Skip to content

feat: two-person approval for sensitive actions (#248)#269

Open
Abdulrasaq1515 wants to merge 1 commit into
samieazubike:mainfrom
Abdulrasaq1515:feat/two-person-approval-248
Open

feat: two-person approval for sensitive actions (#248)#269
Abdulrasaq1515 wants to merge 1 commit into
samieazubike:mainfrom
Abdulrasaq1515:feat/two-person-approval-248

Conversation

@Abdulrasaq1515

@Abdulrasaq1515 Abdulrasaq1515 commented Jun 30, 2026

Copy link
Copy Markdown

closes #248

Sensitive actions (feature, unfeature, delete) now require a second admin to confirm before executing. The admin who initiated the request cannot approve it themselves - enforced at the API level.

Changes:

  • Add approval_requests Firestore collection + SQL migration
  • POST /api/projects/:id/request-approval - submit a pending request
  • GET /api/approval-requests - list requests by status
  • PUT /api/approval-requests/:id/approve - second admin approves + executes
  • PUT /api/approval-requests/:id/reject - second admin rejects
  • /api/projects/:id/approve blocks feature/unfeature with 403 requiresApproval
  • /api/projects/:id/delete blocks deletion with 403 requiresApproval
  • Admin UI: Feature/Unfeature/Delete buttons replaced with RequestApprovalDialog
  • Admin UI: new Approvals tab with ApprovalQueue component

@vercel

vercel Bot commented Jun 30, 2026

Copy link
Copy Markdown

@Abdulrasaq1515 is attempting to deploy a commit to the webverse Team on Vercel.

A member of the Team first needs to authorize it.

@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
stellarwavehub Error Error Jul 1, 2026 5:35pm

@samieazubike

Copy link
Copy Markdown
Owner

Resolve conflict

@Abdulrasaq1515

Copy link
Copy Markdown
Author

done fixing

Sensitive actions (feature, unfeature, delete) now require a second
admin to confirm before executing. The admin who initiated the request
cannot approve it themselves - enforced at the API level.

Changes:
- Add approval_requests Firestore collection + SQL migration
- POST /api/projects/:id/request-approval - submit a pending request
- GET  /api/approval-requests - list requests by status
- PUT  /api/approval-requests/:id/approve - second admin approves + executes
- PUT  /api/approval-requests/:id/reject  - second admin rejects
- /api/projects/:id/approve blocks feature/unfeature with 403 requiresApproval
- /api/projects/:id/delete  blocks deletion with 403 requiresApproval
- Admin UI: Feature/Unfeature/Delete buttons replaced with RequestApprovalDialog
- Admin UI: new Approvals tab with ApprovalQueue component
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Two-person approval for sensitive actions

2 participants