feat(audit): admin audit log (Notification P3)
Append-only who/what/when trail for admin actions + scheduler run summaries,
generalizing QuotaEvent. Logged at ACTION / run-summary granularity — never
per-row (a scheduler run touching thousands of videos is ONE row).
Backend:
- migration 0054_audit_log + AuditLog model (actor_id FK SET NULL, action,
target_type/id, summary, before/after JSON, created_at).
- app/audit.py: AuditAction constants (single source of truth, i18n'd on the
client) + record() (adds to the caller's txn) + gc(retention_days).
- producers wired: role change / suspend / delete / invite approve-deny-add /
demo add-remove-reset / discovery purge (admin.py); config set/reset — secret
VALUES never logged, key only (config.py); scheduler interval + maintenance
tune (scheduler routes); sync pause/resume (sync.py); and the scheduler _job()
choke point writes ONE run-summary row per run — manual runs + errors always,
automatic runs only when they changed something (no no-op-poll spam).
- retention: audit_gc scheduler job prunes rows older than audit_retention_days
(sysconfig, default 180; 0 = keep forever).
- admin API routes/audit.py (/api/admin/audit): recent-window list (actor emails
resolved, System for background) + clear (leaves one tamper-evidence row).
Frontend:
- new admin-only "Audit log" nav page (ScrollText) using the shared DataTable
(first admin page to reuse it) — sort/filter/paginate/persist, action select
filter, actor text filter, before→after detail, Clear-all with confirm.
- AuditLog.tsx + auditColumns.tsx + api.adminAudit/clearAudit + AuditRow type.
- trilingual audit + auditActions namespaces (HU/EN/DE) + nav + config-group +
scheduler job labels; Audit config group (retention days).