Implement human approval queue API (Litestar controller + guards) #37
Description
Context
Implement the human approval queue that allows humans to review, approve, or reject agent-proposed actions. This is a critical safety mechanism where uncertain or high-risk actions are escalated for human judgment.
Flow:
- Agent proposes an action
- SecOps agent reviews the action
- If uncertain or high-risk, the action enters the human approval queue
- Human reviews context and approves or rejects via the REST API
- Action is executed or blocked accordingly
Acceptance Criteria
- Approval queue data model (pending items with full context)
- Litestar controller:
ApprovalControllerwith list, approve, reject, get-details endpoints - Route guards restricting approval actions to authorized human roles (§13.4)
- Each approval item includes: what (action description), why (agent reasoning), who (requesting agent), risk level
- Timeout handling for stale approval items (configurable TTL)
- Notification via WebSocket channel when new items enter the queue
- Approval/rejection audit trail
- Unit tests for approval workflow
Dependencies
- Implement REST API controllers for all core resources (Litestar) #33 — REST API controllers must be implemented
Design Spec Reference
- §12.1 — Human oversight and approval workflows
- §12.4 — Approval timeout policies