test(6.1): add audit filter behavioral test (ADMIN-06 SC3)

Verifies event_type filter returns only matching entries.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/tests/test_audit.py

@@ -104,6 +104,48 @@ async def test_audit_log_no_doc_content(async_client, admin_user, db_session):
                 )
 
 
+async def test_audit_log_filter_by_event_type(async_client, admin_user, db_session):
+    """GET /api/admin/audit-log?event_type=X returns only matching entries (ADMIN-06, SC3)."""
+    from services.audit import write_audit_log
+
+    # Seed two entries with distinct event types
+    await write_audit_log(
+        session=db_session,
+        event_type="document.uploaded",
+        user_id=admin_user["user"].id,
+        actor_id=admin_user["user"].id,
+        resource_id=None,
+        ip_address=None,
+        metadata_={"size_bytes": 100},
+    )
+    await write_audit_log(
+        session=db_session,
+        event_type="share.granted",
+        user_id=admin_user["user"].id,
+        actor_id=admin_user["user"].id,
+        resource_id=None,
+        ip_address=None,
+        metadata_={"recipient_id": "test"},
+    )
+    await db_session.commit()
+
+    response = await async_client.get(
+        "/api/admin/audit-log",
+        params={"event_type": "document.uploaded"},
+        headers=admin_user["headers"],
+    )
+
+    assert response.status_code == 200
+    body = response.json()
+    assert body["total"] >= 1, "expected at least one filtered result"
+
+    # Every returned item must match the filter
+    for item in body["items"]:
+        assert item["event_type"] == "document.uploaded", (
+            f"filter returned unexpected event_type: {item['event_type']}"
+        )
+
+
 async def test_audit_log_regular_user_403(async_client, auth_user):
     """GET /api/admin/audit-log with a regular user token must return 403."""
     response = await async_client.get(