Feature Request: Expose audit log in admin UI

[Mikearaya]

Unchained ships an OCSF-compliant, tamper-evident audit log (packages/events/src/audit/) that is currently dormant — never instantiated, never bridged to GraphQL, never surfaced in admin-ui. Login/logout, account changes, role changes, order lifecycle, and payment events are already defined as audited but nothing writes them today.

What to do

1. Engine: instantiate the audit log on platform startup, activate configureAuditIntegration, and expose auditLogs, auditLogsCount, auditChainStatus, failedLoginAttempts via GraphQL behind a new viewAuditLog action gated to admins.
2. Admin-UI: add a /settings/security page (under a new /settings/* shell) showing chain-integrity status, failed-login activity, and a filterable browser over audit entries with per-entry OCSF detail view.

Why

• Compliance-ready out-of-the-box (OCSF v1.4.0 is consumed by Datadog, Splunk, AWS Security Lake, Chronicle).
• Tamper-evident chain status is a differentiator versus Shopify, Medusa, Saleor, commercetools — none surface this.
• First page under /settings/*, establishing the IA for future consolidation of scattered config pages.

Steps

Engine

• Add auditLog?: AuditLogConfig | false to PlatformOptions; instantiate createAuditLog in startPlatform and call configureAuditIntegration.
• Thread auditLog through UnchainedServerOptions → createContextResolver → Context.
• Add viewAuditLog and verifyAuditChain to the actions list; grant to admin role.
• Add AuditLogEntry, AuditChainStatus, AuditLogClass/Severity/Status enums to the schema.
• Add auditLogs, auditLogsCount, auditChainStatus, failedLoginAttempts query resolvers wrapping the existing AuditLog methods.
• Close the audit log in the existing SIGTERM cleanup path.
• Integration test: login emits an AUTHENTICATION entry; tampered file flips auditChainStatus.valid to false.

Admin-UI

• Add @unchainedshop/client/audit SDK module (fragment + 4 hooks) and update client/package.json exports + client/tsconfig.json includes.
• Build modules/audit/ shared components: chain-status banner, filters, virtualized entry table, entry detail drawer, failed-logins widget, OCSF activity label map.
• Create /settings shell (SettingsLayout + landing) and /settings/security page composing the components; manage filters via URL state.
• Add a "Settings → Security" entry to the sidebar in Layout.tsx, gated on hasRole('admin').
• Extract translation keys; add en and de strings.
• Cypress: component tests for banner + row states; e2e for navigation and filtering.

Scope

Additive only. No breaking changes, no migrations.