feat: Activity History system — full audit coverage, UI, AI tools

Infrastructure (Phase 1): - AuditLog schema: add source, entityName, summary fields + index - createAuditEntry() helper: auto-diff, auto-summary, fire-and-forget - auditLog query router: list, getByEntity, getTimeline, getActivitySummary Audit Coverage (Phase 2 — 14 routers, 50+ mutations): - vacation: create, approve, reject, cancel, batch ops (8 mutations) - user: create, updateRole, setPermissions, resetPermissions (5 mutations) - entitlement: set, bulkSet (3 mutations) - client: create, update, delete, batchUpdateSortOrder - org-unit: create, update, deactivate - country: create, update, createCity, updateCity, deleteCity - management-level: createGroup, updateGroup, createLevel, updateLevel, deleteLevel - settings: updateSystemSettings (sensitive fields sanitized), testSmtp - blueprint: create, update, updateRolePresets, delete, batchDelete, setGlobal - rate-card: create, update, deactivate, addLine, updateLine, deleteLine, replaceLines - calculation-rules: create, update, delete - effort-rule: create, update, delete - experience-multiplier: create, update, delete - utilization-category: create, update Admin UI (Phase 3): - /admin/activity-log page with global searchable timeline - Filters: entity type, action, user, date range, text search - Expandable before/after diff view per entry - Summary cards showing top entity types by change count - EntityHistory reusable component for entity detail pages - Sidebar nav link with clock icon AI Assistant (Phase 4): - query_change_history tool: "Who changed project X?" - get_entity_timeline tool: "What happened to resource Y?" Regression: 283 engine + 37 staffing tests pass. TypeScript clean. Co-Authored-By: claude-flow <ruv@ruv.net>
2026-03-22 22:39:30 +01:00
parent 3d117708ff
commit 66878f18f4
25 changed files with 2255 additions and 156 deletions
@@ -2,6 +2,7 @@ import { CreateOrgUnitSchema, UpdateOrgUnitSchema } from "@planarchy/shared";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
 import { findUniqueOrThrow } from "../db/helpers.js";
+import { createAuditEntry } from "../lib/audit.js";
 import { adminProcedure, createTRPCRouter, protectedProcedure } from "../trpc.js";

 import type { OrgUnitTree } from "@planarchy/shared";
@@ -93,7 +94,7 @@ export const orgUnitRouter = createTRPCRouter({
        }
      }

-      return ctx.db.orgUnit.create({
+      const created = await ctx.db.orgUnit.create({
        data: {
          name: input.name,
          ...(input.shortName !== undefined ? { shortName: input.shortName } : {}),
@@ -102,17 +103,32 @@ export const orgUnitRouter = createTRPCRouter({
          sortOrder: input.sortOrder,
        },
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "OrgUnit",
+        entityId: created.id,
+        entityName: created.name,
+        action: "CREATE",
+        userId: ctx.dbUser?.id,
+        after: created as unknown as Record<string, unknown>,
+        source: "ui",
+      });
+
+      return created;
    }),

  update: adminProcedure
    .input(z.object({ id: z.string(), data: UpdateOrgUnitSchema }))
    .mutation(async ({ ctx, input }) => {
-      await findUniqueOrThrow(
+      const existing = await findUniqueOrThrow(
        ctx.db.orgUnit.findUnique({ where: { id: input.id } }),
        "Org unit",
      );

-      return ctx.db.orgUnit.update({
+      const before = existing as unknown as Record<string, unknown>;
+
+      const updated = await ctx.db.orgUnit.update({
        where: { id: input.id },
        data: {
          ...(input.data.name !== undefined ? { name: input.data.name } : {}),
@@ -122,14 +138,43 @@ export const orgUnitRouter = createTRPCRouter({
          ...(input.data.parentId !== undefined ? { parentId: input.data.parentId } : {}),
        },
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "OrgUnit",
+        entityId: updated.id,
+        entityName: updated.name,
+        action: "UPDATE",
+        userId: ctx.dbUser?.id,
+        before,
+        after: updated as unknown as Record<string, unknown>,
+        source: "ui",
+      });
+
+      return updated;
    }),

  deactivate: adminProcedure
    .input(z.object({ id: z.string() }))
    .mutation(async ({ ctx, input }) => {
-      return ctx.db.orgUnit.update({
+      const updated = await ctx.db.orgUnit.update({
        where: { id: input.id },
        data: { isActive: false },
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "OrgUnit",
+        entityId: updated.id,
+        entityName: updated.name,
+        action: "UPDATE",
+        userId: ctx.dbUser?.id,
+        before: { isActive: true },
+        after: { isActive: false },
+        source: "ui",
+        summary: "Deactivated OrgUnit",
+      });
+
+      return updated;
    }),
 });