Release 0.7.0

Added

Approval System (PROTOCOL_SPEC §7)

• ApprovalHandler Protocol - Async protocol for pluggable approval handlers with request_approval() and check_approval() methods
• ApprovalRequest / ApprovalResult - Frozen dataclasses carrying invocation context and handler decisions with Literal status typing
• Phase A (synchronous) - Handler blocks until approval decision; denied/timeout raise immediately
• Phase B (asynchronous) - pending status returns _approval_token for async resume via check_approval()
• Built-in handlers - AlwaysDenyHandler (safe default), AutoApproveHandler (testing), CallbackApprovalHandler (custom logic)
• Approval errors - ApprovalError, ApprovalDeniedError, ApprovalTimeoutError, ApprovalPendingError with result, module_id, and reason properties
• Audit events (Level 3) - Dual-channel emission: logging.info() always + span events when tracing is active
• Extension point - approval_handler registered as a built-in extension point in ExtensionManager
• ErrorCodes - Added APPROVAL_DENIED, APPROVAL_TIMEOUT, APPROVAL_PENDING constants

Executor Integration

• Step 4.5 approval gate - Inserted between ACL (Step 4) and input validation (Step 5) in call(), call_async(), and stream()
• Executor.set_approval_handler() - Runtime handler configuration
• Executor.from_registry() - Added approval_handler parameter
• Dict and dataclass annotations - Both ModuleAnnotations and dict-style requires_approval supported
• Unknown status fail-closed - Unrecognized approval statuses treated as denied with warning log

Changed

Structural Alignment

• Approval errors re-exported from apcore.approval for multi-language SDK consistency; canonical definitions remain in errors.py
• ApprovalResult.status typed as Literal["approved", "rejected", "timeout", "pending"] per PROTOCOL_SPEC §7.3.2