feat: Activity History system — full audit coverage, UI, AI tools

Infrastructure (Phase 1):
- AuditLog schema: add source, entityName, summary fields + index
- createAuditEntry() helper: auto-diff, auto-summary, fire-and-forget
- auditLog query router: list, getByEntity, getTimeline, getActivitySummary

Audit Coverage (Phase 2 — 14 routers, 50+ mutations):
- vacation: create, approve, reject, cancel, batch ops (8 mutations)
- user: create, updateRole, setPermissions, resetPermissions (5 mutations)
- entitlement: set, bulkSet (3 mutations)
- client: create, update, delete, batchUpdateSortOrder
- org-unit: create, update, deactivate
- country: create, update, createCity, updateCity, deleteCity
- management-level: createGroup, updateGroup, createLevel, updateLevel, deleteLevel
- settings: updateSystemSettings (sensitive fields sanitized), testSmtp
- blueprint: create, update, updateRolePresets, delete, batchDelete, setGlobal
- rate-card: create, update, deactivate, addLine, updateLine, deleteLine, replaceLines
- calculation-rules: create, update, delete
- effort-rule: create, update, delete
- experience-multiplier: create, update, delete
- utilization-category: create, update

Admin UI (Phase 3):
- /admin/activity-log page with global searchable timeline
- Filters: entity type, action, user, date range, text search
- Expandable before/after diff view per entry
- Summary cards showing top entity types by change count
- EntityHistory reusable component for entity detail pages
- Sidebar nav link with clock icon

AI Assistant (Phase 4):
- query_change_history tool: "Who changed project X?"
- get_entity_timeline tool: "What happened to resource Y?"

Regression: 283 engine + 37 staffing tests pass. TypeScript clean.

Co-Authored-By: claude-flow <ruv@ruv.net>

packages/api/src/router/effort-rule.ts

@@ -13,6 +13,7 @@ import { TRPCError } from "@trpc/server";
 import { z } from "zod";
 import { findUniqueOrThrow } from "../db/helpers.js";
 import { createTRPCRouter, controllerProcedure, managerProcedure } from "../trpc.js";
+import { createAuditEntry } from "../lib/audit.js";
 
 const ruleInclude = {
   rules: { orderBy: { sortOrder: "asc" as const } },
@@ -50,7 +51,7 @@ export const effortRuleRouter = createTRPCRouter({
         });
       }
 
-      return ctx.db.effortRuleSet.create({
+      const ruleSet = await ctx.db.effortRuleSet.create({
         data: {
           name: input.name,
           ...(input.description ? { description: input.description } : {}),
@@ -69,13 +70,26 @@ export const effortRuleRouter = createTRPCRouter({
         },
         include: ruleInclude,
       });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "EffortRuleSet",
+        entityId: ruleSet.id,
+        entityName: ruleSet.name,
+        action: "CREATE",
+        userId: ctx.dbUser?.id,
+        after: { name: input.name, isDefault: input.isDefault, ruleCount: input.rules.length },
+        source: "ui",
+      });
+
+      return ruleSet;
     }),
 
   update: managerProcedure
     .input(UpdateEffortRuleSetSchema)
     .mutation(async ({ ctx, input }) => {
-      await findUniqueOrThrow(
-        ctx.db.effortRuleSet.findUnique({ where: { id: input.id } }),
+      const before = await findUniqueOrThrow(
+        ctx.db.effortRuleSet.findUnique({ where: { id: input.id }, include: ruleInclude }),
         "Effort rule set",
       );
 
@@ -104,7 +118,7 @@ export const effortRuleRouter = createTRPCRouter({
         });
       }
 
-      return ctx.db.effortRuleSet.update({
+      const updated = await ctx.db.effortRuleSet.update({
         where: { id: input.id },
         data: {
           ...(input.name !== undefined ? { name: input.name } : {}),
@@ -113,16 +127,41 @@ export const effortRuleRouter = createTRPCRouter({
         },
         include: ruleInclude,
       });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "EffortRuleSet",
+        entityId: input.id,
+        entityName: updated.name,
+        action: "UPDATE",
+        userId: ctx.dbUser?.id,
+        before: { name: before.name, isDefault: before.isDefault, ruleCount: before.rules.length },
+        after: { name: updated.name, isDefault: updated.isDefault, ruleCount: updated.rules.length },
+        source: "ui",
+      });
+
+      return updated;
     }),
 
   delete: managerProcedure
     .input(z.object({ id: z.string() }))
     .mutation(async ({ ctx, input }) => {
-      await findUniqueOrThrow(
+      const ruleSet = await findUniqueOrThrow(
         ctx.db.effortRuleSet.findUnique({ where: { id: input.id } }),
         "Effort rule set",
       );
       await ctx.db.effortRuleSet.delete({ where: { id: input.id } });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "EffortRuleSet",
+        entityId: input.id,
+        entityName: ruleSet.name,
+        action: "DELETE",
+        userId: ctx.dbUser?.id,
+        source: "ui",
+      });
+
       return { id: input.id };
     }),