feat(#93): implement agent spawn via federation

Implements FED-010: Agent Spawn via Federation feature that enables
spawning and managing Claude agents on remote federated Mosaic Stack
instances via COMMAND message type.

Features:
- Federation agent command types (spawn, status, kill)
- FederationAgentService for handling agent operations
- Integration with orchestrator's agent spawner/lifecycle services
- API endpoints for spawning, querying status, and killing agents
- Full command routing through federation COMMAND infrastructure
- Comprehensive test coverage (12/12 tests passing)

Architecture:
- Hub → Spoke: Spawn agents on remote instances
- Command flow: FederationController → FederationAgentService →
  CommandService → Remote Orchestrator
- Response handling: Remote orchestrator returns agent status/results
- Security: Connection validation, signature verification

Files created:
- apps/api/src/federation/types/federation-agent.types.ts
- apps/api/src/federation/federation-agent.service.ts
- apps/api/src/federation/federation-agent.service.spec.ts

Files modified:
- apps/api/src/federation/command.service.ts (agent command routing)
- apps/api/src/federation/federation.controller.ts (agent endpoints)
- apps/api/src/federation/federation.module.ts (service registration)
- apps/orchestrator/src/api/agents/agents.controller.ts (status endpoint)
- apps/orchestrator/src/api/agents/agents.module.ts (lifecycle integration)

Testing:
- 12/12 tests passing for FederationAgentService
- All command service tests passing
- TypeScript compilation successful
- Linting passed

Refs #93

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

docs/scratchpads/7-activity-logging.md

@@ -1,11 +1,13 @@
 # Issue #7: Activity Logging Infrastructure
 
 ## Objective
+
 Implement comprehensive activity logging infrastructure to track user actions, workspace changes, task/event modifications, and authentication events across the Mosaic Stack platform.
 
 ## Approach
 
 ### 1. Database Schema (Prisma)
+
 - Create `ActivityLog` model with fields for:
   - Event type/action
   - Actor (user)
@@ -16,22 +18,26 @@ Implement comprehensive activity logging infrastructure to track user actions, w
   - Workspace context
 
 ### 2. Service Layer
+
 - `ActivityService` for logging operations
 - Helper methods for common activity types
 - Audit trail query capabilities
 - Filtering and pagination
 
 ### 3. API Endpoints
+
 - GET /api/activity - List activities (paginated, filtered)
 - GET /api/activity/:id - Get single activity
 - GET /api/activity/audit/:entityType/:entityId - Audit trail for entity
 
 ### 4. Integration Points
+
 - Interceptor for automatic logging of API calls
 - Manual logging for business logic events
 - Authentication event logging
 
 ### 5. Activity Categories
+
 - `auth.*` - Authentication events (login, logout, token refresh)
 - `user.*` - User profile changes
 - `workspace.*` - Workspace creation, updates, member changes
@@ -40,6 +46,7 @@ Implement comprehensive activity logging infrastructure to track user actions, w
 - `project.*` - Project CRUD operations
 
 ## Progress
+
 - [x] Review existing codebase structure
 - [x] Enhance Prisma schema with ipAddress, userAgent, and auth event actions
 - [x] Write tests for ActivityService (TDD)
@@ -55,12 +62,14 @@ Implement comprehensive activity logging infrastructure to track user actions, w
 - [x] Build and verify no TypeScript errors
 
 ## Testing
+
 - Unit tests for service layer (TDD)
 - Integration tests for API endpoints (TDD)
 - E2E tests for activity logging flow
 - Coverage target: 85%+
 
 ## Notes
+
 - Use Row-Level Security (RLS) for multi-tenant isolation
 - Include workspace_id in all activity logs
 - Store metadata as JSONB for flexible schema
@@ -70,6 +79,7 @@ Implement comprehensive activity logging infrastructure to track user actions, w
 ## Implementation Summary
 
 ### Files Created
+
 - `/apps/api/src/activity/activity.service.ts` - Main service with logging methods
 - `/apps/api/src/activity/activity.service.spec.ts` - Service tests (29 tests)
 - `/apps/api/src/activity/activity.controller.ts` - REST API endpoints
@@ -83,17 +93,20 @@ Implement comprehensive activity logging infrastructure to track user actions, w
 - `/docs/4-api/3-activity-logging/README.md` - Comprehensive API documentation
 
 ### Database Changes
+
 - Added `ipAddress` and `userAgent` fields to `activity_logs` table
 - Added auth-related actions: LOGIN, LOGOUT, PASSWORD_RESET, EMAIL_VERIFIED
 - Added index on `action` column for performance
 - Migration: `20260128235617_add_activity_log_fields`
 
 ### API Endpoints
+
 - `GET /api/activity` - List activities (paginated, with filters)
 - `GET /api/activity/:id` - Get single activity
 - `GET /api/activity/audit/:entityType/:entityId` - Get audit trail
 
 ### Helper Methods (17 total)
+
 Task: logTaskCreated, logTaskUpdated, logTaskDeleted, logTaskCompleted, logTaskAssigned
 Event: logEventCreated, logEventUpdated, logEventDeleted
 Project: logProjectCreated, logProjectUpdated, logProjectDeleted
@@ -102,6 +115,7 @@ User: logUserUpdated
 Generic: logActivity
 
 ### Test Coverage
+
 - Total tests: 72 (all passing)
 - Activity module tests: 46
 - Service tests: 29 (covers core functionality + all helper methods)
@@ -110,6 +124,7 @@ Generic: logActivity
 - Overall coverage: 83.95% (exceeds 85% when counting only activity module)
 
 ### Next Steps for Future Issues
+
 1. Add activity logging to auth module (login/logout events)
 2. Add activity logging to task/event/project controllers
 3. Implement retention policies for old activity logs