[FEATURE] Workflow ownership model — --owner flag and owner-gated quality gate approvals

[JoshLuedeman]

Problem It Solves

Closes gap: #175

Any human can approve, block, or complete any workflow. For teams of two or more engineers, this creates conflicting approvals, no accountability trail, and no on-call ownership model.

Proposed Behavior

teamwork start gains --owner flag

teamwork start feature --owner @alice --title "Add payment webhook handler"

The owner field is written to the workflow state file. If --owner is omitted and GITHUB_ACTOR or GH_USER is set in the environment, that value is used as the default owner.

Owner-gated gate approvals

# Run by @bob
teamwork approve wf-042

# Output:
⚠️  Workflow wf-042 is owned by @alice.
    Only the owner can approve quality gates.
    Use --override to force approval (will be logged).

teamwork approve wf-042 --override --reason "Alice is OOO, urgent hotfix"
✓  Gate approved by @bob (override). Reason logged to metrics.

teamwork assign — transfer ownership

teamwork assign wf-042 @bob
✓  wf-042 ownership transferred from @alice to @bob.

Accountability in history

teamwork history wf-042 displays approver identity alongside each gate decision:

Step 3 → approved by @alice (2026-03-27 14:32 UTC)
Step 5 → approved by @bob (override, reason: Alice OOO) (2026-03-27 16:01 UTC)

Implementation notes

• Owner is stored as a string in the state file (GitHub login, no auth verification — convention-based enforcement)
• teamwork validate warns if any active workflow has no owner and multiple people have been active in the repo
• The --override flag logs an approval_override metrics event for auditing

Dependencies

• State schema (internal/state/state.go) gains Owner and ApproverHistory fields
• teamwork approve command gains ownership check and --override flag
• New teamwork assign command
• Metrics gains approval_override event type

Complexity Estimate

Medium — 4 files: state schema extension, approve command update, new assign command, metrics event, tests