"""
Append-only audit log writer.
"""
from __future__ import annotations
import uuid
from datetime import datetime, timezone
from typing import TYPE_CHECKING, Any

if TYPE_CHECKING:
    from sqlalchemy.ext.asyncio import AsyncSession


async def write_audit(
    db: "AsyncSession",
    *,
    user_id: uuid.UUID | None,
    action: str,
    resource_type: str | None = None,
    resource_id: uuid.UUID | None = None,
    ip_address: str | None = None,
    user_agent: str | None = None,
    metadata: dict[str, Any] | None = None,
    success: bool = True,
) -> None:
    from app.db.models.audit_log import AuditLog
    log = AuditLog(
        user_id=user_id,
        action=action,
        resource_type=resource_type,
        resource_id=resource_id,
        ip_address=ip_address,
        user_agent=user_agent,
        meta=metadata or {},
        success=success,
        created_at=datetime.now(timezone.utc),
    )
    db.add(log)
    # Note: caller is responsible for committing