feat(settings): user-visible audit log + nav across settings sections

audit_logs was a write-only firehose: every action wrote to it but
nothing ever read it. Surfaced the last 200 entries on a new
/settings/activity page so workspace admins can audit who did what.

  - lib/appwrite/audit-queries.ts: listAuditLogs(tenantId, limit=100)
    scoped to the caller's tenantId via Query.equal — multi-tenant
    safety preserved.
  - /settings/activity/page.tsx: server-rendered table — time, user,
    action badge (create/update/delete), entity label (TR), changes
    summary. Resolves userIds → displayName via a single bulk lookup
    against TABLES.profiles. Falls back to a truncated id when a
    profile isn't found so the row still reads.

Settings now has a horizontal tab nav too — there were six pages under
/settings with no cross-links between them. Added:
  - settings/layout.tsx wraps every settings page with the new nav.
  - settings/components/settings-nav.tsx (client): pathname-active
    state, scrolls horizontally on mobile. Items: Çalışma Alanı,
    Profilim, Üyeler, Bildirimler, Görünüm, Hesap Aktivitesi.

src/app/(dashboard)/settings/activity/page.tsx

@@ -0,0 +1,149 @@
+import { redirect } from "next/navigation";
+import { Query } from "node-appwrite";
+
+import { Badge } from "@/components/ui/badge";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card";
+import {
+  Table,
+  TableBody,
+  TableCell,
+  TableHead,
+  TableHeader,
+  TableRow,
+} from "@/components/ui/table";
+import { listAuditLogs } from "@/lib/appwrite/audit-queries";
+import { DATABASE_ID, TABLES, type Profile } from "@/lib/appwrite/schema";
+import { createAdminClient } from "@/lib/appwrite/server";
+import { requireTenant } from "@/lib/appwrite/tenant-guard";
+
+export const metadata = {
+  title: "DLS — Hesap Aktivitesi",
+};
+
+const dateFormatter = new Intl.DateTimeFormat("tr-TR", {
+  day: "2-digit",
+  month: "2-digit",
+  year: "numeric",
+  hour: "2-digit",
+  minute: "2-digit",
+});
+
+const ENTITY_LABELS: Record<string, string> = {
+  job: "İş",
+  patient: "Hasta",
+  prosthetic: "Ürün",
+  payment: "Ödeme",
+  clinic_pricing: "Klinik Fiyat",
+  job_file: "Dosya",
+  connection: "Bağlantı",
+  invite: "Davet",
+  tenant_settings: "Çalışma Alanı",
+  profile: "Profil",
+};
+
+const ACTION_VARIANTS = {
+  create: { label: "Eklendi", variant: "default" as const },
+  update: { label: "Güncellendi", variant: "secondary" as const },
+  delete: { label: "Silindi", variant: "destructive" as const },
+};
+
+export default async function ActivityPage() {
+  let ctx;
+  try {
+    ctx = await requireTenant();
+  } catch {
+    redirect("/onboarding");
+  }
+
+  const logs = await listAuditLogs(ctx.tenantId, 200);
+
+  // Resolve userId → display name in one go so the rows read naturally.
+  const userIds = Array.from(new Set(logs.map((l) => l.userId)));
+  const userMap = new Map<string, string>();
+  if (userIds.length > 0) {
+    try {
+      const { tablesDB } = createAdminClient();
+      const profiles = await tablesDB.listRows({
+        databaseId: DATABASE_ID,
+        tableId: TABLES.profiles,
+        queries: [Query.equal("userId", userIds), Query.limit(200)],
+      });
+      for (const p of profiles.rows as unknown as Profile[]) {
+        if (p.displayName) userMap.set(p.userId, p.displayName);
+      }
+    } catch {
+      // best-effort; rows just show the raw id
+    }
+  }
+
+  return (
+    <div className="flex-1 space-y-6 px-6">
+      <div className="flex flex-col gap-1">
+        <h1 className="text-2xl font-bold tracking-tight">Hesap Aktivitesi</h1>
+        <p className="text-muted-foreground text-sm">
+          Çalışma alanınızda yapılan tüm değişikliklerin kaydı. Son 200 işlem.
+        </p>
+      </div>
+
+      <Card>
+        <CardHeader>
+          <CardTitle>İşlem Kaydı</CardTitle>
+          <CardDescription>
+            Otomatik tutulur, silinemez. Şüpheli bir aktivite görürseniz hesabınızı
+            güvenli olmayan bir cihazdan çıkarmayı düşünün.
+          </CardDescription>
+        </CardHeader>
+        <CardContent>
+          {logs.length === 0 ? (
+            <p className="text-muted-foreground py-6 text-center text-sm">
+              Henüz kayıtlı aktivite yok.
+            </p>
+          ) : (
+            <Table>
+              <TableHeader>
+                <TableRow>
+                  <TableHead>Zaman</TableHead>
+                  <TableHead>Kullanıcı</TableHead>
+                  <TableHead>İşlem</TableHead>
+                  <TableHead>Nesne</TableHead>
+                  <TableHead>Detay</TableHead>
+                </TableRow>
+              </TableHeader>
+              <TableBody>
+                {logs.map((l) => {
+                  const v = ACTION_VARIANTS[l.action] ?? {
+                    label: l.action,
+                    variant: "outline" as const,
+                  };
+                  return (
+                    <TableRow key={l.$id}>
+                      <TableCell className="text-muted-foreground text-xs tabular-nums">
+                        {dateFormatter.format(new Date(l.$createdAt))}
+                      </TableCell>
+                      <TableCell className="text-sm">
+                        {userMap.get(l.userId) ?? (
+                          <span className="text-muted-foreground font-mono text-xs">
+                            {l.userId.slice(0, 8)}
+                          </span>
+                        )}
+                      </TableCell>
+                      <TableCell>
+                        <Badge variant={v.variant}>{v.label}</Badge>
+                      </TableCell>
+                      <TableCell className="text-sm">
+                        {ENTITY_LABELS[l.entityType] ?? l.entityType}
+                      </TableCell>
+                      <TableCell className="text-muted-foreground max-w-[360px] truncate text-xs">
+                        {l.changes ? l.changes : <span>—</span>}
+                      </TableCell>
+                    </TableRow>
+                  );
+                })}
+              </TableBody>
+            </Table>
+          )}
+        </CardContent>
+      </Card>
+    </div>
+  );
+}

