fix file handle leak in append_audit_event, assert no audit event on error path

Author: sujalgoel

src/ghdcbot/adapters/storage/sqlite.py

@@ -663,7 +663,8 @@ def append_audit_event(self, event: dict) -> None:
         if "timestamp" not in payload:
             payload["timestamp"] = datetime.now(timezone.utc).isoformat()
         line = json.dumps(payload, separators=(",", ":")) + "\n"
-        path.open("a", encoding="utf-8").write(line)
+        with path.open("a", encoding="utf-8") as f:
+            f.write(line)
 
     def list_audit_events(self) -> list[dict]:
         """Read-only: return all audit events from audit_events.jsonl.

tests/test_snapshots.py

@@ -342,3 +342,6 @@ def test_write_snapshots_handles_errors() -> None:
 
     # Should not have written files due to error
     assert len(github_writer.files_written) == 0
+
+    # Should not have recorded an audit event on error path
+    assert len(storage.audit_events) == 0