docs(ecosystem): record canonical audit event id rollout

2026-04-04 11:21:08 -07:00 · 2026-04-04 11:21:08 -07:00 · eee122506c
commit eee122506c
parent a57b367fe5
3 changed files with 18 additions and 4 deletions
--- a/docs/ecosystem/ECOSYSTEM_IMPLEMENTATION_TRACKER.md
+++ b/docs/ecosystem/ECOSYSTEM_IMPLEMENTATION_TRACKER.md
@ -254,17 +254,25 @@ These should be resolved before claiming the ecosystem docs are fully implementa
  - platform-service now preserves queued platform runs as `queued`
  - cowork-service now projects pending IPC tasks as queued runs
  - FlowMonk now projects scheduled entries as queued runs
+- [x] emit and consume canonical Cowork audit event IDs across Rust, cowork-service, and ActionTrail
+      Commits:
+  - `3963f63`
+  - `a57b367`
+  - `37e9a3c`
+    Status note:
+  - Cowork Rust now emits canonical `event_id` values on audit records and forwards them into platform audit `details.eventId`
+  - cowork-service now prefers the canonical event ID for `AgentApprovalCheckpoint.approvalId` and `AgentActionLog.actionLogId`
+  - ActionTrail now preserves the latest Cowork audit `event_id` as the `trail-report` provenance origin action and `artifact.created` causation anchor

 ### 6.1 Remaining Direct Runtime TODOs

 - Cowork: add `AgentTodo` direct projection once the product exposes first-class todo entities.
- Cowork: attach canonical event IDs to approval and audit trails so ActionTrail lineage can stop using fallback/null semantics.
 - FlowMonk: add direct `AgentApprovalCheckpoint` and `AgentTodo` projections once the product exposes first-class approval/todo primitives.
 - Shared docs: clarify run-vs-session lifecycle guidance now that `queued` is first-class.

 ### 6.2 Explicit Blockers And Questions

- Question: should Cowork approval/audit records emit canonical event IDs from Rust so runtime projections and ActionTrail lineage can share the same identifiers?
+- Question: should Cowork eventually expose canonical event IDs directly on session/task IPC projections too, or is the audit/action surface enough for the current roadmap?

 ---

--- a/docs/ecosystem/PHASE3_COWORK_ACTIONTRAIL_NOTE_MEMORY_EXECUTION_PLAN.md
+++ b/docs/ecosystem/PHASE3_COWORK_ACTIONTRAIL_NOTE_MEMORY_EXECUTION_PLAN.md
@ -20,6 +20,8 @@ Baseline seam:

 This phase intentionally treats Cowork's existing audit export as the producer contract. It does not require new desktop runtime plumbing.

+The producer contract now includes Cowork-emitted canonical `event_id` values so ActionTrail lineage can anchor the `trail-report` artifact to a real upstream audit event when one is present.
+
 ---

 ## 2. Repos In Scope
@ -129,3 +131,5 @@ The remaining unchecked item is explicitly deferred. Phase 3 baseline is still c
 - `a253de1` normalized Phase 3 ActionTrail event trace semantics
 - `7ee2151` wired the NoteLett Phase 3 import through a live backend route
 - `5a7f80d` wired the MindLyst Phase 3 audited note import through the memory API
+- `3963f63` Cowork now emits canonical audit `event_id` values from Rust and includes them in desktop audit export payloads
+- `37e9a3c` ActionTrail now preserves Cowork canonical audit event IDs in `trail-report` provenance and `artifact.created` trace causation
--- a/docs/ecosystem/PHASE5_AGENT_RUNTIME_CONTRACT_EXECUTION_PLAN.md
+++ b/docs/ecosystem/PHASE5_AGENT_RUNTIME_CONTRACT_EXECUTION_PLAN.md
@ -100,13 +100,15 @@ Observed baseline:
 - `1ccafa7` FlowMonk local shared-package resolution + runtime projection routes
 - `a3ae6fe` FlowMonk queued-run projection preservation
 - `ff8c5eb` shared runtime queued-run state
+- `3963f63` Cowork Rust canonical audit event ID emission
+- `a57b367` cowork-service runtime projections now prefer canonical audit event IDs

 ## 7. Remaining Gaps

- Cowork now emits shared runtime projections from cowork-service, but Rust-side canonical event IDs are still missing on approval/audit records and `AgentTodo` still has no first-class product source.
+- Cowork now emits shared runtime projections from cowork-service, preserves Rust-side canonical event IDs on approval/audit records, and still lacks a first-class `AgentTodo` product source.
 - FlowMonk now emits direct runtime projections for planning sessions, tasks, runs, and action logs, but it still has no first-class approval checkpoint or todo primitive.
 - run-vs-session semantics for queued work now preserve `queued` directly in the shared runtime contract, but broader session/run lifecycle guidance still needs to be documented.

 ## 8. Explicit Blockers And Questions

- Question: should Cowork approval and audit records start emitting canonical event IDs from Rust so ActionTrail and runtime lineage can share the same identifiers?
+- Question: should Cowork eventually expose canonical event IDs directly on session/task IPC projections too, or is the audit/action surface enough for Phase 5?