Privileged actions need explicit authorization boundaries
Block launch until this is fixed and re-scanned.
Where Deploia saw it
Admin-like routes and database writes appear in the sample path, but the scan cannot confirm role or permission checks around those actions.
Why it matters
A normal user may be able to reach sensitive workflows if route-level checks are incomplete.
Next action
Add centralized authorization middleware, role checks around privileged actions, and tests that prove denied users stay denied.
