feat: implement admin KYC review UI and server integration #165

[bytebinders]

Overview

This PR completes the end-to-end admin workflow for account risk and KYC decisions by implementing a dedicated review queue UI and its corresponding server-side logic.

Changes Made

💾 Database & Backend

• Prisma Schema: Added KycReview model and KycStatus enum (PENDING, APPROVED, REJECTED, ESCALATED) to track user identity verifications.
• Service Layer: Created KycService for robust database operations, including status updates and user verification transitions.
• Controller Layer: Implemented KycController with full audit logging integration via AuditService.
• API Routes: Registered new /admin/kyc endpoints in the main admin route table, ensuring strict ADMIN role-gating.

🎨 Frontend & UI

• API Integration: Updated the central ApiClient with methods for fetching and processing KYC reviews.
• Admin Dashboard: Developed a high-performance KYC review interface at /admin/kyc featuring:
  • Dynamic Queue: A filterable list of pending and historical reviews.
  • Review Pane: Comprehensive view of user identity documents and metadata.
  • Decision Modal: Integrated workflow for approvals, rejections, and escalations with mandatory reason fields for audit compliance.
• Optimistic Updates: Implemented immediate UI feedback for admin actions with automatic state rollback if the backend request fails.

Why this is needed

Admins previously lacked a streamlined way to process account risk and KYC decisions. This implementation provides a specialized, role-gated workflow that scales with the user base while maintaining a strict audit trail for security compliance.

How it was verified

• ✅ Type Safety: Ran npx prisma generate to ensure all backend and frontend types are synchronized.
• ✅ Manual Testing: Verified the listing, filtering, and decision processing flows, including edge cases like rejections without notes.
• ✅ Audit Trail: Confirmed that all decisions are correctly recorded in the AuditLog table.
• ✅ Rollback Logic: Simulated API failures to confirm that optimistic UI updates correctly revert to the previous state.

Closes #165

[vercel]

@bytebinders is attempting to deploy a commit to the paul joseph's projects Team on Vercel.

A member of the Team first needs to authorize it.

[drips-wave]

@bytebinders Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[bytebinders]

Hi @anonfedora,

I noticed the Vercel check is currently failing due to deployment authorization. The changes themselves should be independent of deployment, but please let me know if any adjustments are needed from my side.

Happy to make updates if required. Thanks!

[anonfedora]

You have 1 merge conflict, ser

[anonfedora]

Fix so I can, please

[bytebinders]

I @anonfedora fixed

[anonfedora]

did you run npm run prisma:generate locally?
You accepted both changes for your resolve, and there are dublicate properties in your schema

[bytebinders]

marge

[bytebinders]

Hi @anonfedora,

Thanks for the feedback, I’ve gone back and properly resolved the schema conflicts.

You were right, I had mistakenly accepted both sides during the merge, which introduced duplicate properties. I’ve now cleaned up the Prisma schema, removed the duplicates, and re-ran npm run prisma:generate locally to ensure everything is consistent.

All checks (CI contracts, frontend, and server) are passing on my end. The Vercel authorization issue is unrelated to the code changes, but I’m available to adjust if needed.

Could you please take another look when you get a chance?

Appreciate your time 🙏