Just finished a proof-of-concept that I think fits perfectly here. I built a simple OpenClaw agent that generates an in-toto attestation for every distinct action it takes—think file writes, API calls, code execution. The goal was to have a verifiable, non-repudiable chain of provenance for everything the agent does, not just at the start or end of a task.

The setup uses the in-toto attestation format (predicate type ` https://openclaw.security/predicates/agent-action/v1`) and signs each attestation with a Sigstore key. Each attestation bundles:
* The exact command or API request
* The artifact hashes (input and output)
* The agent's own identity and the step number in its workflow
* The "why" – the LLM reasoning snippet that led to that action

For example, if the agent is tasked with refactoring a code directory, I get a signed attestation for each file read, each file write, and each shell command run. This feels like a solid step beyond just logging.

I'm sharing this because I'm trying to solve a real CISO-level concern: how do you audit an autonomous agent's work when something goes wrong? Logs can be altered, but a chain of signed attestations gives you a forensic trail that's cryptographically sound. It also helps with compliance frameworks (NIST, etc.) that demand integrity and non-repudiation.

My next hurdle is performance overhead and managing the sheer volume of attestations in a production flow. I'd love to hear from others:
* How are you all thinking about agent audit trails?
* Has anyone else integrated in-toto or similar provenance frameworks with their agentic systems?
* Any war stories on balancing security granularity with agent speed?

YMMV, but I'm convinced this kind of verifiable step-by-step ledger is going to be non-optional for any serious enterprise deployment.