core: implement audit log for all admin operations

[EmeditWeb]

Problem

Admin operations leave no audit trail. If something
goes wrong there is no record of who did what.

What To Build

1. Create audit_logs table in Supabase
2. Create AuditService and AuditInterceptor
3. GET /admin/audit-logs endpoint
4. Immutable INSERT-only design

Files To Touch

• src/audit/ (new module)
• src/common/interceptors/audit.interceptor.ts
• All admin controllers
• supabase/migrations/[ts]_audit_logs.sql

Acceptance Criteria

• All admin actions logged
• Before and after state captured
• Logs immutable (no updates allowed)
• Searchable via endpoint
• npm run build passes

Mandatory Checks Before PR

• npm run build passes
• No any types
• PR references this issue

[teeschima]

I'd like to work on this security enhancement task.

I have experience with React, TypeScript, Vercel deployments, web security best practices, and frontend architecture. Based on the requirements, my implementation plan would be:

Configure security headers in vercel.json:
Content Security Policy (CSP)
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy
Review all user-generated content rendering and sanitize it using DOMPurify.
Enforce HTTPS and secure redirects.
Audit localStorage usage and remove any sensitive data storage.
Add Subresource Integrity (SRI) for external CDN assets where applicable.
Verify all headers in browser DevTools.
Ensure npm run build passes before submitting the PR.

I can provide clean commits, documentation of the security changes, and testing evidence.

Looking forward to contributing.

[adelekevictor12]

I will like to handle this task

[grantfox-oss]

🦊 GrantFox — @teeschima has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #37)
2. Your PR will be reviewed by the StepFi-app maintainers

Good luck! Track your progress on GrantFox.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@teeschima's PR #49 was approved and merged by @EmeditWeb.

🏆 @teeschima: You earned 35 FoxPoints for this contribution! Your current tier: Explorer (48 total points). Track your full progress on GrantFox.

👏 Great work, @teeschima! Keep contributing to StepFi-app.