P1: Review dashboard /api/approvals decide endpoint for auth bypass (post-XSS fix PR #23).
P1: Review dashboard /api/approvals decide endpoint for auth bypass (post-XSS fix PR #23).