Framework design upload

spec/event-provenance.md

@@ -0,0 +1,23 @@
+# Event provenance (draft)
+
+## Goals
+- Record what happened and why.
+- Enable audit and debugging.
+- Support tamper-evident logging later.
+
+## Event fields (suggested)
+- `event_id`
+- `ts`
+- `domain_id`
+- `actor` (worker/tool)
+- `intent_ref`
+- `capability_id` (if applicable)
+- `inputs` (hashed or redacted as policy requires)
+- `outputs` (hashed or redacted)
+- `status` (ok/denied/error)
+- `cost` (latency, cpu, etc.)
+
+## Storage
+- append-only log per domain
+- optional ZFS dataset per domain in homelab deployments
+