feat(ui): ship unified audit surfaces

docs/modules/ui/TASKS.md

@@ -83,6 +83,11 @@
 - [DONE] FE-RW-004 Cross-product deep links and release-context use for reachability proofs
 - [DONE] FE-RW-005 Supporting evidence and export surfaces for witness UX
 - [DONE] FE-RW-006 QA, rollout, and docs sync for reachability witnessing
+- [DONE] FE-AUD-001 Freeze canonical audit owner and alias contract
+- [DONE] FE-AUD-002 Repair audit-shell internal navigation and subviews
+- [DONE] FE-AUD-003 Wire secondary entry points and contextual handoffs
+- [DONE] FE-AUD-004 Verify route cutover and operator journeys
+- [DONE] FE-AUD-005 Sync docs, archive the sprint, and record the shipped feature
 - [DONE] FE-PO-001 Freeze Operations overview taxonomy and submenu structure
 - [DONE] FE-PO-002 Overview page regrouping and blocking-card contract
 - [DONE] FE-PO-003 Legacy widget absorption matrix for Platform Ops

docs/modules/ui/component-preservation-map/RESTORATION_PRIORITIES.md

@@ -107,6 +107,10 @@ These are mostly not dropped products. They are current or near-current capabili
   - `Audit Log`
 - Target:
   - keep under admin/security, but improve entry points and deep links
+- Notes:
+  - Detailed UX dossier: `docs/modules/ui/unified-audit-surfaces/README.md`
+  - Implementation sprint: `docs-archived/implplan/SPRINT_20260307_039_FE_unified_audit_surfaces.md`
+  - Shipped verification note: `docs/features/checked/web/unified-audit-surfaces-ui.md`
 
 ### 8. Offline Operations
 - Type: `wire-in / preserve`

docs/modules/ui/implementation_plan.md

@@ -27,11 +27,14 @@ Provide a living plan for UI deliverables, dependencies, and evidence.
 - `docs/features/checked/web/triage-explainability-workspace-ui.md` - shipped verification note for the canonical triage artifact workspace, explainability rail, audit bundles, and security alias cutover.
 - `docs/features/checked/web/workflow-visualization-replay-ui.md` - shipped verification note for the canonical run-detail graph, timeline, replay, evidence tabs, and workflow-editor preview reuse boundary.
 - `docs/features/checked/web/contextual-actions-patterns-ui.md` - shipped verification note for the shared contextual route-state, headers, drawers, list-detail shells, grouped overview cards, and first adopted restoration surfaces.
+- `docs/features/checked/web/unified-audit-surfaces-ui.md` - shipped verification note for the Evidence-owned audit shell, admin bookmark redirects, repaired audit subview links, and secondary handoff entry points.
 - `docs/modules/ui/reachability-witnessing/README.md` - detailed witness and proof UX dossier plus cross-shell deep-link contract.
 - `docs/modules/ui/platform-ops-consolidation/README.md` - detailed Operations overview taxonomy and legacy absorption plan.
 - `docs/modules/ui/triage-explainability-workspace/README.md` - detailed artifact workspace and audit-bundle UX dossier.
 - `docs/modules/ui/workflow-visualization-replay/README.md` - detailed run-detail graph, timeline, replay, and evidence UX dossier.
 - `docs/modules/ui/contextual-actions-patterns/README.md` - shared placement contract for stray actions, pages, drawers, and tabs.
+- `docs/modules/ui/unified-audit-surfaces/README.md` - shipped canonical audit owner, alias contract, and secondary entry-point rules for cross-module audit browsing.
+- `docs/modules/ui/unified-audit-surfaces/README.md` - canonical audit owner, alias contract, and secondary entry-point rules for cross-module audit browsing.
 
