bulk board security settings, nicer explainer, velocity threshold spinner

packages/api/src/routes/admin/security.ts

@@ -359,6 +359,32 @@ export default async function adminSecurityRoutes(app: FastifyInstance) {
     }
   );
 
+  // bulk update board security settings
+  app.put(
+    "/admin/boards/bulk-security",
+    { preHandler: [app.requireAdmin, app.requireRole("SUPER_ADMIN", "ADMIN")], config: { rateLimit: { max: 10, timeWindow: "1 minute" } } },
+    async (req, reply) => {
+      const body = z.object({
+        boardIds: z.array(z.string().min(1)).min(1),
+        settings: boardSecurityBody,
+      }).parse(req.body);
+
+      const data: Record<string, unknown> = {};
+      if (body.settings.sensitivityLevel !== undefined) data.sensitivityLevel = body.settings.sensitivityLevel;
+      if (body.settings.velocityThreshold !== undefined) data.velocityThreshold = body.settings.velocityThreshold;
+      if (body.settings.quarantined !== undefined) data.quarantined = body.settings.quarantined;
+      if (body.settings.requireVoteVerification !== undefined) data.requireVoteVerification = body.settings.requireVoteVerification;
+
+      await prisma.board.updateMany({
+        where: { id: { in: body.boardIds } },
+        data,
+      });
+
+      req.log.info({ adminId: req.adminId, count: body.boardIds.length }, "bulk board security update");
+      reply.send({ updated: body.boardIds.length });
+    }
+  );
+
   // 10. Admin notification webhook config - CRUD
   app.get(
     "/admin/security/webhooks",