Summary

PR #2293 added claim_source: Option<ClaimSource> and error_domain: Option<ErrorDomain> to both ToolOutput and AuditEntry. Executors correctly set claim_source on ToolOutput (e.g. ClaimSource::Shell in shell/mod.rs:253), but every AuditEntry construction hardcodes both fields as None.

Evidence

In crates/zeph-tools/src/shell/mod.rs:529–541:

let entry = AuditEntry {
    // ...
    error_domain: None,   // hardcoded — never Shell
    claim_source: None,   // hardcoded — never ClaimSource::Shell
};

The ToolOutput returned by the same executor sets:

claim_source: Some(ClaimSource::Shell),  // shell/mod.rs:253

Same pattern confirmed in scrape.rs, audit.rs test helpers — all 7 AuditEntry construction sites hardcode None for both fields.

Impact

• Audit log (.local/testing/data/audit-test.jsonl) always shows null for claim_source and error_domain — the provenance tracking and recovery-strategy fields introduced in feat(tools): ClaimSource provenance, ErrorDomain recovery, MCP tool pruning #2293 are completely absent from the audit trail
• AuditEntry.claim_source and AuditEntry.error_domain fields exist in the struct but carry no information

Fix

In each executor's log_audit() method, set claim_source to the appropriate variant. For shell: claim_source: Some(ClaimSource::Shell). For scrape: claim_source: Some(ClaimSource::WebScrape). When a ToolError is available, derive error_domain from error_category via ErrorDomain::from_category().

Alternatively, pass the constructed ToolOutput into the audit function and read claim_source from it, avoiding duplication.

Steps to reproduce

1. Run agent with tool_audit = true in config
2. Execute any bash/file/scrape tool
3. Check .local/testing/data/audit-test.jsonl — claim_source and error_domain are always null