feat: Activity History system — full audit coverage, UI, AI tools

Infrastructure (Phase 1):
- AuditLog schema: add source, entityName, summary fields + index
- createAuditEntry() helper: auto-diff, auto-summary, fire-and-forget
- auditLog query router: list, getByEntity, getTimeline, getActivitySummary

Audit Coverage (Phase 2 — 14 routers, 50+ mutations):
- vacation: create, approve, reject, cancel, batch ops (8 mutations)
- user: create, updateRole, setPermissions, resetPermissions (5 mutations)
- entitlement: set, bulkSet (3 mutations)
- client: create, update, delete, batchUpdateSortOrder
- org-unit: create, update, deactivate
- country: create, update, createCity, updateCity, deleteCity
- management-level: createGroup, updateGroup, createLevel, updateLevel, deleteLevel
- settings: updateSystemSettings (sensitive fields sanitized), testSmtp
- blueprint: create, update, updateRolePresets, delete, batchDelete, setGlobal
- rate-card: create, update, deactivate, addLine, updateLine, deleteLine, replaceLines
- calculation-rules: create, update, delete
- effort-rule: create, update, delete
- experience-multiplier: create, update, delete
- utilization-category: create, update

Admin UI (Phase 3):
- /admin/activity-log page with global searchable timeline
- Filters: entity type, action, user, date range, text search
- Expandable before/after diff view per entry
- Summary cards showing top entity types by change count
- EntityHistory reusable component for entity detail pages
- Sidebar nav link with clock icon

AI Assistant (Phase 4):
- query_change_history tool: "Who changed project X?"
- get_entity_timeline tool: "What happened to resource Y?"

Regression: 283 engine + 37 staffing tests pass. TypeScript clean.

Co-Authored-By: claude-flow <ruv@ruv.net>

packages/api/src/router/calculation-rules.ts

@@ -6,6 +6,7 @@ import { z } from "zod";
 import { findUniqueOrThrow } from "../db/helpers.js";
 import { PROJECT_BRIEF_SELECT } from "../db/selects.js";
 import { createTRPCRouter, controllerProcedure, managerProcedure } from "../trpc.js";
+import { createAuditEntry } from "../lib/audit.js";
 
 export const calculationRuleRouter = createTRPCRouter({
   list: controllerProcedure.query(async ({ ctx }) => {
@@ -38,7 +39,7 @@ export const calculationRuleRouter = createTRPCRouter({
   create: managerProcedure
     .input(CreateCalculationRuleSchema)
     .mutation(async ({ ctx, input }) => {
-      return ctx.db.calculationRule.create({
+      const rule = await ctx.db.calculationRule.create({
         data: {
           name: input.name,
           triggerType: input.triggerType,
@@ -52,13 +53,26 @@ export const calculationRuleRouter = createTRPCRouter({
           isActive: input.isActive,
         },
       });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "CalculationRule",
+        entityId: rule.id,
+        entityName: rule.name,
+        action: "CREATE",
+        userId: ctx.dbUser?.id,
+        after: rule as unknown as Record<string, unknown>,
+        source: "ui",
+      });
+
+      return rule;
     }),
 
   update: managerProcedure
     .input(UpdateCalculationRuleSchema)
     .mutation(async ({ ctx, input }) => {
       const { id, ...data } = input;
-      await findUniqueOrThrow(
+      const before = await findUniqueOrThrow(
         ctx.db.calculationRule.findUnique({ where: { id } }),
         "CalculationRule",
       );
@@ -76,20 +90,46 @@ export const calculationRuleRouter = createTRPCRouter({
       if (data.priority !== undefined) updateData.priority = data.priority;
       if (data.isActive !== undefined) updateData.isActive = data.isActive;
 
-      return ctx.db.calculationRule.update({
+      const updated = await ctx.db.calculationRule.update({
         where: { id },
         data: updateData,
       });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "CalculationRule",
+        entityId: id,
+        entityName: updated.name,
+        action: "UPDATE",
+        userId: ctx.dbUser?.id,
+        before: before as unknown as Record<string, unknown>,
+        after: updated as unknown as Record<string, unknown>,
+        source: "ui",
+      });
+
+      return updated;
     }),
 
   delete: managerProcedure
     .input(z.object({ id: z.string() }))
     .mutation(async ({ ctx, input }) => {
-      await findUniqueOrThrow(
+      const rule = await findUniqueOrThrow(
         ctx.db.calculationRule.findUnique({ where: { id: input.id } }),
         "CalculationRule",
       );
       await ctx.db.calculationRule.delete({ where: { id: input.id } });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "CalculationRule",
+        entityId: input.id,
+        entityName: rule.name,
+        action: "DELETE",
+        userId: ctx.dbUser?.id,
+        before: rule as unknown as Record<string, unknown>,
+        source: "ui",
+      });
+
       return { success: true };
     }),
 });