feat(audit): stamp SourceNode at CentralAuditWriter + persist via AuditLogRepository

CentralAuditWriter injects INodeIdentityProvider and stamps the event before
handing to the repository. AuditLogRepository.InsertIfNotExistsAsync now
includes SourceNode in the INSERT column list. Caller-provided value wins
(supports any future direct-write callsite that already has its own node id).

src/ScadaLink.AuditLog/Central/CentralAuditWriter.cs

@@ -43,6 +43,7 @@ public sealed class CentralAuditWriter : ICentralAuditWriter
     private readonly ILogger<CentralAuditWriter> _logger;
     private readonly IAuditPayloadFilter? _filter;
     private readonly ICentralAuditWriteFailureCounter _failureCounter;
+    private readonly INodeIdentityProvider? _nodeIdentity;
 
     /// <summary>
     /// Bundle C (M5-T6) — the central direct-write path used by the
@@ -56,18 +57,27 @@ public sealed class CentralAuditWriter : ICentralAuditWriter
     /// throw bumps the central health surface's
     /// <c>CentralAuditWriteFailures</c> counter. Defaults to a NoOp so test
     /// composition roots that don't wire the counter keep their current
-    /// behaviour.
+    /// behaviour. SourceNode-stamping (Task 12) — adds the optional
+    /// <see cref="INodeIdentityProvider"/> so central-origin rows (Notification
+    /// Outbox dispatch, Inbound API) carry the writing central node's
+    /// identifier when the caller hasn't already supplied one. Optional /
+    /// defaulting-to-null so M4 test composition roots that don't pass a
+    /// provider keep working — the caller-wins discipline means an absent
+    /// provider simply leaves SourceNode at whatever the caller set (often
+    /// null, which is the legacy behaviour).
     /// </summary>
     public CentralAuditWriter(
         IServiceProvider services,
         ILogger<CentralAuditWriter> logger,
         IAuditPayloadFilter? filter = null,
-        ICentralAuditWriteFailureCounter? failureCounter = null)
+        ICentralAuditWriteFailureCounter? failureCounter = null,
+        INodeIdentityProvider? nodeIdentity = null)
     {
         _services = services ?? throw new ArgumentNullException(nameof(services));
         _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         _filter = filter;
         _failureCounter = failureCounter ?? new NoOpCentralAuditWriteFailureCounter();
+        _nodeIdentity = nodeIdentity;
     }
 
     /// <summary>
@@ -93,6 +103,18 @@ public sealed class CentralAuditWriter : ICentralAuditWriter
             // M4 test composition roots (no filter passed) working unchanged.
             var filtered = _filter?.Apply(evt) ?? evt;
 
+            // SourceNode-stamping (Task 12): caller-provided value wins
+            // (supports any future direct-write callsite that already has its
+            // own node id); otherwise stamp from the local
+            // INodeIdentityProvider, when one is wired. Production DI on
+            // central nodes always supplies the provider; legacy test
+            // composition roots that don't pass it leave SourceNode at
+            // whatever the caller set (often null), preserving back-compat.
+            if (filtered.SourceNode is null && _nodeIdentity?.NodeName is { } nodeName)
+            {
+                filtered = filtered with { SourceNode = nodeName };
+            }
+
             await using var scope = _services.CreateAsyncScope();
             var repo = scope.ServiceProvider.GetRequiredService<IAuditLogRepository>();
             var stamped = filtered with { IngestedAtUtc = DateTime.UtcNow };