **Erlang↔persist bridge** first — author scoped it out until persist lands ("queryable semantics identical") |
+
+- **Two takeaways:** (1) the pattern is **validated across domains** — CRDT doc ops,
+  financial orders, rule decisions, OAuth grants all reduce to the same append-only
+  monotonic-seq stream; (2) migrating to `persist/log` is strictly *better* than the
+  fakes — commerce shows it gives **idempotent append-once** (dedup/replay-safety) for
+  free. This is an **adoption** item (the home already exists), NOT a new extraction —
+  owned by persist/host-persist × each consumer loop. The SX fakes (acl, mod) migrate
+  directly; the Erlang fake (identity) is gated on an Erlang↔persist bridge.
 
 ### W5 · Proof-tree explanation over a logic-program derivation
 - `acl/lib/acl/explain.sx` (reconstructs a canonical proof by goal-directed search over a