Phase 4: API Endpoint

- Add RandomNumberOutcomeResponse schema to schemas.py
- Add GET /api/audit/random-jobs endpoint to routes/audit.py
- Returns list of outcomes (newest first, no pagination)
- Requires VIEW_AUDIT permission
- Add tests: admin can access, regular user forbidden, unauthenticated 401

backend/routes/audit.py

@@ -10,11 +10,12 @@ from sqlalchemy.ext.asyncio import AsyncSession
 
 from auth import require_permission
 from database import get_db
-from models import CounterRecord, Permission, SumRecord, User
+from models import CounterRecord, Permission, RandomNumberOutcome, SumRecord, User
 from schemas import (
     CounterRecordResponse,
     PaginatedCounterRecords,
     PaginatedSumRecords,
+    RandomNumberOutcomeResponse,
     SumRecordResponse,
 )
 
@@ -115,3 +116,28 @@ async def get_sum_records(
         per_page=per_page,
         total_pages=total_pages,
     )
+
+
+@router.get("/random-jobs", response_model=list[RandomNumberOutcomeResponse])
+async def get_random_job_outcomes(
+    db: AsyncSession = Depends(get_db),
+    _current_user: User = Depends(require_permission(Permission.VIEW_AUDIT)),
+) -> list[RandomNumberOutcomeResponse]:
+    """Get all random number job outcomes, newest first."""
+    query = select(RandomNumberOutcome).order_by(desc(RandomNumberOutcome.created_at))
+    result = await db.execute(query)
+    outcomes = result.scalars().all()
+
+    return [
+        RandomNumberOutcomeResponse(
+            id=outcome.id,
+            job_id=outcome.job_id,
+            triggered_by_user_id=outcome.triggered_by_user_id,
+            triggered_by_email=outcome.triggered_by.email,
+            value=outcome.value,
+            duration_ms=outcome.duration_ms,
+            status=outcome.status,
+            created_at=outcome.created_at,
+        )
+        for outcome in outcomes
+    ]