✔️ Approval Workflows MVP

Scope: Simple approval tracking for our customers' compliance needs Status: Basic evidence collection, not complex routing Target Users: Companies with boards needing approval documentation Reality: Track decisions made elsewhere, don't enforce them

The Only "Workflows" We Need

1. Customer Access Approval

New Customer Request: 1. Sales/Founder evaluates fit
  2. Tech confirms we can support them
  3. Create tenant in Kinde
  4. Send welcome email

Time: Same day (usually 1 hour)

2. Feature Flag Approval

Enable Feature for Customer: 1. Customer requests feature
  2. Check if it's ready (is it tested?)
  3. Toggle flag in Supabase
  4. Notify customer

Time: 15 minutes

3. Critical Security Decision

Security Issue Found: 1. Whoever finds it fixes it
  2. Deploy immediately
  3. Tell team in Slack
  4. Update affected customers

Time: ASAP (drop everything)

What Our CUSTOMERS Need (Not Us)

Board Approval Tracking (Their Process)

interface BoardApproval {
  item: string // "Password Policy Update"
  requester: string // "IT Manager"
  approver: string // "Board" or "CEO"
  status: 'pending' | 'approved' | 'rejected'
  date: Date
  evidence?: string // Link to board minutes
}

// Simple UI for THEM to track THEIR approvals
// We just store it, we don't enforce it

Policy Acknowledgment Flow

1. Admin uploads new policy
2. System notifies affected users
3. Users read and acknowledge
4. Dashboard shows completion %
5. Automated reminder after 7 days

No complex routing - just track who clicked "I Acknowledge"

Implementation in GetCimple

Database Schema

-- For customer's approval tracking (not ours)
CREATE TABLE approval_items (
  id UUID PRIMARY KEY,
  title TEXT NOT NULL,
  description TEXT,
  requester_id UUID REFERENCES users(id),
  approver_role TEXT, -- 'board', 'ceo', 'cfo'
  status TEXT DEFAULT 'pending',
  approved_by UUID REFERENCES users(id),
  approved_at TIMESTAMPTZ,
  tenant_id UUID NOT NULL,
  created_at TIMESTAMPTZ DEFAULT NOW()
);

-- Simple policy acknowledgments
CREATE TABLE policy_acknowledgments (
  id UUID PRIMARY KEY,
  policy_id UUID REFERENCES policies(id),
  user_id UUID REFERENCES users(id),
  acknowledged_at TIMESTAMPTZ DEFAULT NOW(),
  ip_address INET,
  tenant_id UUID NOT NULL,
  UNIQUE(policy_id, user_id)
);

API Endpoints

// For customers to track their approvals
POST   /api/approvals          // Create approval request
PATCH  /api/approvals/:id      // Update status
GET    /api/approvals/pending  // List pending items

// Policy acknowledgments
POST   /api/policies/:id/acknowledge
GET    /api/policies/:id/acknowledgments
GET    /api/policies/pending   // For current user

Simple UI Components

<!-- Approval Status Badge -->
<script>
  export let status;
  const colors = {
    pending: 'yellow',
    approved: 'green',
    rejected: 'red'
  };
</script>

<span class="badge badge-{colors[status]}">
  {status}
</span>

<!-- One-Click Acknowledge -->
<button
  on:click={acknowledgePolicy}
  disabled={acknowledged}
>
  {acknowledged ? '✓ Acknowledged' : 'I Acknowledge'}
</button>

Notifications (Keep It Simple)

Email Templates

Subject: New Policy Requires Acknowledgment

Hi {name},

A new policy "{policy_name}" requires your acknowledgment.

[View and Acknowledge Policy] → One click

This link expires in 30 days.

Dashboard Widgets

┌───────────────────────────────┐
│ Pending Acknowledgments      │
├───────────────────────────────┤
│ • Password Policy (3 days)   │
│ • Remote Work Policy (new)   │
│                               │
│ [Acknowledge All] button      │
└───────────────────────────────┘

What We're NOT Building

Enterprise Theater We Avoid

• Multi-step approval chains
• Role-based routing rules
• Delegation matrices
• Escalation workflows
• SLA tracking
• Complex state machines

Why We Don't Need It

• Our customers have 10-50 employees
• Their board meets monthly
• Decisions are documented, not automated
• They need evidence, not enforcement

Metrics That Matter

For Our Customers

• % Policies acknowledged
• Average time to acknowledge
• Upcoming board items
• Overdue approvals

For Us (Internal)

• Feature adoption rate
• Time to onboard customer
• Support tickets about approvals
• Customer satisfaction

Future Considerations

If Customers Request (Post-MVP)

• Bulk acknowledgment management
• Approval delegation during leave
• Integration with board meeting tools
• Compliance report inclusion

Signs We Need More

• Customers asking repeatedly
• Losing deals due to missing feature
• Clear ROI on complexity
• We have > 1 developer

Implementation Priority

Week 1: Core Storage

• Approval items table
• Basic CRUD API
• Simple list view

Week 2: Acknowledgments

• Policy acknowledgment tracking
• Email notifications
• Dashboard widget

Week 3: Polish

• Better notifications
• Bulk operations
• Basic reporting

The Bottom Line

For Us: No approval workflows - we're 3 people For Customers: Simple tracking of their approvals Focus: Evidence collection, not enforcement Complexity: Add only when revenue justifies it

---

Related Documents:

• Policy Management MVP
• Task Management MVP
• MVP Features List