Add maker-checker approval gate for high-risk actions

[JE-Chen]

Security/governance batch — segregation of duties over high-risk steps. Full layers + tests + EN/Zh v32 docs + README.

Feature (utils/governance, pure-stdlib)

• ApprovalGate: a maker files a request (request → token); a checker — enforced to be a different principal — approve/rejects it; the action proceeds only once is_approved is true. State is an optional shared JSON file so the dispatcher and the human approver run as separate processes. Decided requests cannot be re-decided. Tokens via secrets. SOC2-style four-eyes control.
• Executor: AC_approval_request / AC_approval_approve / AC_approval_reject / AC_approval_status (each takes optional db path). MCP ac_approval_*. Builder under Tools.

Verification

• 9 tests pass (segregation of duties, reject-blocks, re-decide refused, pending list, cross-process persistence, unknown-token safety, executor round-trip, wiring); ruff clean; radon no CC≥C; bandit clean; PySide6-free.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 56 complexity · 0 duplication

Metric	Results
Complexity	56
Duplication	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud