feat: Activity History system — full audit coverage, UI, AI tools

Infrastructure (Phase 1): - AuditLog schema: add source, entityName, summary fields + index - createAuditEntry() helper: auto-diff, auto-summary, fire-and-forget - auditLog query router: list, getByEntity, getTimeline, getActivitySummary Audit Coverage (Phase 2 — 14 routers, 50+ mutations): - vacation: create, approve, reject, cancel, batch ops (8 mutations) - user: create, updateRole, setPermissions, resetPermissions (5 mutations) - entitlement: set, bulkSet (3 mutations) - client: create, update, delete, batchUpdateSortOrder - org-unit: create, update, deactivate - country: create, update, createCity, updateCity, deleteCity - management-level: createGroup, updateGroup, createLevel, updateLevel, deleteLevel - settings: updateSystemSettings (sensitive fields sanitized), testSmtp - blueprint: create, update, updateRolePresets, delete, batchDelete, setGlobal - rate-card: create, update, deactivate, addLine, updateLine, deleteLine, replaceLines - calculation-rules: create, update, delete - effort-rule: create, update, delete - experience-multiplier: create, update, delete - utilization-category: create, update Admin UI (Phase 3): - /admin/activity-log page with global searchable timeline - Filters: entity type, action, user, date range, text search - Expandable before/after diff view per entry - Summary cards showing top entity types by change count - EntityHistory reusable component for entity detail pages - Sidebar nav link with clock icon AI Assistant (Phase 4): - query_change_history tool: "Who changed project X?" - get_entity_timeline tool: "What happened to resource Y?" Regression: 283 engine + 37 staffing tests pass. TypeScript clean. Co-Authored-By: claude-flow <ruv@ruv.net>
2026-03-22 22:39:30 +01:00
parent 3d117708ff
commit 66878f18f4
25 changed files with 2255 additions and 156 deletions
@@ -3,6 +3,7 @@ import { TRPCError } from "@trpc/server";
 import { z } from "zod";
 import { findUniqueOrThrow } from "../db/helpers.js";
 import { adminProcedure, createTRPCRouter, protectedProcedure } from "../trpc.js";
+import { createAuditEntry } from "../lib/audit.js";

 export const blueprintRouter = createTRPCRouter({
  list: protectedProcedure
@@ -35,7 +36,7 @@ export const blueprintRouter = createTRPCRouter({
  create: adminProcedure
    .input(CreateBlueprintSchema)
    .mutation(async ({ ctx, input }) => {
-      return ctx.db.blueprint.create({
+      const blueprint = await ctx.db.blueprint.create({
        data: {
          name: input.name,
          target: input.target,
@@ -45,17 +46,30 @@ export const blueprintRouter = createTRPCRouter({
          validationRules: input.validationRules as unknown as import("@planarchy/db").Prisma.InputJsonValue,
        } as unknown as Parameters<typeof ctx.db.blueprint.create>[0]["data"],
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "Blueprint",
+        entityId: blueprint.id,
+        entityName: blueprint.name,
+        action: "CREATE",
+        userId: ctx.dbUser?.id,
+        after: { name: input.name, target: input.target, description: input.description },
+        source: "ui",
+      });
+
+      return blueprint;
    }),

  update: adminProcedure
    .input(z.object({ id: z.string(), data: UpdateBlueprintSchema }))
    .mutation(async ({ ctx, input }) => {
-      await findUniqueOrThrow(
+      const before = await findUniqueOrThrow(
        ctx.db.blueprint.findUnique({ where: { id: input.id } }),
        "Blueprint",
      );

-      return ctx.db.blueprint.update({
+      const updated = await ctx.db.blueprint.update({
        where: { id: input.id },
        data: {
          ...(input.data.name !== undefined ? { name: input.data.name } : {}),
@@ -65,30 +79,71 @@ export const blueprintRouter = createTRPCRouter({
          ...(input.data.validationRules !== undefined ? { validationRules: input.data.validationRules as unknown as import("@planarchy/db").Prisma.InputJsonValue } : {}),
        } as unknown as Parameters<typeof ctx.db.blueprint.update>[0]["data"],
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "Blueprint",
+        entityId: input.id,
+        entityName: updated.name,
+        action: "UPDATE",
+        userId: ctx.dbUser?.id,
+        before: before as unknown as Record<string, unknown>,
+        after: updated as unknown as Record<string, unknown>,
+        source: "ui",
+      });
+
+      return updated;
    }),

  /** Dedicated mutation for saving role presets — separate from field defs to avoid Zod depth issues */
  updateRolePresets: adminProcedure
    .input(z.object({ id: z.string(), rolePresets: z.array(z.unknown()) }))
    .mutation(async ({ ctx, input }) => {
-      await findUniqueOrThrow(
+      const before = await findUniqueOrThrow(
        ctx.db.blueprint.findUnique({ where: { id: input.id } }),
        "Blueprint",
      );
-      return ctx.db.blueprint.update({
+      const updated = await ctx.db.blueprint.update({
        where: { id: input.id },
        data: { rolePresets: input.rolePresets as unknown as import("@planarchy/db").Prisma.InputJsonValue },
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "Blueprint",
+        entityId: input.id,
+        entityName: updated.name,
+        action: "UPDATE",
+        userId: ctx.dbUser?.id,
+        before: { rolePresets: before.rolePresets },
+        after: { rolePresets: input.rolePresets },
+        source: "ui",
+        summary: "Updated role presets",
+      });
+
+      return updated;
    }),

  delete: adminProcedure
    .input(z.object({ id: z.string() }))
    .mutation(async ({ ctx, input }) => {
      // Soft delete — mark as inactive
-      return ctx.db.blueprint.update({
+      const deleted = await ctx.db.blueprint.update({
        where: { id: input.id },
        data: { isActive: false },
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "Blueprint",
+        entityId: input.id,
+        entityName: deleted.name,
+        action: "DELETE",
+        userId: ctx.dbUser?.id,
+        source: "ui",
+      });
+
+      return deleted;
    }),

  batchDelete: adminProcedure
@@ -100,6 +155,19 @@ export const blueprintRouter = createTRPCRouter({
          ctx.db.blueprint.update({ where: { id }, data: { isActive: false } }),
        ),
      );
+
+      for (const bp of updated) {
+        void createAuditEntry({
+          db: ctx.db,
+          entityType: "Blueprint",
+          entityId: bp.id,
+          entityName: bp.name,
+          action: "DELETE",
+          userId: ctx.dbUser?.id,
+          source: "ui",
+        });
+      }
+
      return { count: updated.length };
    }),

@@ -122,9 +190,23 @@ export const blueprintRouter = createTRPCRouter({
  setGlobal: adminProcedure
    .input(z.object({ id: z.string(), isGlobal: z.boolean() }))
    .mutation(async ({ ctx, input }) => {
-      return ctx.db.blueprint.update({
+      const updated = await ctx.db.blueprint.update({
        where: { id: input.id },
        data: { isGlobal: input.isGlobal },
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "Blueprint",
+        entityId: input.id,
+        entityName: updated.name,
+        action: "UPDATE",
+        userId: ctx.dbUser?.id,
+        after: { isGlobal: input.isGlobal },
+        source: "ui",
+        summary: input.isGlobal ? "Set blueprint as global" : "Removed global flag from blueprint",
+      });
+
+      return updated;
    }),
 });