Add HMAC auth, user permissions, snake_case rename

Each request is signed with HMAC-SHA256 over timestamp+body using a
per-user secret loaded from a --secrets file (never env vars or git).
Users have a canApprove list controlling who may approve queued actions.
Queue entries track submitted_by for permission checks on approve/deny.

Also renames all identifiers to snake_case throughout the codebase.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

server/queue.mjs

@@ -1,32 +1,32 @@
-// Pending queue — holds actions awaiting user approval.
-
 import { randomUUID } from "crypto";
 
 const pending = new Map();
 
-export function enqueue(action, params) {
+export function enqueue(action, params, submitted_by) {
 	const id = randomUUID();
 	const entry = {
 		id,
 		action,
 		params,
+		submitted_by,
 		status: "pending",
-		createdAt: new Date().toISOString(),
+		created_at: new Date().toISOString(),
 	};
 	pending.set(id, entry);
 	console.log(`\n[QUEUE] New request #${id.slice(0, 8)}`);
-	console.log(`  Action: ${action}`);
-	console.log(`  Params: ${JSON.stringify(params)}`);
+	console.log(`  Action:       ${action}`);
+	console.log(`  Params:       ${JSON.stringify(params)}`);
+	console.log(`  Submitted by: ${submitted_by}`);
 	console.log(`  Approve: POST /queue/${id}/approve`);
 	console.log(`  Deny:    POST /queue/${id}/deny\n`);
 	return id;
 }
 
-export function getEntry(id) {
+export function get_entry(id) {
 	return pending.get(id) ?? null;
 }
 
-export function listPending() {
+export function list_pending() {
 	return [...pending.values()].filter((e) => e.status === "pending");
 }
 
@@ -36,6 +36,6 @@ export function resolve(id, decision) {
 		return null;
 	}
 	entry.status = decision; // "approved" | "denied"
-	entry.resolvedAt = new Date().toISOString();
+	entry.resolved_at = new Date().toISOString();
 	return entry;
 }