feat: real audit_log with redaction + pending_changes; replace stub

lib/db/migrations/006_audit.sql

@@ -0,0 +1,30 @@
+CREATE TABLE audit_log (
+  id          bigserial PRIMARY KEY,
+  actor_kind  text NOT NULL CHECK (actor_kind IN ('user','agent','cron','worker','system')),
+  actor_id    uuid,
+  entity_type text NOT NULL,
+  entity_id   uuid,
+  action      text NOT NULL CHECK (action IN ('create','update','delete','suggest','approve','reject')),
+  diff        jsonb,
+  occurred_at timestamptz NOT NULL DEFAULT now()
+);
+
+CREATE TABLE pending_changes (
+  id          uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  agent_id    uuid NOT NULL REFERENCES agents(id) ON DELETE CASCADE,
+  entity_type text NOT NULL,
+  entity_id   uuid,
+  action      text NOT NULL CHECK (action IN ('create','update','delete')),
+  payload     jsonb NOT NULL,
+  reason      text,
+  status      text NOT NULL DEFAULT 'pending'
+              CHECK (status IN ('pending','approved','rejected')),
+  resolved_at timestamptz,
+  resolved_by text,
+  created_at  timestamptz NOT NULL DEFAULT now()
+);
+
+CREATE INDEX idx_audit_entity ON audit_log(entity_type, entity_id, occurred_at);
+CREATE INDEX idx_audit_actor ON audit_log(actor_kind, actor_id, occurred_at);
+CREATE INDEX idx_pending_status ON pending_changes(status, created_at)
+  WHERE status='pending';