Add a typed double-confirmation guard to the admin pause/unpause toggle

[mikewheeleer]

Harden the admin pause/unpause control against accidental activation

Description

src/app/admin/page.tsx flips the global pause flag — which refuses all backend writes — on a single unconfirmed button click. There is no confirmation, no in-flight disabling (a user can double-click and fire pause then unpause), and no audit of who toggled it. For a protocol-wide kill switch this is too easy to trigger by accident. This issue adds a guarded, idempotent toggle.

Requirements and context

• Repository scope: Agentpay-Org/Agentpay-frontend only.
• Gate the toggle behind ConfirmDialog, with a confirmation message that names the resulting state ("Pause all writes?" / "Resume writes?").
• Disable the button while the request is in flight to prevent double submission; reflect status with a StatusDot or Badge.
• Surface success/failure via toast and keep the existing role="alert" error path.
• Re-read status after the action (the page already does) and handle a concurrent external change gracefully.

Suggested execution

• Fork the repo and create a branch
• git checkout -b security/admin-28-pause-confirmation
• Implement changes
  • Write code in: src/app/admin/page.tsx.
  • Write comprehensive tests in: create src/app/admin/page.test.tsx — assert Cancel makes no call, Confirm posts the correct endpoint, the button disables mid-flight, and status refreshes.
  • Add documentation: note the kill-switch confirmation in README.md.
  • Validate the dialog is keyboard operable (depends on the ConfirmDialog a11y work).
• Test and commit

Test and commit

• Run npm run lint, npm run typecheck, npm test, and npm run build.
• Cover edge cases: toggle while already paused, request failure, and rapid double-click prevention.
• Include the npm test output and a short security note.

Example commit message

fix(security): require confirmation and prevent double-submit on admin pause toggle

Guidelines

• Minimum 95 percent test coverage for the changed page.
• Clear, reviewer-focused documentation.
• Timeframe: 96 hours.

Community & contribution rewards

• 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
• ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.