0d94132c98
Add AuditInterceptor as a safety net that auto-audits any POST/PUT/DELETE without an explicit audit call (excludes data ingestion + heartbeat). AuditService sets a request attribute so the interceptor skips when explicit logging already happened. New explicit audit calls: - ApplicationConfigController: view/update app config - AgentCommandController: send/broadcast commands (AGENT category) - AgentRegistrationController: agent register + token refresh - UiAuthController: UI token refresh - OidcAuthController: OIDC callback failure - AuditLogController: view audit log (sensitive read) - UserAdminController: view users (sensitive read) - OidcConfigAdminController: view OIDC config (sensitive read) New AuditCategory.AGENT added. Frontend audit log filter updated. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>