Skip to content

Add System Safety: grace periods + re-auth for destructive actions#7

Merged
SiteRelEnby merged 1 commit intomainfrom
system-safety
Apr 27, 2026
Merged

Add System Safety: grace periods + re-auth for destructive actions#7
SiteRelEnby merged 1 commit intomainfrom
system-safety

Conversation

@SiteRelEnby
Copy link
Copy Markdown
Contributor

@SiteRelEnby SiteRelEnby commented Apr 27, 2026

Summary

  • Opt-in deletion grace periods on important data (members, groups, tags, custom fields, history), designed to
  • Pending actions trigger a notification banner and are viewable and cancellable any time during the grace period
  • Once set, changes to loosen system safety settings themselves are also protected by the same grace period and cancellable action. Changes that tighten them are applied immediately.
  • Reuses the existing systems.delete_confirmation column as the system-wide auth tier (comments added to flag the historical name).
  • Added skippable prompt to setup 2FA and safety settings after account creation

Testing

  • ruff check sheaf/ passes
  • cd web && npm run lint && npx tsc --noEmit passes
  • Existing tests pass
  • New tests added (if applicable)
  • Tested manually

@SiteRelEnby
Add System Safety: grace periods + re-auth for destructive actions
b5bac41 
Optional, opt-in grace periods and re-auth requirements on destructive
actions within a system (delete member/group/tag/custom field/front
entry), plus a pending-actions inbox, plus asymmetric protection for
the safety settings themselves — loosening inherits the grace period
it protects, so a compromised session can't disable the safeguard and

Reuses the existing `systems.delete_confirmation` column as the
system-wide auth tier (comments added to flag the historical name).
Pending actions snapshot who was fronting at request time for audit
context. Tightening changes apply immediately; loosening changes go
through a SafetyChangeRequest that finalizes after the current grace
period. Any signed-in user can cancel pending actions/changes.

Banners for pending items render in the same stack as announcement
banners, sharing severity config; escalates from warning to critical
inside 24h of finalization. Post-signup onboarding prompt nudges new
users toward 2FA and System Safety setup.

needs end-to-end manual testing before merge.
@SiteRelEnby SiteRelEnby merged commit 20a366b into main Apr 27, 2026
5 of 6 checks passed
@SiteRelEnby SiteRelEnby deleted the system-safety branch April 27, 2026 01:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SiteRelEnby