[P2] Intent attribution — link declared intent to attested outcomes across the audit chain

[se-jo-ma]

Problem

Every request records its intent (AuditEntry.raw_intent + AuditEntry.intent_analysis, nautilus/core/models.py:194-195), but intent is only captured, never attributed. There is no way to:

• Trace cumulative exposure back to the intents that produced it ("which declared purposes touched source X this week?").
• Carry origin intent across agent handoffs — a receiving agent's requests are attributed to its own intent, severing the chain from the originating purpose (interacts with [P0] Session provenance tokens (JWT issuance + verification) #18 provenance tokens and the cross-agent flow tracking in [P2] EPIC: Cross-agent tracking + blackboard architecture (v2) #37).
• Verify declared vs. actual use — intent claims are not part of the signed attestation payload, so an agent's stated purpose is auditable but not attestable.

Why it matters

Intent is the policy input (routing/denial rules key on purpose), but accountability currently stops at the per-request audit row. Compliance questions ("show all access justified by purpose=incident-response") require joining intent to exposure and to downstream handoffs — none of which is queryable or signed today.

Proposed scope

1. Include an intent claim (purpose + intent hash) in the signed attestation token / chained audit entries, so declared intent is tamper-evident.
2. Propagate originating intent through handoff provenance ([P0] Session provenance tokens (JWT issuance + verification) #18) so cross-agent flows retain attribution.
3. Aggregation surface: per-intent exposure rollup, queryable via the audit REST API ([P1] Public REST API for audit queries #32).

Code locations

• nautilus/core/models.py:177-195 — AuditEntry.raw_intent / intent_analysis
• nautilus/core/models.py:17-40 — IntentAnalysis
• nautilus/core/broker.py — attestation claim assembly (AC-19)
• nautilus/core/attestation_sink.py — chained audit entries

Prerequisites

• [P0] Session provenance tokens (JWT issuance + verification) #18 (session provenance tokens)
• Interacts with [P1] Adapter intent/context plumbing — all 8 adapters discard parameters #29 (adapters consuming intent) and [P2] EPIC: Cross-agent tracking + blackboard architecture (v2) #37 (cross-agent tracking)

Priority

P2 — v2 accountability work; builds on shipped chained attestation log.