 ## Dependencies
 - `docs/modules/ui/architecture.md`

docs/modules/ui/unified-audit-surfaces/README.md

@@ -0,0 +1,114 @@
+# Unified Audit Surfaces
+
+## Status
+Shipped on 2026-03-07.
+
+## Product Shape
+Keep one canonical cross-module audit owner under Evidence.
+
+- Canonical product home: `Evidence > Audit Log`
+- Canonical route family: `/evidence/audit-log`
+- Secondary surfacing:
+  - `Admin > Unified Audit Log`
+  - `Setup` overview drilldowns
+  - `Mission Control` activity
+  - `Ops` and quota drilldowns
+  - `Release` detail audit links
+
+The current problem was not missing audit UI. The current problem was that the audit UI existed, but the app still split between Evidence-owned routes and stale admin absolute links.
+
+## Product Boundary
+
+### This shell owns
+- cross-module audit dashboard
+- all-events browser
+- event detail
+- timeline search
+- correlation clusters
+- anomaly alerts
+- export
+- module-specific audit views:
+  - policy
+  - authority
+  - vex
+  - integrations
+
+### This shell does not own
+- `Audit Bundles`
+  - stays under `/triage/audit-bundles`
+- `Auditor Workspace`
+  - stays under `/workspace/audit/:artifactDigest`
+- contextual reason capsules
+  - stay embedded in the owning workflow
+- policy/VEX scoped audit tabs
+  - remain inside Policy Decisioning Studio but can deep-link into the canonical audit shell
+
+## Canonical Route Contract
+
+### Canonical routes
+- `/evidence/audit-log`
+- `/evidence/audit-log/events`
+- `/evidence/audit-log/events/:eventId`
+- `/evidence/audit-log/timeline`
+- `/evidence/audit-log/correlations`
+- `/evidence/audit-log/anomalies`
+- `/evidence/audit-log/export`
+- `/evidence/audit-log/policy`
+- `/evidence/audit-log/authority`
+- `/evidence/audit-log/vex`
+- `/evidence/audit-log/integrations`
+
+### Shipped aliases
+- `/admin/audit`
+- `/admin/audit/:page`
+- `/admin/audit/events/:eventId`
+- `/administration/audit`
+- `/administration/audit/:page`
+- `/administration/audit/events/:eventId`
+
+Aliases must preserve query params for handoffs like `tenantId`, `releaseId`, `runId`, `correlationId`, and event filters.
+
+## Navigation Contract
+
+### Primary navigation
+- Evidence keeps the real audit owner link.
+- Admin keeps an audit entry, but it points to the same Evidence-owned route family.
+
+### Secondary entry points to keep
+- Setup overview drilldown card
+- Mission Control activity feed
+- dashboard activity cards
+- platform ops summary links
+- quota tenant detail
+- release detail
+
+### Secondary entry points to avoid
+- do not create a second top-level audit product
+- do not fork a separate admin-only audit route tree
+- do not move audit bundles out of Triage just because they contain the word `audit`
+
+## UX Rules
+- audit detail pages must always offer a stable path back to the canonical dashboard or events list
+- query-param handoffs should keep the operator in context instead of dumping them at an unfiltered dashboard
+- breadcrumbs, quick links, and cards must use the canonical evidence route family
+- cross-module audit is evidence-centered, not admin-settings-centered
+
+## Why This Is Worth Keeping
+- Stella Ops makes an auditability promise; cross-module audit is core product capability, not optional legacy UI.
+- Most of the necessary pages already exist and appear implementation-ready.
+- The feature value is currently obscured by route fragmentation, broken links, and split ownership language rather than lack of functionality.
+
+## Verification Evidence
+- feature verification note: `docs/features/checked/web/unified-audit-surfaces-ui.md`
+- targeted Angular tests: `31` passing assertions across evidence routes, audit behavior, evidence overview, admin aliases, and legacy redirects
+- Playwright: `2/2` passing scenarios for canonical audit landing, in-shell navigation, and old admin bookmark redirect
+- production build: pass, with existing unrelated bundle-budget warnings
+
+## Restoration Goal
+Restored usability, not just visibility:
+
+- one canonical owner
+- working aliases for old bookmarks
+- repaired internal navigation
+- real contextual entry points from the workflows that need audit
+- explicit verification that the main audit journeys work