kin: KIN-021 Аудит-лог для --dangerously-skip-permissions в auto mode

core/models.py

@@ -477,6 +477,58 @@ def list_tickets(
     return _rows_to_list(conn.execute(query, params).fetchall())
 
 
+# ---------------------------------------------------------------------------
+# Audit Log
+# ---------------------------------------------------------------------------
+
+def log_audit_event(
+    conn: sqlite3.Connection,
+    event_type: str,
+    task_id: str | None = None,
+    step_id: str | None = None,
+    reason: str | None = None,
+    project_id: str | None = None,
+) -> dict:
+    """Log a security-sensitive event to audit_log.
+
+    event_type='dangerous_skip' is used when --dangerously-skip-permissions is invoked.
+    """
+    cur = conn.execute(
+        """INSERT INTO audit_log (event_type, task_id, step_id, reason, project_id)
+           VALUES (?, ?, ?, ?, ?)""",
+        (event_type, task_id, step_id, reason, project_id),
+    )
+    conn.commit()
+    row = conn.execute(
+        "SELECT * FROM audit_log WHERE id = ?", (cur.lastrowid,)
+    ).fetchone()
+    return _row_to_dict(row)
+
+
+def get_audit_log(
+    conn: sqlite3.Connection,
+    task_id: str | None = None,
+    project_id: str | None = None,
+    event_type: str | None = None,
+    limit: int = 100,
+) -> list[dict]:
+    """Query audit log entries with optional filters."""
+    query = "SELECT * FROM audit_log WHERE 1=1"
+    params: list = []
+    if task_id:
+        query += " AND task_id = ?"
+        params.append(task_id)
+    if project_id:
+        query += " AND project_id = ?"
+        params.append(project_id)
+    if event_type:
+        query += " AND event_type = ?"
+        params.append(event_type)
+    query += " ORDER BY timestamp DESC LIMIT ?"
+    params.append(limit)
+    return _rows_to_list(conn.execute(query, params).fetchall())
+
+
 # ---------------------------------------------------------------------------
 # Statistics / Dashboard
 # ---------------------------------------------------------------------------