Add a renounce_admin path with an explicit two-step guard against accidental lockout

[mikewheeleer]

Implement a guarded admin renounce for finalising a contract

Description

The admin in contracts/escrow/src/lib.rs can only ever be rotated to another address via the two-step propose_admin_transfer / accept_admin_transfer handover — there is no way to renounce admin so the contract becomes immutable (no further price changes, registrations, or pauses). Some operators want to finalise a deployment to credibly signal it will not change. Renouncing is dangerous, so it must be deliberate. This issue adds a guarded renounce that cannot be triggered by a single fat-fingered call.

Requirements and context

• Repository scope: Agentpay-Org/Agentpay-contracts only.
• Add a two-confirmation renounce: e.g. propose_renounce() sets a DataKey::RenouncePending flag, and confirm_renounce() (admin-authed again) removes DataKey::Admin, after which all admin-gated entrypoints panic NotInitialized (#3). Document this is irreversible.
• Emit an admin_rnc event on confirmation so the finalisation is on-chain and auditable; clear any PendingAdmin on renounce.
• Provide cancel_renounce() to clear the pending flag, mirroring cancel_admin_transfer.
• Document the irreversibility loudly and the interaction with pause (recommend the contract be in a known state before renouncing).

Suggested execution

• Fork the repo and create a branch
• git checkout -b feature/contracts-renounce-admin
• Implement changes
  • Write code in: contracts/escrow/src/lib.rs — propose_renounce/confirm_renounce/cancel_renounce, the pending flag, and the event.
  • Write comprehensive tests in: contracts/escrow/src/test.rs — renounce requires both steps, after renounce admin entrypoints panic #3, cancel clears the pending flag, non-admin cannot renounce.
  • Add documentation: document the irreversible renounce flow in README.md.
  • Include NatSpec-style doc comments (///) matching the existing style in lib.rs.
  • Validate security: renounce cannot happen in one accidental call; reads still work after renounce.
• Test and commit

Test and commit

• Run cargo fmt --all -- --check, cargo build, and cargo test.
• Cover edge cases: confirm without propose (rejected), cancel then confirm (rejected), reads work post-renounce, double renounce.
• Include the full cargo test output and a short security notes section in the PR description.

Example commit message

feat: add guarded two-step admin renounce for finalising deployments

Guidelines

• Minimum 95 percent test coverage for impacted modules.
• Clear, reviewer-focused documentation.
• Timeframe: 96 hours.

Community & contribution rewards

• 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
• ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.

[gloskull]

Hello, I have 4 years of experience delivering solutions for projects like this, covering backend, frontend, and smart contract development. After carefully reviewing your requirements, I have a clear understanding of the task and am confident in my ability to deliver a clean, efficient, and thoroughly tested solution on time. I prioritize code quality, maintainability, and industry best practices throughout the development process.
My PR will be submitted in under 10hours.