# Unified Audit Log Viewer

## Module
Web

## Status
VERIFIED

## Description
Cross-module unified audit log viewer with event table/detail panel, timeline/correlation navigation, anomaly alert visibility, and export surface for compliance evidence workflows.

## Implementation Details
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/audit-log/`
- **Routes**:
  - `src/Web/StellaOps.Web/src/app/app.routes.ts` (`/admin/audit`)
  - `src/Web/StellaOps.Web/src/app/features/audit-log/audit-log.routes.ts`
- **Components**:
  - `audit-log-dashboard` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-log-dashboard.component.ts`)
  - `audit-log-table` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-log-table.component.ts`)
  - `audit-event-detail` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-event-detail.component.ts`)
  - `audit-timeline-search` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-timeline-search.component.ts`)
  - `audit-correlations` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-correlations.component.ts`)
  - `audit-anomalies` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-anomalies.component.ts`)
  - `audit-export` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-export.component.ts`)
  - `audit-policy` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-policy.component.ts`)
  - `audit-authority` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-authority.component.ts`)
  - `audit-vex` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-vex.component.ts`)
  - `audit-integrations` (`src/Web/StellaOps.Web/src/app/features/audit-log/audit-integrations.component.ts`)
- **APIs/Models**:
  - `src/Web/StellaOps.Web/src/app/core/api/audit-log.client.ts`
  - `src/Web/StellaOps.Web/src/app/core/api/audit-log.models.ts`
- **Behavior coverage**:
  - `src/Web/StellaOps.Web/src/tests/audit_log/unified-audit-log-viewer.behavior.spec.ts`
- **Source**: `SPRINT_20251229_028_FE_unified_audit_log_viewer`

## E2E Test Plan
- **Setup**:
  - [ ] Log in with an admin-capable user
  - [ ] Navigate to `/admin/audit`
  - [ ] Ensure audit fixture/API data exists across at least two modules
- **Core verification**:
  - [ ] Verify dashboard and child route surfaces render (`events`, `timeline`, `correlations`, `anomalies`, `export`, `policy`, `authority`, `vex`, `integrations`)
  - [ ] Verify event table filters produce expected query semantics
  - [ ] Verify event ordering remains deterministic for equal timestamps
  - [ ] Verify event-detail drilldown and correlation navigation links
- **Edge cases**:
  - [ ] Verify graceful handling when audit APIs are unavailable
  - [ ] Verify deterministic module summary ordering under mixed-count ties
  - [ ] Verify accessibility basics (keyboard focus order and route-link labels)

## Verification
- Run ID: `docs/qa/feature-checks/runs/web/unified-audit-log-viewer/run-001/`
- Date (UTC): 2026-02-11
- Tier 0: PASS (source/symbol verification for route wiring, deterministic ordering behavior, and supported `src/tests/**` harness).
- Tier 1: PASS (`npm run test` focused suite: 26 files / 127 tests; `npm run build` passed with known baseline warnings).
- Tier 2: PASS (admin route + child surfaces, dashboard deterministic ordering, table filter semantics, and deterministic event pagination ordering behavior).