feat: add auto approval mode

[Qquanwei]

Task / context

• Mission Control task: FIX openclaw exec command permission #304
• Why: MC monitors the openclaw approval signal and processes it automatically, preventing the process from stalling during the OpenClaw command execution step.

Scope

• backend/app/api
• backend/app/main.py
• backend/app/models/
• backend/app/schemas/
• ...
• frontend/
• ....

Out of scope

Evidence / validation

• make check (or explain what you ran instead)
• E2E (if applicable): <cypress run / screenshots>
• Logs/links:

Screenshots (UI changes)

Desktop	Mobile

Docs impact

• No user/operator docs changes required
• Docs updated: <paths/links>

Risk / rollout notes

• Risk level: low / medium / high
• Rollback plan (if needed):

Checklist

• Branch created from origin/master (no unrelated commits)
• PR is focused (one theme)
• No secrets in code/logs/docs
• If API/behavior changes: docs updated (OpenAPI + docs/reference/api.md)

[Copilot]

Pull request overview

Adds an “auto approval” mode to prevent OpenClaw command execution from stalling on manual approvals by introducing an approval_policy on boards/agents and a backend gateway event listener that can auto-resolve approval requests.

Changes:

• Add approval_policy (JSON) to agents and boards (DB + backend models/schemas), plus UI controls for selecting the default/agent policy.
• Introduce persistent gateway WebSocket listeners to receive exec.approval.* events and auto-resolve approvals when policy is immediate.
• Regenerate the frontend API client/models (orval) and update API reference docs to describe approval_policy.

Reviewed changes

Copilot reviewed 18 out of 271 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
frontend/src/app/boards/new/page.tsx	Adds board creation UI for selecting default approval_policy.mode and submits it to the API.
frontend/src/app/agents/new/page.tsx	Adds agent creation UI for selecting approval_policy.mode and submits it to the API.
frontend/src/app/agents/[agentId]/page.tsx	Displays agent authorization mode in agent detail view.
frontend/src/app/agents/[agentId]/edit/page.tsx	Adds agent edit UI to update approval_policy.mode.
docs/reference/api.md	Documents the new approval_policy behavior and examples.
backend/migrations/versions/47bc9d8e1234_add_approval_policy_to_agents_and_boards.py	Adds nullable JSON approval_policy columns to agents and boards.
backend/app/models/agents.py	Adds approval_policy field, default policy constants, and get_approval_policy() helper.
backend/app/models/boards.py	Adds approval_policy field to the Board model.
backend/app/schemas/agents.py	Exposes approval_policy in agent create/update schemas.
backend/app/schemas/boards.py	Exposes board approval_policy on read/create schemas.
backend/app/services/openclaw/provisioning_db.py	Ensures lead agents get a default approval_policy when missing and on creation.
backend/app/services/openclaw/admin_service.py	Ensures gateway main agent gets a default approval_policy when missing and on creation.
backend/app/services/openclaw/gateway_rpc.py	Adds resolve_approval() RPC wrapper for exec.approval.resolve.
backend/app/services/openclaw/gateway_listener_manager.py	Adds a singleton manager to start/stop per-gateway persistent listeners.
backend/app/services/openclaw/gateway_events.py	Implements the per-gateway WebSocket connection and dispatches approval events to policy logic.
backend/app/services/openclaw/approval_policy.py	Implements policy evaluation + auto-resolve behavior for approval requests.
backend/app/main.py	Starts/stops the gateway listener manager during app lifespan.
backend/app/api/gateways.py	Stops a gateway listener when the gateway is deleted.
frontend/src/api/generated/**	Regenerated API client + models (orval v8.5.3) including new approval policy types and updated imports/ordering.