[v0.8] Add human approval record for release-candidate gating

[Stahl-G]

Parent: #89

Depends on: #90

Summary

Add a run-scoped human approval record so v0.8 can distinguish release readiness from actual publication authorization.

MABW should not authorize publication by itself. It should record whether required reviewer roles have approved the current release candidate.

Motivation

formal_release_candidate mode should not pass only because workflow, evidence, and package checks pass. It should also require explicit reviewer sign-off.

This matters for briefs involving:

• investment research context;
• legal or policy interpretation;
• institution-branded distribution;
• confidential or internal-use labels;
• external distribution.

Proposed files

src/multi_agent_brief/approval/__init__.py
src/multi_agent_brief/approval/ledger.py
src/multi_agent_brief/approval/contract.py
src/multi_agent_brief/cli/approval_commands.py
tests/test_human_approval_ledger.py

Update:

src/multi_agent_brief/cli/main.py
configs/artifact_contracts.yaml
configs/policy_packs/formal_release_candidate.yaml

CLI

multi-agent-brief approval init --workspace <ws> --mode formal_release_candidate --json
multi-agent-brief approval record --workspace <ws> --role evidence_reviewer --decision approve --reason "checked" --json
multi-agent-brief approval show --workspace <ws> --json
multi-agent-brief approval validate --workspace <ws> --json

Output artifact

output/intermediate/human_approval_ledger.json

Suggested shape:

{
  "schema_version": "multi-agent-brief-human-approval/v1",
  "release_mode": "formal_release_candidate",
  "status": "pending",
  "approvals": [
    {
      "role": "content_owner",
      "status": "pending",
      "required": true,
      "updated_at": "",
      "reason": ""
    },
    {
      "role": "evidence_reviewer",
      "status": "pending",
      "required": true,
      "updated_at": "",
      "reason": ""
    },
    {
      "role": "legal_or_compliance_reviewer",
      "status": "pending",
      "required": false,
      "required_if_claim_categories": ["legal_trade_remedy", "policy_event"],
      "updated_at": "",
      "reason": ""
    }
  ],
  "metadata": {}
}

Allowed approval statuses:

- pending
- approved
- rejected
- not_required

Behavior

• approval init creates role slots for the selected mode.
• approval record updates one role decision and appends an event-log entry.
• The ledger must be JSON-validated.
• release_readiness_report.json should treat missing required approvals as blockers in formal_release_candidate.
• internal_draft does not require this ledger.

Acceptance criteria

• approval init creates the approval ledger artifact.
• approval record can approve or reject a role.
• Decisions append event-log entries.
• approval validate rejects malformed or unknown statuses.
• Formal release candidate mode requires all required approvals.
• Conditional reviewer requirement activates when relevant claim categories exist.
• Release readiness can read this ledger and block if approvals are missing.
• Tests cover init, approve, reject, malformed ledger, missing required role, and conditional role activation.

Non-goals

• No external identity integration.
• No automatic publication.
• No replacement of human reviewer sign-off.
• No approval inference from agent outputs.