I haven't done any installations or disk formatting in months.(It's also possible for the FileVault password to be stored in your Keychain, so that the drive mounts without you entering a password, but it doesn't sound like that's what's happening in your case.)
I am hoping some Console log file records an encryption status change. I found a 5-year-old terminal command that sounds like what I want, but it didn't show anything that seems related.
"log show ... 'subsystem == "com.apple.securityd"' ...
I can't find much information about keychain files. If a FileVault password was stored in a keychain, which keychain file would it be in? I found one screenshot showing an entry "FileVault" in the left-hand column of Keychain Access, but I have no such entry. In my Keychains folder I have keychain-2.db (modified March 27), keychain-2.db-shm (modified March 16), keychain-2.db-wal (modified yesterday), login.keychain-db (modified yesterday). Does anyone know what causes these files to be modified? I think nothing I did last month should change anything password-related.
I guess my next step is turn FileVault back on and see what shows up in the log and in Keychain Access and in the Keychains folder.