fix(api): wrap audit log writes inside their parent transactions

Prevents mutations from committing without an audit trail if the
auditLog.create call fails after the main write already succeeded.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

packages/api/src/router/project-lifecycle.ts

@@ -123,19 +123,23 @@ export function createProjectLifecycleProcedures(
       )
       .mutation(async ({ ctx, input }) => {
         requirePermission(ctx, PermissionKey.MANAGE_PROJECTS);
-        const updated = await ctx.db.$transaction(
-          input.ids.map((id) =>
-            ctx.db.project.update({ where: { id }, data: { status: input.status } }),
-          ),
-        );
+        const updated = await ctx.db.$transaction(async (tx) => {
+          const results = await Promise.all(
+            input.ids.map((id) =>
+              tx.project.update({ where: { id }, data: { status: input.status } }),
+            ),
+          );
 
-        await ctx.db.auditLog.create({
-          data: {
-            entityType: "Project",
-            entityId: input.ids.join(","),
-            action: "UPDATE",
-            changes: { after: { status: input.status, ids: input.ids } },
-          },
+          await tx.auditLog.create({
+            data: {
+              entityType: "Project",
+              entityId: input.ids.join(","),
+              action: "UPDATE",
+              changes: { after: { status: input.status, ids: input.ids } },
+            },
+          });
+
+          return results;
         });
 
         dependencies.invalidateDashboardCacheInBackground();