# Enable Audit Logging

## Summary
Activate the existing audit logging infrastructure by adding `audit_service.log_event()` calls to key system operations. The audit log table and service already exist but are not being used.

## Motivation
- Audit logs page exists but shows no data because events are not being recorded
- Security compliance requires tracking of authentication and administrative actions
- Administrators need visibility into system usage and potential security issues

## Current State
- `AuditLog` model exists in `backend/app/models/audit_log.py`
- `AuditService` with `log_event()` method exists in `backend/app/services/audit_service.py`
- `AuditLogsPage` frontend exists at `/admin/audit-logs`
- Admin API endpoint `GET /api/v2/admin/audit-logs` exists
- **Problem**: No code calls `audit_service.log_event()` - logs are always empty

## Proposed Changes

### Events to Log

| Event Type | Category | Location | Description |
|------------|----------|----------|-------------|
| `auth_login` | authentication | auth.py | User login (success/failure) |
| `auth_logout` | authentication | auth.py | User logout |
| `auth_token_refresh` | authentication | auth.py | Token refresh |
| `task_create` | task | tasks.py | Task created |
| `task_process` | task | tasks.py | Task processing started |
| `task_complete` | task | tasks.py | Task completed |
| `task_delete` | task | tasks.py | Task deleted |
| `admin_cleanup` | admin | admin.py | Manual cleanup triggered |
| `admin_view_users` | admin | admin.py | Admin viewed user list |
| `file_upload` | file | main.py | File uploaded |

### Implementation Approach
1. Add helper function to extract client info (IP, user agent) from Request
2. Add `audit_service.log_event()` calls to each operation point
3. Ensure all events capture: user_id, IP address, user agent, resource info

## Non-Goals
- Creating new audit log model (already exists)
- Changing audit log API endpoints (already work)
- Modifying frontend audit logs page (already complete)

## Affected Specs
- None (infrastructure already in place)

## Testing
- Verify audit logs appear after login/logout
- Verify task operations are logged
- Verify admin actions are logged
- Check audit logs page displays new entries