# Event provenance (draft)

## Goals
- Record what happened and why.
- Enable audit and debugging.
- Support tamper-evident logging later.

## Event fields (suggested)
- `event_id`
- `ts`
- `domain_id`
- `actor` (worker/tool)
- `intent_ref`
- `capability_id` (if applicable)
- `inputs` (hashed or redacted as policy requires)
- `outputs` (hashed or redacted)
- `status` (ok/denied/error)
- `cost` (latency, cpu, etc.)

## Storage
- append-only log per domain
- optional ZFS dataset per domain in homelab deployments