src/app/(dashboard)/settings/components/settings-nav.tsx

@@ -0,0 +1,43 @@
+"use client";
+
+import Link from "next/link";
+import { usePathname } from "next/navigation";
+
+import { cn } from "@/lib/utils";
+
+const ITEMS: { href: string; label: string }[] = [
+  { href: "/settings/workspace", label: "Çalışma Alanı" },
+  { href: "/settings/account", label: "Profilim" },
+  { href: "/settings/members", label: "Üyeler" },
+  { href: "/settings/notifications", label: "Bildirimler" },
+  { href: "/settings/appearance", label: "Görünüm" },
+  { href: "/settings/activity", label: "Hesap Aktivitesi" },
+];
+
+export function SettingsNav() {
+  const pathname = usePathname();
+  return (
+    <nav className="overflow-x-auto">
+      <ul className="border-border flex min-w-max gap-1 border-b">
+        {ITEMS.map((item) => {
+          const active = pathname === item.href;
+          return (
+            <li key={item.href}>
+              <Link
+                href={item.href}
+                className={cn(
+                  "inline-block border-b-2 px-3 py-2 text-sm transition-colors",
+                  active
+                    ? "border-primary text-foreground font-medium"
+                    : "text-muted-foreground hover:text-foreground border-transparent",
+                )}
+              >
+                {item.label}
+              </Link>
+            </li>
+          );
+        })}
+      </ul>
+    </nav>
+  );
+}

src/app/(dashboard)/settings/layout.tsx

@@ -0,0 +1,16 @@
+import { SettingsNav } from "./components/settings-nav";
+
+export default function SettingsLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  return (
+    <div className="flex-1 space-y-6">
+      <div className="px-6">
+        <SettingsNav />
+      </div>
+      {children}
+    </div>
+  );
+}

src/lib/appwrite/audit-queries.ts

@@ -0,0 +1,24 @@
+import "server-only";
+
+import { Query } from "node-appwrite";
+
+import { DATABASE_ID, TABLES, type AuditLog } from "./schema";
+import { createAdminClient } from "./server";
+import { toPlain } from "./serialize";
+
+export async function listAuditLogs(
+  tenantId: string,
+  limit = 100,
+): Promise<AuditLog[]> {
+  const { tablesDB } = createAdminClient();
+  const result = await tablesDB.listRows({
+    databaseId: DATABASE_ID,
+    tableId: TABLES.auditLogs,
+    queries: [
+      Query.equal("tenantId", tenantId),
+      Query.orderDesc("$createdAt"),
+      Query.limit(limit),
+    ],
+  });
+  return toPlain(result.rows as unknown as AuditLog[]);
+}