feat: implement audit trail alignment (soft delete & permission audit)

- Task Soft Delete:
  - Add is_deleted, deleted_at, deleted_by fields to Task model
  - Convert DELETE to soft delete with cascade to subtasks
  - Add include_deleted query param (admin only)
  - Add POST /api/tasks/{id}/restore endpoint
  - Exclude deleted tasks from subtask_count

- Permission Change Audit:
  - Add user.role_change event (high sensitivity)
  - Add user.admin_change event (critical, triggers alert)
  - Add PATCH /api/users/{id}/admin endpoint
  - Add role.permission_change event type

- Append-Only Enforcement:
  - Add DB triggers for audit_logs immutability (manual for production)
  - Migration 008 with graceful trigger failure handling

- Tests: 11 new soft delete tests (153 total passing)
- OpenSpec: fix-audit-trail archived, fix-realtime-notifications & fix-weekly-report proposals added

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

openspec/changes/fix-weekly-report/proposal.md

@@ -0,0 +1,37 @@
+# Change: Fix Weekly Report Content Alignment
+
+## Why
+現行 ReportService.get_weekly_stats 與 automation spec 的週報內容要求有差距：
+1. 任務清單僅顯示 5 筆摘要，spec 要求完整清單
+2. 未包含阻礙中任務清單 (blocker_flag = true)
+3. 未包含下週預計完成任務 (due_date 在下週)
+
+## What Changes
+- **ReportService** - 擴充 get_weekly_stats 回傳完整任務明細
+- **Report Content** - 新增 blocked_tasks 與 next_week_tasks 欄位
+- **ReportHistory** - content JSON 結構擴充
+
+## Impact
+- Affected specs: `automation`
+- Affected code:
+  - `backend/app/services/report_service.py` - 擴充週報內容
+  - `frontend/src/components/WeeklyReportPreview.tsx` - 顯示完整清單
+
+## Implementation Phases
+
+### Phase 1: Backend Report Enhancement
+- 擴充 get_weekly_stats 回傳完整任務清單
+- 新增 blocked_tasks 欄位
+- 新增 next_week_tasks 欄位
+
+### Phase 2: Frontend Display
+- 更新 WeeklyReportPreview 顯示完整清單
+- 可摺疊/展開的任務分類區塊
+
+## Dependencies
+- automation (已完成)
+- collaboration (blocker 功能)
+
+## Technical Decisions
+- 任務清單不設上限，由前端分頁或摺疊處理
+- 下週預計任務以 due_date 在下週一至週日為準