Implement Sovereign Audit Trail for agent actions

tasks.py

@@ -1568,6 +1568,24 @@ def heartbeat_tick():
 
     return tick_record
 
+def audit_log(agent, action, repo, issue_number, details=None):
+    """Log agent actions to a central sovereign audit trail."""
+    audit_file = TIMMY_HOME / "logs" / "audit.jsonl"
+    audit_file.parent.mkdir(parents=True, exist_ok=True)
+    
+    record = {
+        "timestamp": datetime.now(timezone.utc).isoformat(),
+        "agent": agent,
+        "action": action,
+        "repo": repo,
+        "issue": issue_number,
+        "details": details or {}
+    }
+    
+    with open(audit_file, "a") as f:
+        f.write(json.dumps(record) + "\n")
+
+
 
 # ── NEW 5: Memory Compress (Morning Briefing) ───────────────────────
 
@@ -1922,6 +1940,7 @@ def _run_agent(agent_name, repo, issue):
             f.write(f"[{datetime.now().strftime('%Y-%m-%d %H:%M:%S')}] {msg}\n")
 
     log(f"=== Starting #{issue.number}: {issue.title} ===")
+    audit_log(agent_name, "start_work", repo, issue.number, {"title": issue.title})
 
     # Comment that we're working on it
     g = GiteaClient(token=token)
@@ -2026,6 +2045,7 @@ def _run_agent(agent_name, repo, issue):
             body=f"Closes #{issue.number}\n\nGenerated by `{agent_name}` via Huey worker.",
         )
         log(f"PR #{pr.number} created")
+        audit_log(agent_name, "pr_created", repo, issue.number, {"pr": pr.number})
         return {"status": "pr_created", "pr": pr.number}
     except Exception as e:
         log(f"PR creation failed: {e}")