refactor: remove db.commit() from audit_service.log_action, all callers use UoW

backend/app/routers/evidence.py

@@ -28,6 +28,7 @@ from fastapi import APIRouter, Depends, File, Form, Query, UploadFile, status
 from sqlalchemy.orm import Session
 
 from app.database import get_db
+from app.domain.unit_of_work import UnitOfWork
 from app.dependencies.auth import get_current_user
 from app.models.enums import TeamSide
 from app.models.evidence import Evidence
@@ -107,35 +108,35 @@ async def upload_evidence(
     # 5. Upload to MinIO
     upload_file(content, key)
 
-    # 6. Persist metadata
-    evidence = Evidence(
-        test_id=test_id,
-        file_name=safe_name,
-        file_path=key,
-        sha256_hash=sha256,
-        uploaded_by=current_user.id,
-        team=team,
-        notes=notes,
-    )
-    db.add(evidence)
-    db.commit()
+    # 6. Persist metadata and audit
+    with UnitOfWork(db) as uow:
+        evidence = Evidence(
+            test_id=test_id,
+            file_name=safe_name,
+            file_path=key,
+            sha256_hash=sha256,
+            uploaded_by=current_user.id,
+            team=team,
+            notes=notes,
+        )
+        db.add(evidence)
+        db.flush()  # Get evidence.id for audit
+        log_action(
+            db,
+            user_id=current_user.id,
+            action="upload_evidence",
+            entity_type="evidence",
+            entity_id=evidence.id,
+            details={
+                "file_name": safe_name,
+                "sha256": sha256,
+                "test_id": str(test_id),
+                "team": team.value,
+            },
+        )
+        uow.commit()
     db.refresh(evidence)
 
-    # 7. Audit
-    log_action(
-        db,
-        user_id=current_user.id,
-        action="upload_evidence",
-        entity_type="evidence",
-        entity_id=evidence.id,
-        details={
-            "file_name": safe_name,
-            "sha256": sha256,
-            "test_id": str(test_id),
-            "team": team.value,
-        },
-    )
-
     return _evidence_to_out(evidence)
 
 
@@ -195,21 +196,20 @@ def delete_evidence(
     test = get_test_or_raise(db, evidence.test_id)
     validate_delete_permission(test, evidence, current_user.role, current_user.id)
 
-    # Audit before deletion
-    log_action(
-        db,
-        user_id=current_user.id,
-        action="delete_evidence",
-        entity_type="evidence",
-        entity_id=evidence.id,
-        details={
-            "file_name": evidence.file_name,
-            "test_id": str(evidence.test_id),
-            "team": evidence.team.value if evidence.team else None,
-        },
-    )
-
-    db.delete(evidence)
-    db.commit()
+    with UnitOfWork(db) as uow:
+        log_action(
+            db,
+            user_id=current_user.id,
+            action="delete_evidence",
+            entity_type="evidence",
+            entity_id=evidence.id,
+            details={
+                "file_name": evidence.file_name,
+                "test_id": str(evidence.test_id),
+                "team": evidence.team.value if evidence.team else None,
+            },
+        )
+        db.delete(evidence)
+        uow.commit()
 
     return {"detail": "Evidence deleted"}