feat(approval-flow): Slack approval bridge for approvalRequired policy decisions

[henryqingmo]

Summary

• Adds synchronous approval hold to PolicyGateHandler: when a tool call is classified approvalRequired, the gateway holds the HTTP connection open (up to 5 min) instead of returning a pending response immediately
• Implements RedisApprovalBridge using Redis Pub/Sub for event-driven resume signaling, with periodic session lock TTL extension via SessionLocker.Extend()
• Implements SlackClient that sends Block Kit messages (tool details + Approve/Deny buttons carrying the ticket ID) via chat.postMessage
• Adds POST /slack/actions webhook endpoint with HMAC-SHA256 signature verification and 5-minute replay window protection
• Extends TicketStore with an idempotent UpdateStatus() method; decisions are written to Postgres before the Redis resume signal is published
• Adds Slack env var config (SLACK_BOT_TOKEN, SLACK_SIGNING_SECRET, SLACK_CHANNEL) with startup fail-fast validation

Test plan

• Unit tests: RedisApprovalBridge (approve/deny/timeout/channel-close/lock-extend-failure paths)
• Unit tests: SlackWebhookHandler (valid approve, valid deny, bad signature, replay attack, UpdateStatus failure)
• Unit tests: SlackClient (Block Kit payload structure, auth header) and PolicyGateHandler approval path (mock bridge/notifier)
• Integration tests: full approve/deny/timeout flow with real Redis + Postgres, idempotent UpdateStatus
• E2E: Docker Compose stack — HMAC-signed approve/deny via curl /slack/actions, unsigned request → HTTP 400

Spec

Driven by .kiro/specs/approval-flow/ — requirements, design, research, and tasks all in tree.

Depends on: bare-proxy → policy-gate → session-mgmt (all merged to main).

🤖 Generated with Claude Code