feat: Activity History system — full audit coverage, UI, AI tools

Infrastructure (Phase 1): - AuditLog schema: add source, entityName, summary fields + index - createAuditEntry() helper: auto-diff, auto-summary, fire-and-forget - auditLog query router: list, getByEntity, getTimeline, getActivitySummary Audit Coverage (Phase 2 — 14 routers, 50+ mutations): - vacation: create, approve, reject, cancel, batch ops (8 mutations) - user: create, updateRole, setPermissions, resetPermissions (5 mutations) - entitlement: set, bulkSet (3 mutations) - client: create, update, delete, batchUpdateSortOrder - org-unit: create, update, deactivate - country: create, update, createCity, updateCity, deleteCity - management-level: createGroup, updateGroup, createLevel, updateLevel, deleteLevel - settings: updateSystemSettings (sensitive fields sanitized), testSmtp - blueprint: create, update, updateRolePresets, delete, batchDelete, setGlobal - rate-card: create, update, deactivate, addLine, updateLine, deleteLine, replaceLines - calculation-rules: create, update, delete - effort-rule: create, update, delete - experience-multiplier: create, update, delete - utilization-category: create, update Admin UI (Phase 3): - /admin/activity-log page with global searchable timeline - Filters: entity type, action, user, date range, text search - Expandable before/after diff view per entry - Summary cards showing top entity types by change count - EntityHistory reusable component for entity detail pages - Sidebar nav link with clock icon AI Assistant (Phase 4): - query_change_history tool: "Who changed project X?" - get_entity_timeline tool: "What happened to resource Y?" Regression: 283 engine + 37 staffing tests pass. TypeScript clean. Co-Authored-By: claude-flow <ruv@ruv.net>
2026-03-22 22:39:30 +01:00
parent 3d117708ff
commit 66878f18f4
25 changed files with 2255 additions and 156 deletions
@@ -5,6 +5,7 @@ import {
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
 import { findUniqueOrThrow } from "../db/helpers.js";
+import { createAuditEntry } from "../lib/audit.js";
 import { adminProcedure, createTRPCRouter, protectedProcedure } from "../trpc.js";

 export const utilizationCategoryRouter = createTRPCRouter({
@@ -48,7 +49,7 @@ export const utilizationCategoryRouter = createTRPCRouter({
        });
      }

-      return ctx.db.utilizationCategory.create({
+      const created = await ctx.db.utilizationCategory.create({
        data: {
          code: input.code,
          name: input.name,
@@ -57,6 +58,19 @@ export const utilizationCategoryRouter = createTRPCRouter({
          isDefault: input.isDefault,
        },
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "UtilizationCategory",
+        entityId: created.id,
+        entityName: created.name,
+        action: "CREATE",
+        userId: ctx.dbUser?.id,
+        after: created as unknown as Record<string, unknown>,
+        source: "ui",
+      });
+
+      return created;
    }),

  update: adminProcedure
@@ -82,7 +96,9 @@ export const utilizationCategoryRouter = createTRPCRouter({
        });
      }

-      return ctx.db.utilizationCategory.update({
+      const before = existing as unknown as Record<string, unknown>;
+
+      const updated = await ctx.db.utilizationCategory.update({
        where: { id: input.id },
        data: {
          ...(input.data.code !== undefined ? { code: input.data.code } : {}),
@@ -93,5 +109,19 @@ export const utilizationCategoryRouter = createTRPCRouter({
          ...(input.data.isDefault !== undefined ? { isDefault: input.data.isDefault } : {}),
        },
      });
+
+      void createAuditEntry({
+        db: ctx.db,
+        entityType: "UtilizationCategory",
+        entityId: updated.id,
+        entityName: updated.name,
+        action: "UPDATE",
+        userId: ctx.dbUser?.id,
+        before,
+        after: updated as unknown as Record<string, unknown>,
+        source: "ui",
+      });
+
+      return updated;
    }),
 });