kin: KIN-021 Аудит-лог для --dangerously-skip-permissions в auto mode

2026-03-16 07:13:32 +02:00 · 2026-03-16 07:13:32 +02:00 · a0b0976d8d
commit a0b0976d8d
parent 67071c757d
16 changed files with 1477 additions and 14 deletions
--- a/core/db.py
+++ b/core/db.py
@ -42,6 +42,8 @@ CREATE TABLE IF NOT EXISTS tasks (
    forgejo_issue_id INTEGER,
    execution_mode TEXT,
    blocked_reason TEXT,
+    dangerously_skipped BOOLEAN DEFAULT 0,
+    revise_comment TEXT,
    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
    updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
 );
@ -135,6 +137,20 @@ CREATE TABLE IF NOT EXISTS hook_logs (
    created_at TEXT DEFAULT (datetime('now'))
 );

+-- Аудит-лог опасных операций (dangerously-skip-permissions)
+CREATE TABLE IF NOT EXISTS audit_log (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,
+    task_id TEXT REFERENCES tasks(id),
+    step_id TEXT,
+    event_type TEXT NOT NULL DEFAULT 'dangerous_skip',
+    reason TEXT,
+    project_id TEXT REFERENCES projects(id)
+);
+
+CREATE INDEX IF NOT EXISTS idx_audit_log_task ON audit_log(task_id);
+CREATE INDEX IF NOT EXISTS idx_audit_log_event ON audit_log(event_type, timestamp);
+
 -- Кросс-проектные зависимости
 CREATE TABLE IF NOT EXISTS project_links (
    id INTEGER PRIMARY KEY AUTOINCREMENT,
@ -220,6 +236,38 @@ def _migrate(conn: sqlite3.Connection):
        conn.execute("ALTER TABLE projects ADD COLUMN autocommit_enabled INTEGER DEFAULT 0")
        conn.commit()

+    if "dangerously_skipped" not in task_cols:
+        conn.execute("ALTER TABLE tasks ADD COLUMN dangerously_skipped BOOLEAN DEFAULT 0")
+        conn.commit()
+
+    if "revise_comment" not in task_cols:
+        conn.execute("ALTER TABLE tasks ADD COLUMN revise_comment TEXT")
+        conn.commit()
+
+    if "obsidian_vault_path" not in proj_cols:
+        conn.execute("ALTER TABLE projects ADD COLUMN obsidian_vault_path TEXT")
+        conn.commit()
+
+    # Migrate audit_log table (KIN-021)
+    existing_tables = {r[0] for r in conn.execute(
+        "SELECT name FROM sqlite_master WHERE type='table'"
+    ).fetchall()}
+    if "audit_log" not in existing_tables:
+        conn.executescript("""
+            CREATE TABLE IF NOT EXISTS audit_log (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,
+                task_id TEXT REFERENCES tasks(id),
+                step_id TEXT,
+                event_type TEXT NOT NULL DEFAULT 'dangerous_skip',
+                reason TEXT,
+                project_id TEXT REFERENCES projects(id)
+            );
+            CREATE INDEX IF NOT EXISTS idx_audit_log_task ON audit_log(task_id);
+            CREATE INDEX IF NOT EXISTS idx_audit_log_event ON audit_log(event_type, timestamp);
+        """)
+        conn.commit()
+
    # Rename legacy 'auto' → 'auto_complete' (KIN-063)
    conn.execute(
        "UPDATE projects SET execution_mode = 'auto_complete' WHERE execution_mode = 'auto'"