feat: Activity History system — full audit coverage, UI, AI tools

Infrastructure (Phase 1):
- AuditLog schema: add source, entityName, summary fields + index
- createAuditEntry() helper: auto-diff, auto-summary, fire-and-forget
- auditLog query router: list, getByEntity, getTimeline, getActivitySummary

Audit Coverage (Phase 2 — 14 routers, 50+ mutations):
- vacation: create, approve, reject, cancel, batch ops (8 mutations)
- user: create, updateRole, setPermissions, resetPermissions (5 mutations)
- entitlement: set, bulkSet (3 mutations)
- client: create, update, delete, batchUpdateSortOrder
- org-unit: create, update, deactivate
- country: create, update, createCity, updateCity, deleteCity
- management-level: createGroup, updateGroup, createLevel, updateLevel, deleteLevel
- settings: updateSystemSettings (sensitive fields sanitized), testSmtp
- blueprint: create, update, updateRolePresets, delete, batchDelete, setGlobal
- rate-card: create, update, deactivate, addLine, updateLine, deleteLine, replaceLines
- calculation-rules: create, update, delete
- effort-rule: create, update, delete
- experience-multiplier: create, update, delete
- utilization-category: create, update

Admin UI (Phase 3):
- /admin/activity-log page with global searchable timeline
- Filters: entity type, action, user, date range, text search
- Expandable before/after diff view per entry
- Summary cards showing top entity types by change count
- EntityHistory reusable component for entity detail pages
- Sidebar nav link with clock icon

AI Assistant (Phase 4):
- query_change_history tool: "Who changed project X?"
- get_entity_timeline tool: "What happened to resource Y?"

Regression: 283 engine + 37 staffing tests pass. TypeScript clean.

Co-Authored-By: claude-flow <ruv@ruv.net>

packages/api/src/router/settings.ts

@@ -4,6 +4,15 @@ import { createAiClient, isAiConfigured, parseAiError } from "../ai-client.js";
 import { DEFAULT_SUMMARY_PROMPT } from "./resource.js";
 import { VALUE_SCORE_WEIGHTS } from "@planarchy/shared";
 import { testSmtpConnection } from "../lib/email.js";
+import { createAuditEntry } from "../lib/audit.js";
+
+/** Fields that must never appear in audit log values */
+const SENSITIVE_FIELDS = new Set([
+  "azureOpenAiApiKey",
+  "smtpPassword",
+  "azureDalleApiKey",
+  "anonymizationSeed",
+]);
 
 export const settingsRouter = createTRPCRouter({
   getSystemSettings: adminProcedure.query(async ({ ctx }) => {
@@ -151,12 +160,39 @@ export const settingsRouter = createTRPCRouter({
       // Timeline
       if (input.timelineUndoMaxSteps !== undefined) data.timelineUndoMaxSteps = input.timelineUndoMaxSteps;
 
+      // Fetch current settings for before-snapshot
+      const before = await ctx.db.systemSettings.findUnique({ where: { id: "singleton" } });
+
       await ctx.db.systemSettings.upsert({
         where: { id: "singleton" },
         create: { id: "singleton", ...data },
         update: data,
       });
 
+      // Build sanitized snapshots — redact sensitive fields
+      const sanitize = (obj: Record<string, unknown>): Record<string, unknown> => {
+        const result: Record<string, unknown> = {};
+        for (const [key, value] of Object.entries(obj)) {
+          result[key] = SENSITIVE_FIELDS.has(key) ? (value ? "***" : null) : value;
+        }
+        return result;
+      };
+
+      const sanitizedBefore = before ? sanitize(before as unknown as Record<string, unknown>) : undefined;
+      const sanitizedAfter = sanitize(data);
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "SystemSettings",
+        entityId: "singleton",
+        entityName: "System Settings",
+        action: before ? "UPDATE" : "CREATE",
+        userId: ctx.dbUser?.id,
+        ...(sanitizedBefore !== undefined ? { before: sanitizedBefore } : {}),
+        after: sanitizedAfter,
+        source: "ui",
+      });
+
       return { ok: true };
     }),
 
@@ -246,8 +282,22 @@ export const settingsRouter = createTRPCRouter({
     }
   }),
 
-  testSmtpConnection: adminProcedure.mutation(async () => {
-    return testSmtpConnection();
+  testSmtpConnection: adminProcedure.mutation(async ({ ctx }) => {
+    const result = await testSmtpConnection();
+
+    void createAuditEntry({
+      db: ctx.db,
+      entityType: "SystemSettings",
+      entityId: "singleton",
+      entityName: "SMTP Connection Test",
+      action: "UPDATE",
+      userId: ctx.dbUser?.id,
+      after: { testResult: result.ok ? "success" : "failed" },
+      source: "ui",
+      summary: result.ok ? "SMTP connection test succeeded" : "SMTP connection test failed",
+    });
+
+    return result;
   }),
 
   getAiConfigured: protectedProcedure.query(async ({ ctx }) => {