portal/app/app/Models/SaasAdminAuditLog.php

<?php

declare(strict_types=1);

namespace App\Models;

use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Carbon;

/**
 * Append-only audit-лог действий SaaS-админов (schema v8.7 §10 / table
 * saas_admin_audit_log). Hash-chain trigger BEFORE INSERT заполняет log_hash
 * автоматически (OPEN-И-15 tamper-detection).
 *
 * Без RLS — таблица доступна только из crm_admin_user (BYPASSRLS) +
 * crm_audit_writer (INSERT-only).
 *
 * @property int $id
 * @property int $admin_user_id
 * @property string $action
 * @property string|null $target_type
 * @property int|null $target_id
 * @property int|null $target_tenant_id
 * @property array<string,mixed>|null $payload_before
 * @property array<string,mixed>|null $payload_after
 * @property string|null $reason
 * @property string $ip_address
 * @property string|null $user_agent
 * @property bool $requires_approval
 * @property int|null $approved_by
 * @property Carbon|null $approved_at
 * @property Carbon $created_at
 *
 * @mixin IdeHelperSaasAdminAuditLog
 */
class SaasAdminAuditLog extends Model
{
    protected $table = 'saas_admin_audit_log';

    /** Append-only — без updated_at. */
    public const UPDATED_AT = null;

    protected $fillable = [
        'admin_user_id',
        'action',
        'target_type',
        'target_id',
        'target_tenant_id',
        'payload_before',
        'payload_after',
        'reason',
        'ip_address',
        'user_agent',
        'requires_approval',
        'approved_by',
        'approved_at',
    ];

    protected function casts(): array
    {
        return [
            'payload_before' => 'array',
            'payload_after' => 'array',
            'requires_approval' => 'boolean',
            'approved_at' => 'datetime',
            'created_at' => 'datetime',
        ];
    }
}